Common use of Infrastructure Security Personnel Clause in Contracts

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Services, and responding to security incidents. Access Control and Privilege Management. Customer’s Administrators and End Users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Cloud Services, and responding to security incidents. Access Control and Privilege Management. Customer’s Administrators and End Users administrators must authenticate themselves via a central authentication system or via a single sign on system in order to use administer the Cloud Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design designs its systems to: to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., e.g. credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Services, and responding to security incidents. Access Control and Privilege Management. Customer’s Administrators 's administrators and End Users users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized unauthorised persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorized authorised persons to access data they are authorized authorised to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization authorisation during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorized authorised personnel. LDAP, Kerberos and a proprietary system utilizing utilising SSH certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize minimise the potential for unauthorized unauthorised account use. The granting or modification of access rights is based on: the authorized authorised personnel’s job responsibilities; job duty requirements necessary to perform authorized authorised tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part pa8 of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and responding to security incidents. Access Control and Privilege Management. CustomerPa8ner’s Administrators administrators and End Users users must authenticate themselves via using a central authentication system or via a single sign sign- on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized unauthorised persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorized authorised persons to access data they are authorized authorised to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization authorisation during processing, use and after ▇▇▇▇ recording. The systems are designed to detect any inappropriate access. Google employs a centralized centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorized authorised personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates utilising digital ce8iYcates are designed to provide Google with secure and flexible Kexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration conYguration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize minimise the potential for unauthorized unauthorised account use. The granting or modification modiYcation of access rights is based on: the authorized authorised personnel’s job responsibilities; job duty requirements necessary to perform authorized peZorm authorised tasks; and a need to know basis. The granting or modification modiYcation of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow workKow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g.for example, login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient suocient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Services, and responding to security incidents. Access Control and Privilege Management. Customer’s Administrators 's administrators and End Users users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized unauthorised persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorized authorised persons to access data they are authorized authorised to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization authorisation during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorized authorised personnel. LDAP, Kerberos and a proprietary system utilizing utilising SSH certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize minimise the potential for unauthorized unauthorised account use. The granting or modification of access rights is based on: the authorized authorised personnel’s job responsibilities; job duty requirements necessary to perform authorized authorised tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Google’s 's infrastructure security personnel are responsible for the ongoing monitoring of Google’s 's security infrastructure, the review of the Services, and responding to security incidents. Access Control and Privilege Management. Customer’s Administrators and End Users Partner's administrators must authenticate themselves via a central authentication system or via a single sign on system in order to use the Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s 's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design designs its systems to: to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s 's job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s 's internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., e.g. credit card data), Google uses hardware tokens.