Security Standards and Controls. (a) Administrator will establish, maintain and periodically review (no less frequently than annually): (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of Confidential Information; and (ii) appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all Applicable Laws relating to personal information security. (b) Policies designed to protect the privacy of individuals will, where practical, be embedded into the design, and specifications of Administrator’s technologies, business practices, and physical infrastructures using industry standard practices designed to minimize privacy risks to individuals (commonly referred to as “privacy by design”). (c) Without limiting the generality of the foregoing, Administrator will implement and maintain the following information security controls: (i) privileged access rights will be restricted and controlled; (ii) an inventory of assets relevant to the lifecycle of information will be maintained; (iii) network security controls will include, at a minimum, firewall and IDS services; (iv) detection, prevention and recovery controls to protect against malware will be implemented; (v) information about technical vulnerabilities of Administrator’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) detailed event logs recording user activities, access attempts and information security events will be retained and regularly reviewed, if produced; (vii) development, testing, and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment; and (viii) within a cloud environment, the network will be segregated so that data including Confidential Information is separated from all other customers’ data using perimeter security mechanisms such as firewalls.
Appears in 2 contracts
Sources: Reinsurance Agreement (Select Life Variable Account), Reinsurance Agreement (Select Life Variable Account)