Logical Access. (i) appropriate mechanisms for user authentication and authorization in accordance with a “least privilege” policy; (ii) controls and auditable logs to enforce and maintain rigorous access restrictions for employees, and subcontractors, including encryption of data transmission and encrypted data during remote access sessions; (iii) timely and accurate administration of user account and authentication management; (iv) processes to ensure assignment of unique IDs to each person with computer access; (v) processes to ensure Upflex-supplied defaults for passwords and security parameters are appropriately managed (e.g., changed periodically etc.); (vi) mechanisms to track and log all access to Client Data by unique ID; (vii) mechanisms to encrypt or hash all passwords or otherwise ensure all passwords are not stored unsecured in clear text; and (viii) processes to immediately revoke accesses of inactive accounts or terminated/transferred users.
Appears in 1 contract
Sources: Data Privacy, Data Protection and Security Requirements
Logical Access. (i) appropriate mechanisms for user authentication and authorization in accordance with a “least privilege” policy;
(ii) controls and auditable logs to enforce and maintain rigorous access restrictions for employees, and subcontractors, including encryption of data transmission and encrypted data during remote access sessions;
(iii) timely and accurate administration of user account and authentication management;
(iv) processes to ensure assignment of unique IDs to each person with computer access;
(v) processes to ensure Upflex-supplied defaults for passwords and security parameters are appropriately managed (e.g., changed periodically etc.);
(vi) mechanisms to track and log all access to Client Data by unique ID;
(vii) mechanisms to encrypt or hash all passwords or otherwise ensure all passwords are not stored unsecured in clear text; and
(viii) processes to immediately revoke accesses of inactive accounts or terminated/transferred users.
Appears in 1 contract
Sources: Data Privacy, Data Protection and Security Requirements