Measures for internal IT and IT security governance and management Clause Samples
POPULAR SAMPLE Copied 12 times
Measures for internal IT and IT security governance and management. Maintenance of a written, proportionally comprehensive information security program consistent with applicable industry standards that includes: • Information security policies, • Access management, • Change management, • Secure System Development Lifecycle (SSDLC), • Physical and environmental security, • Incident response plans and procedures, • Vulnerability management, • Patch management, • Business continuity/Disaster Recovery plans, • Continuous monitoring, • Asset criticality and data classification, • Data retention and destruction policies, • Third party and software supply chain security, • Hiring policies, • Employment termination policies, • Security awareness, • Privacy policies, and • Data security procedures. • Implementation of a risk management program to help address security vulnerabilities, and deploy security patches within a commercially reasonable timeframe; • Identification and assessment of reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing Subscriber Data and evaluation and implementation of improvements, where necessary, of the effectiveness of the current safeguards for limiting such risks; • Annual employee security and privacy awareness training; • Written agreements with Domo sub-processors who have access to Subscriber Data;
Measures for internal IT and IT security governance and management. Data importer has a dedicated Security Committee responsible for overseeing IT security. This Committee holds weekly meetings. 11. Opatření pro interní a bezpečnostní správu a řízení IT: Dovozce údajů má specializovaný bezpečnostní výbor odpovědný za dohled nad bezpečností IT. Tento výbor pořádá týdenní schůzky.
Measures for internal IT and IT security governance and management. Octai has internal information security policies and procedures communicated to all employees upon hire and annually thereafter. Information Security training is provided to employees to ensure they are aware of their responsibilities. The Information Security function reports to the Legal department, which is authorized by senior leadership to establish, implement, and manage Octai's Information Security Program.
Measures for internal IT and IT security governance and management. ○ L▇▇▇▇ has outsourced IT security for implementing and monitoring security measures. ○ L▇▇▇▇ has developed and enforced IT security policies and procedures including cybersecurity
Measures for internal IT and IT security governance and management a) Anti-virus software and a firewall are installed on servers and clients to help avoid malicious software gaining unauthorised access to systems.
b) An intrusion detection system is implemented.
c) A formalized procedure for handling security incidents is in place.
d) Remote access by external parties is monitored.
e) IT hardware and software are checked at predefined intervals to assess whether they need to be updated or replaced for security reasons.
Measures for internal IT and IT security governance and management. An IT Security framework has been developed. In compliance with this framework:
a. Processor assesses IT security risks on a regular basis.
b. All IT assets are formally inventoried, updated or patched regularly to mitigate security vulnerabilities and protected against attacks through appropriate anti-virus / anti-malware software and other threat detection tools.
c. All user accounts, access rights and permissions are formally controlled.
Measures for internal IT and IT security governance and management. Pleo maintains a risk-based assessment security program. The framework for Pleo’s security program includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the Services and confidentiality, integrity, and availability of Customer Data. ▇▇▇▇’s security program is intended to be appropriate to the nature of the Services and the size and complexity of Pleo’s business operations. Security is managed at the highest levels of the company, with the DPO and Information Security Manager meeting with the Chief Technology Officer regularly to discuss issues and coordinate security initiatives. Information security policies and standards are reviewed and approved by management at least annually and are made available to all Pleo employees for their reference.
Measures for internal IT and IT security governance and management. An IT Security framework has been developed. In compliance with this framework:
a. Processor assesses IT security risks on a regular basis.
b. All IT assets are formally inventoried, updated or patched regularly to mitigate security vulnerabilities and protected against attacks through appropriate anti-virus / anti-malware software and other threat detection tools.
c. All user accounts, access rights and permissions are formally controlled.
d. User activities and critical IT system operations are logged in order to enable investigation as and when required.
e. Appropriate capabilities are in place to support business activities in the situation of a disaster or a major disruption of IT systems.
f. Backup systems and processes to restore backups are in place in order to ensure retrieval of information in case of accidental data loss.
g. All network related traffic between Processor’s systems and the internet is controlled.
h. An IT Security Incident Management Procedure is in place and is taught to all employees to ensure staff knows how to react in such an event.
i. Processor counts on a dedicated IT Security Officer reporting to the Compliance Officer for the management of the IT Security framework.
j. Processor staff is bound by strict confidentiality obligations and prevented from sharing any business-related information (including personal data) with unauthorised recipients. The need- to-know principle governs the exchange of information within the company to ensure that confidential information is restrictedly disseminated.
Measures for internal IT and IT security governance and management. The Motorola Solutions Enterprise Information Security organization is structured as follows: Governance/ Risk/ Compliance, Threat Intelligence & Vulnerability Management, Detection, Protection, and Response. Motorola assesses organization’s effectiveness annually via external assessors who report and share the assessment findings with Motorola Audit Services who tracks any identified remediations. For more information, please see the Motorola Trust Center at MSI Trust Center Motorola performs internal Secure Application Review and Secure Design Review security audits and Production Readiness Review security readiness reviews prior to service release. Where appropriate, privacy assessments are performed for Motorola's products and services. A risk register is created as a result of internal audits with assignments tasked to appropriate personnel. Security audits are performed annually with additional audits as needed. Additional privacy assessments, including updated data maps, occur when material changes are made to the products or services. Further, Motorola Solution has achieved AICPA SOC2 Type 2 reporting and ISO/IEC 27001:2013 certification for many of its development and support operations. Motorola Solutions policies require processing of all personal information in accordance with applicable law, including when that law requires data minimisation. Further, Motorola Solutions conducts privacy assessments of its products and services and evaluates if those products and services support the principles of processing, such as data minimisation, as set forth in Article 5 of the GDPR.
Measures for internal IT and IT security governance and management. ConnectWise maintains a risk-based assessment security program. The framework for ConnectWise’s security program includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the Offerings and confidentiality, integrity, and availability of Customer Data. ConnectWise’s security program is intended to be appropriate to the nature of the Offerings and the size and complexity of ConnectWise’s business operations. ConnectWise has a separate and dedicated Information Security team that manages ConnectWise’s security program. This team facilitates and supports independent audits and assessments performed by third parties. ConnectWise’s security framework is based on the ISO 27001 Information Security Management System and includes programs covering: Policies and Procedures, Asset Management, Access Management, Cryptography, Physical Security, Operations Security, Communications Security, Business Continuity Security, People Security, Product Security, Cloud and Network Infrastructure Security,