Information Systems Acquisition Development and Maintenance Clause Samples

Information Systems Acquisition Development and Maintenance. Security of System Files. To protect City Information Processing Systems and system files containing information, Service Provider will ensure that access to source code is restricted to authorized users whose specific job function necessitates such access.

Information Systems Acquisition Development and Maintenance. 8.1. The Manufacturer must implement appropriate procedures to validate input data and to detect data corruption. 8.2. The Manufacturer must implement and update baseline security configurations for its Information Systems in accordance with industry best practices. 8.3. The Manufacturer must maintain written documentation of its ownership of all software licenses, master disks and manuals used to support the Services. The Manufacturer must take all commercially reasonable steps to ensure that all software used to support the Services is kept up to date (at least N-1) and is supported by the software vendor. 8.4. The Manufacturer must ensure that no Altria Data containing Highly Confidential, Personal Information or Ultra Trade Secret Information is stored in a non-production environment.

Information Systems Acquisition Development and Maintenance. ● Product features are managed through a formalized product management process. Security requirements are discussed and formulated during scoping and design discussions. ● ▇▇▇▇▇▇▇ maintains a QA Department dedicated to reviewing and testing application functionality and stability. ● Application source code is stored in a central repository. Access to source code is limited to authorized individuals. ● Changes to MaxMind software are tested before production deployment. Deployment processes include unit testing at the source environment, as well as integration and functional testing within a test environment prior to implementation in production.

Information Systems Acquisition Development and Maintenance. 9.1 Access Control to Program Source Code Access to Oracle source code is provided on a strict “Need to know” basis to those who require it for an authorized business purpose.

Information Systems Acquisition Development and Maintenance. 9.1 NOT USED 9.2 The Contractor shall perform monitoring, security information and event correlation of: 9.2.1 the Service Audit Trails and Security Audit Trails; 9.2.2 Security Logs from all devices used in connection with the provision of the Services; and

Information Systems Acquisition Development and Maintenance. ● Product features are managed through a formalized product management process. Security requirements are discussed and formulated during scoping and design discussions. ● ▇▇▇▇▇▇▇ maintains a QA Department dedicated to reviewing and testing application functionality and stability. ● Application source code is stored in a central repository. Access to source code is limited to authorized individuals. ● Changes to MaxMind software are tested before production deployment. Deployment processes include unit testing at the source environment, as well as integration and functional testing within a test environment prior to implementation in production. ● Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to MaxMind technology and information assets. ● Vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code. ● Formal Vendor Management program, including vendor security reviews for critical vendors to ensure compliance with MaxMind Information Security Policies.

Information Systems Acquisition Development and Maintenance. ‌ The Bourse will: (i) evaluate new equipment for known vulnerabilities prior to installation if such new equipment is used directly or indirectly in the performance of LOPR; (ii) secure the new equipment at installation time by changing default support passwords, disabling or removing any unused services, and applying any applicable security patches; comply with defined security controls, testing and backup required for any Bourse- developed support tools to be run in the AP’s environment;‌ (iii) maintain all code related to support tools developed for the AP only within the AP’s environment and only following the industry best practices; (iv) employ industry best practices for secure code development when developing code on the AP’s behalf, which is to include a code review for security vulnerabilities when developing code on the AP’s behalf; (v) successfully test all system changes before implementation, with all software testing provided for use with outsourcing arrangement will be fully tested to an agreed standard;‌ (vi) manage software tests within a structured testing regime which includes as a minimum: functional testing, integration testing, security testing, performance testing, acceptance testing, independent testing, and regression testing of system software version compatibility; (vii) maintain procedures to ensure the proper certification and acceptance of products after testing and such software certification will include as a minimum: customer acceptance, design authority acceptance, test certification, and customer handover procedures; (viii) demonstrate that its testing regime is able to adequately manage test data; and (ix) not use Confidential Information for testing purposes.

Information Systems Acquisition Development and Maintenance. 9.1. Continuous Monitoring - Information resources will be used to identify and maintain awareness of relevant technical vulnerabilities. 9.2. Periodic Maintenance - WFS will schedule, perform, and document routine preventative maintenance on the components of the information system in accordance with manufacturer or vendor specifications and/or agreed to Customer requirements.

Information Systems Acquisition Development and Maintenance. (a) Fund Data – Fund Data shall only be used by State Street for the purposes specified in the Existing Agreement.