Common use of Response controls Clause in Contracts

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to Expel’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk. Expel shall, to the extent it has control over any electronic transmission, transfer or storage of personal data, take all reasonable steps to ensure that such data cannot be read, copied, altered or removed without proper authority during its transmission, transfer or storage. In particular, Expel shall:

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to Expelthe Vendor’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk. Expel Vendor shall, to the extent it has control over any electronic transmission, transfer or storage of personal data, take all reasonable steps to ensure that such data cannot be read, copied, altered or removed without proper authority during its transmission, transfer or storage. In particular, Expel Vendor shall: