Common use of Security Policies and Procedures Clause in Contracts

Security Policies and Procedures. The Domestic Companies shall take reasonable steps and adopt an internal compliance process designed to prevent Security Incidents by the Companies, their Personnel, and any third party person or entity, including any foreign government, with respect to any of the Domestic Companies' products or services; such process shall include training and annual certification procedures. In the absence of prior approval by the USG Parties, the Companies shall not authorize any person or entity to take any action that, in the absence of such authorization, would constitute a Security Incident unless such authorization is consistent with this Agreement and with the normal course of the Companies' business. The Domestic Companies also will maintain or exceed security standards and best practices utilized within the U.S. telecommunications industry and will consult with the USG Parties and other appropriate U.S. Government agencies on steps to maintain or exceed such standards and practices. The Domestic Companies shall take measures consistent with such practices to prevent the use of or access to the Domestic Communications Infrastructure or to Data Centers to conduct Lawfully Authorized Electronic Surveillance, or to obtain or disclose Domestic Communications, U.S. Hosting Data, Classified Information, or Sensitive Information, in violation of any U.S. federal, state, or local laws, or the terms of this Agreement. These measures shall include maintenance of all existing Domestic Companies’ security policies and procedures, and shall include provisions consistent with industry best practices for: maintenance of password systems, non-destructive access logs, including in particular, logs regarding any access to a capability to conduct electronic surveillance, and non-destructive audit logs; periodic internal network security audits; periodic switch audits to discover unauthorized “Free Line Service” accounts; physical security for access to Domestic Communications Infrastructure; and ensuring the placement of firewalls and associated security levels.