Operations Security. 7.1. Changes to production environments are controlled in line with ▇▇▇▇ & ▇▇▇▇▇▇’▇ IT Change Management Policy. 7.2. Malware detection, prevention, and recovery controls to protect against are in place via a next generation anti-malware solution. 7.3. A comprehensive patch management process is in place. Patches and security updates are deployed monthly, or more frequently if a significant security risk is identified. Patch management is subject to IT Change Control and the IT Change Management Process. 7.4. A technical vulnerability management programme is in place including an ongoing programme of remediation. Vulnerabilities are identified via internal and external infrastructure scans, quarterly PCI-DSS ASV scans and penetration tests. 7.5. A comprehensive annual penetration test programme is in place, carried out by CREST accredited independent penetration testers.
Appears in 3 contracts
Sources: Data Protection Schedule, Data Protection Schedule, Data Protection Schedule
Operations Security. 7.1. Changes to production environments are controlled in line with ▇▇▇▇ & ▇▇▇▇▇▇’▇ IT Change Management Policy.
7.2. Malware detection, prevention, and recovery controls to protect against are in place via a next generation anti-malware solution.
7.3. A comprehensive patch management process is in place. Patches and security updates are deployed monthly, or more frequently if a significant security risk is identified. Patch management is subject to IT Change Control change control and the IT Change Management ProcessPolicy.
7.4. A technical vulnerability management programme is in place including an ongoing programme of remediation. Vulnerabilities are identified via internal and external infrastructure scans, quarterly PCI-DSS ASV scans and penetration tests.
7.5. A comprehensive annual penetration test programme is in place, carried out by CREST accredited independent penetration testers. This covers all R&M’s critical infrastructure.
Appears in 2 contracts