Common use of Technical Security Measures Clause in Contracts

Technical Security Measures. Supplier shall throughout its Processing of Everest Group Personal Data: 3.1. perform vulnerability scanning and assessments on applications and infrastructure used to Process Everest Group Personal Data. 3.2. secure its computer networks using multiple layers of access controls to protect against unauthorized access. 3.3. restrict access through mechanisms such as, but not limited to, management approvals, robust controls, logging, and monitoring access events and subsequent audits. 3.4. identify computer systems and applications that warrant security event monitoring and logging, and reasonably maintain and analyze log files. 3.5. use up-to-date, industry standard, commercial virus/malware scanning software that identifies malicious code on all of its systems that Process Everest Group Personal Data. 3.6. encrypt Everest Group Personal Data in transit. 3.7. encrypt Everest Group Personal Data at rest and solely manage and secure all encryption keys (i.e., no other third party shall have access to these encryption keys, including Sub-processors). 3.8. pseudonymizes personal data only in accordance with Everest Group’s instructions. 3.9. ensures data minimisation in accordance with its instructions from Everest Group, data privacy policies and industry standards.