Logical Access Control Clause Samples

Logical Access Control. Logical access control procedures are in place, designed to prevent or mitigate the threat of unauthorized application access and data loss in corporate and production environments. Employees are granted minimum (or “least privilege”) access to specified Genesys systems, applications, networks, and devices as needed. Further, user privileges are segregated based on functional role and environment. Administrative controls set or restrict agent/user access to certain actions, setup areas, departments and folders. The Genesys operational system is only accessible with an authorized username (or email) and password combination. Usernames (and emails) must be unique throughout the entire Genesys system, and minimum password length and complexity requirements are enforced. Enhanced password controls, including initial login reset, rotation, aging, non-reuse and incorrect password lockout, are available to administrators in the user configuration settings. Single Sign On (SSO) integration is available to Enterprise subscribers using ▇▇▇▇ 2.0-compliant user management systems. User logins to Genesys are logged and reported within the application. Access to these reports can be restricted using permission settings.

Logical Access Control. The goal of logical access control is to prevent unauthorized persons from using data processing systems that process and use personal data. Data terminals (PC, servers, network components) are accessed by means of authorization and authentication in all systems. Access control regulations include the following measures: • Passwords (lower and upper case letters, special characters, numbers, minimum 8 characters, changed regularly, password history) • Company ID with PKI encryption (two-stage security) • Role-based rights are tied to access ID (classified according to administrator, user, etc.) • Screen lock with password activation in user’s absence • Encryption of data storage devices while in transit (including notebook hard drives) • Use of firewalls and antivirus software including regular security updates and patches.

Logical Access Control. Logical access controls provide a technical means to control user access to information and system resources. They control what information users can access, the programs they can run, and the modifications they can make. Entity must comply with the following logical access controls: a. The identity of the user must be established before access to DPS data is granted. b. Users will have access only to data to which they are entitled (the principle of least privilege will be enforced). c. Entity information systems processing DPS data will automatically disconnect or otherwise deny access to a user after three failed logon attempts. d. Entity information systems processing DPS data will initiate a session lock or termination after a maximum of 30 minutes of inactivity and require the user to reauthenticate to regain access.

Logical Access Control. No unauthorized access to data processing systems is granted. Access to our electronic data pro- cessing systems through external interfaces is firewall protected. Sensitive services, which must not be accessible publicly, are protected through a VPN. Publicly accessible systems, such as email and internet access are isolated from other services through appropriate segmentation. HWD operates diverse, depending on the security classification, in part physically separated networks. All systems are password-protected and only allow user-specific access. Group access is not implemented. In addition to strong password requirements on the basis of internal password guidelines, a 2-factor-authentica- tion system is used for authentication on sensitive systems of HWD. HWD’s password policy, besides defining password complexity requirements, also includes additional framework parameters, such as the mandatory password resetting within defined terms, as well as prohibiting reuse of the same password. Access privileges to customer equipment are handled in detail according to specific customer instruc- tion and based on the services provided by HWD. According to HWD internal policies, depending on system type and classification, failed login attempts are responded to in different appropriate manners. Along with temporary access blocking, dynamic addition of network blocking, or permanent access removal, also logging and alerting takes place.

Logical Access Control. Authorised user names and individual passwords for accessing data processing systems.

Logical Access Control. Unauthorised persons shall be denied access to data processing equipment with which personal data are processed or used. Userlane GmbH ▇▇▇▇▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇ Registry: HRB ▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇ Board of Directors: ▇▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇ ▇▇▇▇▇▇▇ Document Owner: Contact: ▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇ Date of last modification: 19th May 2021 Page: 8 of 16 It is ensured that personal data in the company is not freely accessible in visitor areas. A password manager is used in the company. The following password manager is used: The used password manager offers sufficient access control and encrypted storage.

Logical Access Control. The Contractor takes in particular the following measures to prevent data processing systems from being used without authorization: For User identification and authentication: User ID, password procedures incl. password complexity requirements, reset of generated initial password on first use, periodic change of password, password history controls and automatic blocking (e.g. password request or timeout). A Quentry User session expires automatically after a period of inactivity. The Quentry system is hosted on Amazon Web Services (AWS). The Contractor uses the AWS Identity and Access Management to ensure that only specifically appointed and authorized employees of the Contractor have access to the Quentry system for support and maintenance. All Users with elevated access rights will be required to use AWS Multi-Factor Authentication. On network level the AWS Security Groups (firewall) are configured to restrict administrative access to the Quentry system only to inbound connections from the secured network of the Contractor. AWS is utilized for User authentication (storage of User name and password). The network connection from the Quentry system to the AWS system is encrypted via SSL. The passwords are stored encrypted.

Logical Access Control i. Enom requires that its employees and contractors secure computers and data while unattended. ii. Enom uses industry-standard practices to identify and authenticate users accessing its information systems and monitors connections for abuse or unauthorized uses. When authentication is based on passwords, Enom follows industry-standard practices for password handling and management, including length and complexity requirements. Personnel are prohibited from sharing passwords. Enom follows industry-standard practices to deactivate passwords or accounts that have been corrupted or inadvertently disclosed. iii. Enom monitors attempts to gain unauthorized access to its systems and services. Enom users industry standard practices to maintain the confidentiality and integrity of passwords when they are assigned, distributed and stored.

Logical Access Control. IBM will: