Common use of Logical Security Clause in Contracts

Logical Security. Supplier shall follow industry best practices and take the additional precautions below with respect to the logical security of Secure Information in its possession. i. As applicable, Supplier shall ensure any Information Technology System automatically locks or logs out when left unattended. ii. Information Technology Systems shall be segregated as necessary and protected by a physical firewall with all ports blocked except those needed for specific Supplier applications, and Supplier shall take such other measures as are reasonable in light of the Secure Information to which it has access. Such additional measures may include, and Syntax, in its sole discretion, may require: virus and malware scanning, intrusion detection and prevention technologies, managed secure patching practices, third party vulnerability testing, and virtual private networking or multi-factor authentication schemes. iii. Information Technology Systems must be protected by and may only be accessed using Strong Authentication systems. iv. Supplier shall encrypt Secure Information stored on any Information Technology System using Strong Encryption methods. If Supplier transfers any Secure Information via the internet or any untrusted network, it shall encrypt the Secure Information using Strong Encryption methods while in transit. v. Supplier shall use cryptographic and hashing algorithm types, strength, and key management processes consistent with industry best practices. vi. Supplier shall centrally manage access to any Information Technology System and implement an appropriate set of procedures for authorizing logical access to Secure Information that ensures access is appropriate according to the business function of Supplier personnel. vii. As applicable, access to Information Technology Systems must be monitored, recorded, and controlled to a reasonable standard.

Logical Security. Supplier shall follow industry best practices and take the additional precautions below with respect to the logical security of Secure Information in its possession. i. As applicable, Supplier shall ensure any Information Technology System automatically locks or logs out when left unattended. ii. Information Technology Systems shall be segregated as necessary and protected by a physical firewall with all ports blocked except those needed for specific Supplier applications, and Supplier shall take such other measures as are reasonable in light of the Secure Information to which it has access. Such additional measures may include, and SyntaxRackspace, in its sole discretion, may require: virus and malware scanning, intrusion detection and prevention technologies, managed secure patching practices, third party vulnerability testing, and virtual private networking or multi-factor authentication schemes. iii. Information Technology Systems must be protected by and may only be accessed using Strong Authentication systems. iv. Supplier shall encrypt Secure Information stored on any Information Technology System using Strong Encryption methods. If Supplier transfers any Secure Information via the internet or any untrusted network, it shall encrypt the Secure Information using Strong Encryption methods while in transit. v. Supplier shall use cryptographic and hashing algorithm types, strength, and key management processes consistent with industry best practices. vi. Supplier shall centrally manage access to any Information Technology System and implement an appropriate set of procedures for authorizing logical access to Secure Information that ensures access is appropriate according to the business function of Supplier personnel. vii. As applicable, access to Information Technology Systems must be monitored, recorded, and controlled to a reasonable standard.