END USER DEVICES Sample Clauses

The 'End User Devices' clause defines the rules and requirements governing the use of devices, such as computers, smartphones, or tablets, by end users to access a service or software. It typically outlines which types of devices are permitted, any security or configuration standards that must be met, and may specify responsibilities for maintaining device security or software updates. This clause ensures that only authorized and properly secured devices are used, thereby reducing security risks and maintaining the integrity of the service or system.
END USER DEVICES. 2.1 The Contractor shall ensure that any Authority which resides on a mobile, removable or physically uncontrolled device is stored encrypted using a product or system component which has been formally assured through a recognised certification process agreed with the Authority except where the Authority has given its prior written consent to an alternative arrangement. 2.2 The Contractor shall ensure that any device which is used to Process Authority Data meets all of the security requirements set out in the NCSC End User Devices Platform Security Guidance, a copy of which can be found at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/guidance/end-user- device-security.
View SourceView Similar (10)
END USER DEVICES a) Laptops and desktops used by Supplier personnel that may come into contact with Juniper Data must meet the following requirements: i. Full-disk encryption must be implemented. b) Smartphones and Tablets must not be allowed to access, process, or store Juniper Data. Juniper Networks Data Protection Agreement 03182020 10
View SourceView Similar (4)
END USER DEVICES. When invited to join an Enterprise Account, a user can join an Enterprise Account by downloading Lookout Security for Work application to become an End User of the Enterprise Account.
View SourceView Similar (3)
END USER DEVICES. The Provider must manage, and must ensure that all Sub-Contractors manage, all end-user devices used by the Provider on which HSE Data is Processed in accordance the following requirements: the operating system and any applications that Process or have access to HSE Data must be in current support by the vendor, or the relevant community in the case of open source operating systems or applications; users must authenticate before gaining access; all HSE Data must be encrypted using an encryption tool agreed to by HSE; the end-user device must lock and require any user to re-authenticate after a period of time that is proportionate to the risk environment, during which the end-user device is inactive; the end-user device must be managed in a way that allows for the application of technical policies and controls over applications that have access to HSE Data; the Suppler or Sub-Contractor, as applicable, can, without physical access to the end-user device, remove or make inaccessible all HSE Data on the device and prevent any user or group of users from accessing the device; and all end-user devices are within in the scope of any current Cyber Essentials Plus certificate held by the Provider, or any ISO/IEC 27001 (at least ISO/IEC 27001:2013) certification issued by a UKAS-approved certification body, where the scope of that certification includes the Services. The Provider must comply, and ensure that all Sub-Contractors comply, with the recommendations in NCSC Device Guidance, as updated, amended or replaced from time to time, as if those recommendations were incorporated as specific obligations under this Agreement. Where there any conflict between the requirements of this Schedule and the requirements of the NCSC Device Guidance, the requirements of this Schedule will take precedence.
View SourceView Similar (3)
END USER DEVICES. The Supplier must, and must ensure that all Sub-contractors, manage all End-User Devices on which Government Data is stored or Handled in accordance with the following requirements:
View SourceView Similar (2)
END USER DEVICES. 2.1 When Government Data resides on a mobile, removable or physically uncontrolled device it must be stored encrypted using a product or system component which has been formally assured through a recognised certification process of the National Cyber Security Centre (“NCSC”) to at least Foundation Grade, for example, under the NCSC Commercial Product Assurance scheme ("CPA"). 2.2 Devices used to access or manage Government Data and services must be under the management authority of Buyer or Supplier and have a minimum set of security policy configuration enforced. These devices must be placed into a ‘known good’ state prior to being provisioned into the management authority of the Buyer. Unless otherwise agreed with the Buyer in writing, all Supplier devices are expected to meet the set of security requirements set out in the End User Devices Security Guidance (▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/guidance/end- user-device-security). Where the guidance highlights shortcomings in a particular platform the Supplier may wish to use, then these should be discussed with the Buyer and a joint decision shall be taken on whether the residual risks are acceptable. Where the Supplier wishes to deviate from the NCSC guidance, then this should be agreed in writing on a case by case basis with the Buyer.
View SourceView Similar (2)
END USER DEVICES. 5.1 The Supplier shall manage, and shall ensure that all Sub-contractors manage, all end- user devices used by the Supplier on which Authority Data is Processed in accordance with the following requirements: (a) the operating system and any applications that Process or have access to Authority Data must be in current support by the vendor, or the relevant community in the case of Open Source operating systems or applications; (b) users must authenticate before gaining access; (c) all Authority Data must be encrypted using an encryption tool agreed to by the Authority; (d) the end-user device must lock and require any user to re-authenticate after a period of time that is proportionate to the risk environment, during which the end-user device is inactive; (e) the end-user device must be managed in a way that allows for the application of technical policies and controls over applications that have access to Authority Data; (f) the Suppler or Sub-contractor, as applicable, can, without physical access to the end-user device, remove or make inaccessible all Authority Data on the device and prevent any user or group of users from accessing the device; (g) all end-user devices are within in the scope of any current Cyber Essentials Plus certificate held by the Supplier, or any ISO/IEC 27001 or later (at least ISO/IEC 27001:2013) certification issued by a UKAS-approved certification body, where the scope of that certification includes the Services. 5.2 The Supplier shall comply, and ensure that all Sub-contractors comply, with the recommendations in NCSC Device Guidance and Authority Technical Security Guidance, as updated, amended or replaced from time to time, as if those recommendations were incorporated as specific obligations under this Agreement. 5.3 Where there any conflict between the requirements of this Error! Reference source not found. and the requirements of the NCSC Device Guidance, the requirements of this Schedule 6 takes precedence.
View SourceView Similar (2)
END USER DEVICES. 2.1 The Supplier shall manage, and shall ensure that all Sub-Contractors manage, all end- user devices used by the Supplier on which Authority Data is Processed in accordance the following requirements: (a) the operating system and any applications that Process or have access to Authority Data must be in current support by the vendor, or the relevant community in the case of Open Source operating systems or applications; (b) users must authenticate before gaining access; (c) all Authority Data is encrypted using an encryption tool agreed by the Authority; (d) the end-user device must lock and require any user to re-authenticate after a period of time that is proportionate to the risk environment, during which the end-user device is inactive; (e) the end-user device must be managed in a way that allows for the application of technical policies and controls over applications that have access to Authority Data; (f) the Suppler or Sub-Contractor, as applicable, can, without physical access to the end-user device, remove or make inaccessible all Authority Data on the device and prevent any user or group of users from accessing the device; (g) all end-user devices are within in the scope of any current Cyber Essentials Plus certificate held by the Supplier, or any prevailing ISO/IEC 27001 certification issued by a UKAS-approved certification body, where the scope of that certification includes the Services. 2.2 The Supplier shall comply, and ensure that all Sub-Contractors comply, with the recommendations in NCSC Device Guidance and prevailing Authority Technical Security Guidance, as updated, amended or replaced from time to time, as if those recommendations were incorporated as specific obligations under the Contract. 2.3 Where there any conflict between the requirements of this Error! Reference source not found. and the requirements of the NCSC Device Guidance and/or the Authority’s Technical Security Guidance, the requirements of this Schedule 6 takes precedence.
View SourceView Similar (2)
END USER DEVICES. 1When Government Data resides on a mobile, removable or physically uncontrolled device it must be stored encrypted using a product or system component which has been formally assured through a recognised certification process of the National Cyber Security Centre (“NCSC”) to at least Foundation Grade, for example, under the NCSC Commercial Product Assurance scheme ("CPA").
View SourceView Similar (2)
END USER DEVICES. 2.1 The Contractor shall ensure that any Authority which resides on a mobile, removable or physically uncontrolled device is stored encrypted using industry standard encryption. . .
View Source