Technical Controls. Institute Members shall maintain computer security by using technical safeguards that are adequate to protect the information contained in electronic or physical media files. For example, strong authentication protocols for system access, access control lists forcing limitation of access based on roles, and automated audit trails to enable system security personnel to trace any additions or changes back to whoever initiated them, and to indicate where and when the change was carried out. Other recommended technical controls can include (without limitation) disabling USB drives, printers, logging who accesses confidential information, when it was accessed, what activities were performed; installing tracking software and/or mobile device management software; vetting third-parties for data security capabilities.
Appears in 3 contracts