IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing"

Transcription

1 IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed outside of your enterprise and may not be duplicated, used or disclosed in whole or in part for any purpose other than to evaluate the services, provided that if a contract is awarded to IBM as a result of or in connection with the submission of this Statement of Work, you will have the right to duplicate, use or disclose the information to the extent provided by the contract. This restriction does not limit your right to use information contained in this Statement of Work if it is obtained from another source without restriction. IBM retains ownership of this Statement of Work. GUIDANCE PAGE Z Page 1 of 2

2 Table of Contents 1. Scope of Services Definitions Services Services Coordination IBM Services Coordination Responsibilities Your Point of Contact Responsibilities Your General Responsibilities Mutual Responsibilities Penetration Testing IBM Penetration Testing Responsibilities Your Penetration Testing Responsibilities Estimated Schedule Completion Criteria Charges Other Terms and Conditions Economic Monetary Union Permission to Perform Testing Systems Owned by a Third Party Disclaimer Z Page 2 of 12

3 IBM Australia Limited ABN Level 13, IBM Centre, 601 Pacific Highway, St Leonards, NSW 2065 Statement of Work for Services IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing 1. Scope of Services IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing (called Express Penetration Testing or Services ) will be provided to: 1) conduct a real-life attack on Internet-connected systems designated by the Services Recipient, 2) help identify critical business risks, 3) analyse and document the attack, and 4) prioritise and outline the identified security risks and recommended corrective actions. IBM will use existing, commercially available tools, as well as IBM proprietary tools, to perform the Services. Such tools and their associated documentation remain the property of IBM or third parties. The details of the Services will be specified in the applicable schedule (called Schedule ). IBM does not provide for the purchase or acquisition of any products as part of the Services. 2. Definitions Credentials in information systems, credentials are commonly used to control access to information or other resources. The combination of a user account number or name, and a secret password is a widelyused example of credentials. Demilitarised Zone ( DMZ ) a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Such DMZ is designed to prevent outside users from getting direct access to a server that has company data. Device any system that responds on the network including routers, firewalls, Web servers, file transfer protocol ( FTP ) servers, and mail servers. Services Recipient any entity or individual receiving or using the Services, or the results or products of the Services. 3. Services 3.1 Services Coordination IBM Services Coordination Responsibilities IBM will provide an IBM Services specialist who will be IBM s focal point during performance of the Services. The IBM Services specialist will: a. review the SOW, and any associated documents, with your Point of Contact; b. establish and maintain communications through your Point of Contact, as defined in the section entitled Your Point of Contact Responsibilities below; c. provide data collection questionnaire(s) (if applicable) to your Point of Contact at the onset of the Services; d. review and administer the Project Procedures with your Point of Contact, as defined in the Schedule; and e. coordinate and manage the technical activities of IBM s assigned personnel. This is an ongoing activity that will be considered complete at the end of the Services. None Z Page 3 of 12

4 3.1.2 Your Point of Contact Responsibilities Prior to the start of the Services, you will designate a person ("your Point of Contact"), to whom all communications relative to the Services will be addressed and who will have the authority to act on your behalf in all matters regarding this SOW. Your Point of Contact will: a. complete and return any questionnaires or checklists within five days of your receipt from IBM; b. serve as the interface between IBM s project team and all of your departments participating in the Services; c. obtain and provide applicable information, data, consents, decisions and approvals as required by IBM to perform the Services, within two business days of IBM s request; and d. help resolve Services issues, and escalate issues within your organisation, as necessary Your General Responsibilities IBM's performance is dependent upon your management and fulfillment of your responsibilities under this SOW and the Agreement specified in the Schedule ( Agreement ), at no charge to IBM. You will: a. make appropriate personnel available to assist IBM in the performance of IBM s responsibilities; b. ensure that current maintenance and license agreements are in place with applicable vendors for those products and services upon which IBM is relying to provide the Services described herein; c. authorise International Business Machines Corporation and its subsidiaries (and their successors and assigns, contractors and IBM Business Partners) to store and use your business contact information wherever they do business, for use in connection with IBM products and services or in furtherance of IBM s business relationship with you; d. obtain any necessary consents, including those of individuals, and take any other actions required by applicable laws, including but not limited to the Privacy Act, prior to disclosing any of your employee information, or other personal information or data, to IBM. You agree that IBM may transfer your data to countries outside of Australia as IBM reasonably considers necessary or appropriate to perform the Services. If you disclose any Personal Information to IBM when supplying your data to IBM as specified in this clause, on or prior to making the disclosure you will take all reasonable steps necessary to disclose to the relevant individuals such information about IBM that is prescribed under national Privacy Principle 1.3. IBM will refer individuals who request access to their Personal Information to you. However, if required by applicable law, IBM may deal with such access requests directly and will notify you as soon as reasonably possible after receipt of the request. You will reimburse IBM for its reasonable expenses incurred in dealing with the request. For the purposes of this clause, Privacy Act means the Privacy Act 1988 as amended from time to time; Personal Information and National Privacy Principle have the same meaning as defined in the Privacy Act. The Services Recipient is solely responsible for determining that any transfer by IBM or Services Recipient of Services Recipient s data, including Personal Information, across a country border under the SOW and the Agreement complies with the applicable data protection laws. e. prior to making the facilities, software, hardware, networks or other similar resources available to IBM, promptly obtain any licenses or approvals necessary for IBM or its subcontractors to use, access and modify such resources to the extent necessary for IBM to perform the Services, including the development of any Materials. IBM will be relieved of its obligations to the extent your failure to promptly obtain such licenses or approvals adversely affects IBM s ability to perform its obligations. If a third party asserts a claim against IBM as a result of your failure to promptly obtain these licenses or approvals, you agree to reimburse IBM for any costs and damages that IBM may reasonably incur in connection with such claim; f. be responsible for: (1) the content of any database, the selection and implementation of controls on its access and use, backup and recovery, and the security of the stored data. This security will also include any procedures necessary to safeguard the integrity and security of software and data used in the Services from access by unauthorised personnel; (2) the identification and interpretation of any applicable laws, regulations, and statutes that affect the existing application systems, programs, or data to which IBM will have access during the Z Page 4 of 12

5 Services. It is your responsibility to ensure that the systems, programs, and data meet the requirements of those laws, regulations and statutes; (3) obtaining those products (such as any required software or hardware) and services upon which IBM is relying to provide the Services; (4) the physical installation and cabling of all hardware devices; (5) providing and paying for Internet access service or telecommunications transport circuits; and (6) your own network security policy and security violation response procedures Mutual Responsibilities Each of us will comply with applicable export and import laws and regulations, including those of the United States that prohibit or limit export for certain uses or to certain end users. Each of us will cooperate with the other by providing all necessary information to the other, as needed for compliance. Each of us will provide the other with advance written notice prior to providing the other party with access to data requiring an export license. 3.2 Penetration Testing IBM Penetration Testing Responsibilities Activity 1 - Project Initiation The purpose of this activity is to finalise the project team members, develop a common understanding of the project objectives, roles and responsibilities, and assess your readiness to implement the Services by confirming that the appropriate information is documented. IBM will: a. at least five business days prior to the project initiation conference call, provide any questionnaires or other data input sheets to your Point of Contact; b. facilitate a project initiation conference call, for up to two hours, on a mutually agreed date and time to: (1) initiate the project; (a) (b) (c) (d) introduce the project participants; discuss project team roles and responsibilities; review the project objectives; and provide an overview of the project methodology; (2) review your environment and organisation, including: (a) (b) (c) (d) network address range(s) to be tested, as specified in the Schedule (called target network range(s) ); devices and vulnerabilities present within the agreed upon target network range(s); penetration testing schedule; emergency contact plan, including event triggers and establishment of designated telephone number(s) and address(es); (3) review the completed data collection questionnaire(s) and identify any missing information; c. discuss risk tolerance; and d. develop a preliminary schedule of activities. This activity will be complete when the project initiation conference call has been conducted. None Activity 2 - External Network Vulnerability Testing The purpose of this activity is to identify active host systems and associated services within the targeted network range, assess such systems for known vulnerabilities, and evaluate the identified vulnerabilities. For the targeted network range specified in the Schedule, IBM will: Z Page 5 of 12

6 a. identify and document security exposures that may be used to infiltrate your network, for up to the number of Class C networks (targeted network range) specified in the Schedule; b. scan your designated network(s), using non-intrusive methods, to: (1) identify current vulnerabilities from an external perspective; and (2) identify false positives; and c. as applicable, analyse and document its findings and recommendations to be included in the External Network Vulnerability Report. This activity will be complete when IBM has delivered the External Network Vulnerability Test Report to your Point of Contact. External Network Vulnerability Test Report The External Network Vulnerability Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary - a high-level overview of the security posture; (2) Services Overview; (3) Assessment Findings Summary and Detail; and (4) Recommendations specific actions or considerations to address documented issues. IBM will deliver one copy of the External Network Vulnerability Test Report to your Point of Contact within ten business days following completion of the External Network Vulnerability Testing activity, or as otherwise mutually agreed. Activity 3 - Network Discovery and Assessment The purpose of this activity is to identify active hosts and services within the target network range(s) and assess the security posture of those systems. IBM will: a. conduct network discovery testing of the target network range; b. for up to the number of in-scope active Devices specified in the Schedule, identify active hosts and services. Test such hosts and services for issues and vulnerabilities that could lead to remote exploitation; Note: Only the Devices identified in the Schedule as in-scope for the penetration test will be included in a vulnerability assessment. A full network vulnerability assessment across all Devices in a specified network range will require a Network Vulnerability Assessment and is not included in the scope of this SOW. c. determine which vulnerabilities are conducive to attack and may be more likely to lead to a network compromise; d. assess and investigate high-value targets within the target network range(s) such as: (1) Web, application, database, and mail servers; (2) routers and switches; (3) firewalls; and (4) file transfer protocol ( FTP ) servers; and e. document the findings to be included in a Final Penetration Test Report. This activity will be complete when IBM has documented its findings to be included in the Final Penetration Test Report. None Z Page 6 of 12

7 Activity 4 - Perimeter Network Attack The purpose of this activity is to attempt to exploit identified vulnerabilities and demonstrate the impact of those vulnerabilities in terms of successful attack scenarios for the target network range(s), IP addresses, in-scope active Devices, and Web sites specified in the Schedule. IBM will: a. exploit key identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems. Note: Only vulnerabilities believed to contribute to a viable attack scenario, as determined by IBM, will be targeted; b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present. Examples of methods used to demonstrate such weaknesses may include: (1) mining of login Credentials using public sources; (2) brute-force password cracking directly against applications and virtual private networks ( VPNs ); (3) exploitation of buffer overflow and format string vulnerabilities; (4) session hijacking, if possible; and (5) Web application vulnerabilities testing including SQL injection, cross site, improper input validation, and application logic errors; and Note: Web application testing is conducted as a non-credentialed user. e. document the findings to be included in the Final Penetration Test Report. This activity will be complete when IBM has documented its findings to be included in the Final Penetration Test Report. None Activity 5 - Remote Exploitation The purpose of this activity is to utilise discovered successful attacks to initiate mutually agreed upon breach scenarios for the target network range(s). IBM will: a. attempt penetration into the DMZ and internal network(s); b. target confidential data (such as personnel, customer, and financial information); c. examine network linkages and implicit trust relationships; d. determine which portions of the internal network(s) are vulnerable to attack; e. work with your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and f. document the findings in the Final Penetration Test Report. This activity will be complete when IBM has delivered the Final Penetration Test Report to your Point of Contact. Z Page 7 of 12

8 The deliverable Material, identified as a Type II Material, resulting from the completion of the Services is: Final Penetration Test Report The Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Network Discovery and Assessment (Reconnaissance) an inventory of identified systems, ports, software versions, and vulnerabilities within the target network range(s) that may pose a security risk to your enterprise. The following information will be included as applicable: (a) (b) (c) (d) (e) host identification information; operating system information or device hardware; open port information; serious vulnerabilities found on hosts or devices; and configurations that may potentially impact your security or operations; (3) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (4) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies. IBM will deliver one copy of the Final Penetration Test Report to your Point of Contact within ten business days after the planned penetration attempts have been performed as detailed in the Remote Exploitation activity, or as otherwise mutually agreed. Activity 6 - Standard Penetration Retest The purpose of this activity is to conduct a retest of high risk vulnerabilities identified during a penetration test performed by IBM within the previous six months. Such retest is designed to verify the success of the recommended remediation activities resulting from the original penetration test. For only the high risk vulnerabilities identified during the original penetration test, IBM will: a. attempt to exploit identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems. b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present e. attempt penetration into the DMZ and internal network(s); f. target confidential data (such as personnel, customer, and financial information); g. examine network linkages and implicit trust relationships; h. determine which portions of the internal network(s) are vulnerable to attack; i. work with the your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and j. update the Final Penetration Test Report with the findings from the penetration retest. Z Page 8 of 12

9 This activity will be complete when IBM has delivered the updated Final Penetration Test Report to your Point of Contact. Updated Final Penetration Test Report The updated Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (3) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies. IBM will deliver one copy of the updated Final Penetration Test Report to your Point of Contact within ten business days after the completion of the Standard Penetration Retest activity, or as otherwise mutually agreed. Activity 7 - Full Penetration ReTest The purpose of this activity is to conduct a retest of the IP addresses tested during a penetration test performed by IBM within the previous six months. Such retest is designed to verify the success of the recommended remediation activities resulting from the original penetration test. For only the IP addresses included in the original penetration test, IBM will: a. attempt to exploit identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems; b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present; e. attempt penetration into the DMZ and internal network(s); f. target confidential data (such as personnel, customer, and financial information); g. examine network linkages and implicit trust relationships; h. determine which portions of the internal network(s) are vulnerable to attack; i. work with the your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and j. update the Final Penetration Test Report with the findings from the penetration retest. This activity will be complete when IBM has delivered the updated Final Penetration Test Report to your Point of Contact. Updated Final Penetration Test Report The updated Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: Z Page 9 of 12

10 (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (3) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies.. IBM will deliver one copy of the updated Final Penetration Test Report to your Point of Contact within ten business days after the completion of the Standard Penetration Retest activity, or as otherwise mutually agreed Your Penetration Testing Responsibilities You agree to: a. complete and return any data collection questionnaires within five days of receipt of such questionnaires; b. work with IBM to schedule the project initiation conference call identified in the Project Initiation activity such that all participants have enough notice to attend and can complete required input documents (such as the data collection questionnaire) prior to the call; c. invite and confirm attendance of all intended participants of the project initiation conference call, and arrange the meeting room and all logistics at your premises; d. ensure, to the extent possible, participation by various management levels with representative skills and data protection ownership and mandates within the business units, security group, information technology, audit and risk departments, and operations management at your facility; e. ensure the in-scope systems and infrastructure remain in a static state throughout the testing period; and Note: Configuration or infrastructure modifications made during the testing may cause inconsistencies in the results, and may incur additional charges. f. ensure the IP addresses associated with the technical testers are added to any filtering devices (such as firewalls and intrusion prevention systems), such that the testers have unfiltered access to the target systems. 4. Estimated Schedule The estimated schedule for the Services is detailed in the Schedule. Both parties agree to make reasonable efforts to carry out our respective responsibilities in order to achieve the estimated schedule. If the Schedule signature date is beyond the Estimated Start Date, the Estimated Start Date will automatically be extended to the first business day following the date of the last signature on the Schedule. The Estimated End Date will automatically be extended by the same number of days. 5. Completion Criteria IBM will have fulfilled its obligations for the Services when any one of the following first occurs: a. IBM completes the activities described in this SOW, including provision of the deliverable Materials; or b. the Services are terminated in accordance with the provisions of the Agreement identified in the Schedule. 6. Charges The charges for the Services described in this SOW, exclusive of applicable taxes, are as specified in the Schedule. Unless otherwise stated in the Schedule, pricing is based upon a contiguous work schedule. Delays in the work schedule are subject to the Project Change Control Procedure and may result in an increase in pricing. IBM shall not be responsible for delays or additional requirements imposed by any government agencies, labor disputes, fire, unavoidable casualties, or unforeseen conditions. Z Page 10 of 12

11 7. Other Terms and Conditions 7.1 Economic Monetary Union The Services do not address the capability of your systems to handle monetary data in the euro denomination. You acknowledge that it is your responsibility to assess your current systems and take appropriate action to ensure that such systems are able to correctly process or properly exchange accurate monetary data in the euro denomination. 7.2 Permission to Perform Testing Certain laws prohibit any unauthorised attempt to penetrate or access computer systems. You authorise IBM to perform the Services as described herein and acknowledge that the Services constitute authorised access to your computer systems. IBM may disclose this grant of authority to a third party if deemed necessary to perform the Services. The Services that IBM performs entail certain risks and you agree to accept all risks associated with such Services; provided, however, that this does not limit IBM s obligation to perform the Services in accordance with the terms of this SOW. You acknowledge and agree to the following: a. excessive amounts of log messages may be generated, resulting in excessive log file disk space consumption; b. the performance and throughput of your systems, as well as the performance and throughput of associated routers and firewalls, may be temporarily degraded; c. some data may be changed temporarily as a result of probing vulnerabilities; d. your computer systems may hang or crash, resulting in system failure or temporary system unavailability; e. any service level agreement rights or remedies will be waived during any testing activity; f. a scan may trigger alarms by intrusion detection systems; g. some aspects of the Services may involve intercepting the traffic of the monitored network for the purpose of looking for events; and h. new security threats are constantly evolving and no service designed to provide protection from security threats will be able to make network resources invulnerable from such security threats or ensure that such service has identified all risks, exposures and vulnerabilities. 7.3 Systems Owned by a Third Party For systems (which for purposes of this provision includes but is not limited to applications and IP addresses) owned by a third party that will be the subject of testing hereunder, you agree: a. that prior to IBM initiating testing on a third party system, you will obtain a signed letter from the owner of each system authorising IBM to provide the Services on that system, and indicating the owner's acceptance of the conditions set forth in the section entitled Permission to Perform Testing and to provide IBM with a copy of such authorisation; b. to be solely responsible for communicating any risks, exposures, and vulnerabilities identified on these systems by IBM s remote testing to the system owner, and c. to arrange for and facilitate the exchange of information between the system owner and IBM as deemed necessary by IBM. You agree: d. to inform IBM immediately whenever there is a change in ownership of any system that is the subject of the testing hereunder; e. not to disclose the deliverable Materials, or the fact that IBM performed the Services, outside your Enterprise without IBM s prior written consent; and f. to indemnify IBM in full for any losses or liability IBM incurs due to third party claims arising out of your failure to comply with the requirements of this section entitled, "Systems Owned by a Third Party" and for any third party subpoenas or claims brought against IBM or IBM s subcontractors or agents arising out of (a) testing the security risks, exposures or vulnerabilities of the systems that are the subject of testing hereunder, (b) providing the results of such testing to you, or (c) your use or disclosure of such results. Z Page 11 of 12

12 7.4 Disclaimer You understand and agree: a. that it is solely within your discretion to use or not use any of the information provided pursuant to the Services hereunder. Accordingly, IBM will not be liable for any actions that you take or choose not to take based on the Services performed and/or deliverables provided hereunder; b. that it is your sole responsibility to provide appropriate and adequate security for the company, its assets, systems and employees; c. that it is your responsibility to add the IP addresses associated with the testers to any filtering devices, thereby permitting unfiltered network access to the target systems; and d. not to modify the configurations of any in-scope systems and infrastructure devices during the period of testing. e. that new technology, configuration changes, software upgrades and routine maintenance, among other items, can create new and unknown security exposures. Moreover, computer hackers and other third parties continue to employ increasingly sophisticated techniques and tools, resulting in ever-growing challenges to individual computer system security. IBM s performance of the Services does not constitute any representation or warranty by IBM about the security of your computer systems including, but not limited to, any representation that your computer systems are safe from intrusions, viruses, or any other security exposures. IBM does not make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information provided as part of the Services. Z Page 12 of 12

THIS PAGE NOT FOR RELEASE TO CUSTOMER

THIS PAGE NOT FOR RELEASE TO CUSTOMER Guidance for Use of This Document THIS PAGE NOT FOR RELEASE TO CUSTOMER Use this Guidance page to determine if this SOW fits your Customer's needs. Discard it prior to presenting the SOW to your Customer.

More information

IBM Implementation Services for Power Systems IBM Systems Director

IBM Implementation Services for Power Systems IBM Systems Director Sample Statement of Work for Services This an example and your Statement of Work may vary given your specific requirements and the related IBM engagement. IBM Implementation Services for Power Systems

More information

Attachment for IBM Internet Security Systems Products and Services

Attachment for IBM Internet Security Systems Products and Services IBM Customer Agreement IBM Ireland Limited Registered in Dublin: No. 16226 Registered Office: Oldbrook House 24-32 Pembroke Road Ballsbridge, Dublin 4. Attachment for IBM Internet Security Systems Products

More information

IBM Managed Security Services (Cloud Computing) hosted mobile device security management

IBM Managed Security Services (Cloud Computing) hosted mobile device security management IBM Managed Security Services (Cloud Computing) hosted mobile device security management Z125-8855-00 11-2011 Page 1 of 15 Table of Contents 1. Scope of Services... 3 2. Definitions... 3 3. Services...

More information

3.1 Security Operations Centers. 3.2 Portal. 3.3 Services Contacts

3.1 Security Operations Centers. 3.2 Portal. 3.3 Services Contacts Services Description IBM United Kingdom Limited Registered in England: 741598 Registered Office: PO Box 41, North Harbour, Portsmouth, PO6 3AU (hereinafter IBM ) IBM Managed Security Services (Cloud Computing)

More information

Service Agreement Hosted Dynamics GP

Service Agreement Hosted Dynamics GP Service Agreement Hosted Dynamics GP This is a Contract between you ( Company ) and WebSan Solutions Inc. ( WebSan ) of 245 Fairview Mall Drive, Suite 508, Toronto, ON M2J 4T1, Canada. This contract applies

More information

BUSINESS ONLINE BANKING AGREEMENT

BUSINESS ONLINE BANKING AGREEMENT BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank

More information

Information Services and Technology THIRD PARTY CONNECTION AGREEMENT

Information Services and Technology THIRD PARTY CONNECTION AGREEMENT Information Services and Technology THIRD PARTY CONNECTION AGREEMENT This Third Party Network Connection Agreement (the Agreement ) by and between Information Services and Technology (IS&T), with principal

More information

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines 1 Module 12 Managed Services Version 3.0 TABLE OF CONTENTS 1. AGREED TERMS AND INTERPRETATION... 2 2. TERM OF... 4 3. TRANSITION IN... 4 4. SERVICES... 10 5. SERVICE LEVELS... 12 6. CHANGE CONTROL... 13

More information

DATA SECURITY AGREEMENT. Addendum # to Contract #

DATA SECURITY AGREEMENT. Addendum # to Contract # DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

EXHIBIT FOR MANAGED SERVICES (2013V3)

EXHIBIT FOR MANAGED SERVICES (2013V3) EXHIBIT FOR MANAGED SERVICES (2013V3) This Exhibit for Managed Services, in addition to the General Terms, the OnDemand Exhibit, and any applicable PDM, applies to any Managed Services offering licensed

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.

More information

ZIMPERIUM, INC. END USER LICENSE TERMS

ZIMPERIUM, INC. END USER LICENSE TERMS ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side

More information

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2 Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls

More information

Support Line for Storage

Support Line for Storage Agreement for IBM Software Support Services This Agreement for IBM Software Support Services Support Line for Storage is between the Customer (also called you and your ) and International Business Machines

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3

More information

WEBSITE HOSTING SERVICES AGREEMENT. Effective Date: 1/1/2015

WEBSITE HOSTING SERVICES AGREEMENT. Effective Date: 1/1/2015 WEBSITE HOSTING SERVICES AGREEMENT Effective Date: 1/1/2015 1) Scope of Services. Company will provide Client a shared or dedicated virtual machine, an Internet address for storage and access to Content,

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION iinet Limited ACN 068 628 937 Phone: 13 22 58 Westnet Pty Ltd ACN 086 416 908 Phone: 1300 786 068 Adam Internet Pty Ltd ACN 055

More information

Terms of Use/ Disclaimers/ Contract/ Agreement

Terms of Use/ Disclaimers/ Contract/ Agreement Website Development and Ongoing Services Agreement Terms of Use/ Disclaimers/ Contract/ Agreement Between You as the client and WideNet Consulting, LLC as the service provider. By using the services of

More information

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE Welcome to the Textura Construction Payment Management ( CPM ) System. By clicking

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the

More information

SPECIAL CONDITIONS FOR WEBSITE HOSTING SERVICES ON A DEDICATED SERVER

SPECIAL CONDITIONS FOR WEBSITE HOSTING SERVICES ON A DEDICATED SERVER SPECIAL CONDITIONS FOR WEBSITE HOSTING SERVICES ON A DEDICATED SERVER Version Date 03-09-13 The Supplier provides different categories of Dedicated Server. The hardware and software configurations, and

More information

Memorandum. 1. Introduction

Memorandum. 1. Introduction Memorandum To: Mississippi Government IT Directors and Purchasing Agents From: Craig P. Orgeron, Ph.D. Date: April 22, 2015 (Revised June 29, 2015) Re: Security Assessment Services RFP No. 3735 Instructions

More information

Hosting Agreement. WHEREAS, Lanex is a software development and hosting firm that offers design, programming and hosting services; and

Hosting Agreement. WHEREAS, Lanex is a software development and hosting firm that offers design, programming and hosting services; and Hosting Agreement This Hosting Agreement ( Agreement ) comprises the terms and conditions that govern the provision of the hosting services, as defined below, to the clients ( Client ) of Lanex, LLC, with

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

NextiraOne, LLC d/b/a Black Box Network Services

NextiraOne, LLC d/b/a Black Box Network Services NextiraOne, LLC d/b/a Black Box Network Services Black Box Network Services Additional Terms and Conditions Managed Services ( Additional Terms ) applicable to furnishing of equipment and services within

More information

CLOUD SERVICE SCHEDULE

CLOUD SERVICE SCHEDULE CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless

More information

PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT.

PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. Access Governance Suite 6 Lifecycle Manager 6 Compliance Manager 6 Software License Agreement PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT

VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT Florida Keys Multiple Listing Service, Inc. VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT Florida Keys MLS, Inc. 92410 Overseas Hwy, Ste. 11 Tavernier FL 33070 305-852-92940 305-852-0716 (fax) www.flexmls.com

More information

Rollstone Bank & Trust Business Online Bill Pay Agreement

Rollstone Bank & Trust Business Online Bill Pay Agreement Rollstone Bank & Trust Business Online Bill Pay Agreement By choosing to use the Rollstone Bank & Trust Online Bill Pay, you agree to the terms and conditions in this Agreement. Please read this Agreement

More information

Statement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP)

Statement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP) Statement of Work for Online Event Registration Product Deployment for Salesforce Implementation for Open Web Application Security Project (OWASP) July 9, 2010 TABLE OF CONTENTS INTRODUCTION... 3 SCOPE...

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Paychex Accounting Online Terms of Use

Paychex Accounting Online Terms of Use Paychex Accounting Online Terms of Use Paychex recommends that Client read the Terms of Use prior to using the Paychex Accounting Online Software ( Software ). If Client does not accept and agree with

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

CLOUD SERVICE SCHEDULE Newcastle

CLOUD SERVICE SCHEDULE Newcastle CLOUD SERVICE SCHEDULE Newcastle 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule,

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

ADDENDUM. Dedicated Servers v3.0

ADDENDUM. Dedicated Servers v3.0 ADDENDUM Dedicated Servers v3.0 ICUK is an International Communications company that provides Dedicated Server services to Resellers and Customers, and the said party wishes to obtain those services from

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance

More information

Kinetic Internet Limited

Kinetic Internet Limited Kinetic Internet Limited Company No: 4470080 ADDENDUM Dedicated Server Terms and Conditions KINETIC INTERNET is an International Communications company that provides Dedicated Server services. The customer

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

HP Technical Phone Support service agreement ( Agreement ) terms and conditions

HP Technical Phone Support service agreement ( Agreement ) terms and conditions HP Technical Phone Support service agreement ( Agreement ) terms and conditions Thank you for purchasing this HP Technical Phone Support Service Agreement. Service descriptions with more detailed information

More information

Terms and Conditions for Tax Services

Terms and Conditions for Tax Services Terms and Conditions for Tax Services In the course of delivering services relating to tax return preparation, tax advisory, and assistance in tax controversy matters, Brady, Martz & Associates, P.C. (we

More information

IP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT

IP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT IP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT Name of Customer: (The Customer) A.C.N. A.B.N. IPA Customer Number Telephone Fax Email Physical Address Postcode Mail Address Postcode Name of the Customer

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

Louisiana State University System

Louisiana State University System PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered

More information

Ethical Hacking Agreement for External Network Security Unannounced Penetration Test

Ethical Hacking Agreement for External Network Security Unannounced Penetration Test Ethical Hacking Agreement for External Network Security Unannounced Penetration Test Agreement made on the (date), between (Name of Consultant) of (street address, city, state, zip code), referred to herein

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date

More information

FIREWALL POLICY November 2006 TNS POL - 008

FIREWALL POLICY November 2006 TNS POL - 008 FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and

More information

COMPUTER SERVICES AGREEMENT

COMPUTER SERVICES AGREEMENT COMPUTER SERVICES AGREEMENT This COMPUTER SERVICES AGREEMENT ( "Agreement") is made and entered into effective as of the 1 day of January, 2008 (the Effective Date ), by and between 3T Productions, Inc.,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Evoqua Water Technologies LLC. ( Evoqua )

Evoqua Water Technologies LLC. ( Evoqua ) Evoqua Water Technologies LLC. ( Evoqua ) Remote Monitoring Services Terms and Conditions of Use These terms and conditions govern the use of Evoqua Link2Site sm Remote Monitoring Services whether the

More information

TERMS OF USE 1 DEFINITIONS

TERMS OF USE 1 DEFINITIONS 1 DEFINITIONS In these Terms of Use a) CDA shall mean Common Data Access Limited, a company registered in England and Wales whose registered office is at 6th Floor East, Portland House, Bressenden Place,

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

ANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT

ANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT ANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT This Electronic Transactions Trading Partner Agreement ( Agreement ), by and between Anthem Insurance Companies, Inc.,

More information

INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia

INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia 1 DEFINITIONS Capitalised terms in this Service Schedule not otherwise defined here have the meaning given in the Standard Terms and Conditions:

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY

SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY A. ACCEPTANCE: The College shall commence Acceptance testing within five (5) days, or within such other period as agreed upon. Acceptance testing

More information

APPENDIX 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT

APPENDIX 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT TUGeneral TUSecurity TURequirements TUDesign TUIntegration

More information

Web Site Development Agreement

Web Site Development Agreement Web Site Development Agreement 1. Parties; Effective Date. This Web Site Development Agreement ( Agreement ) is between Plug-N-Run, its affiliates, (including but not limited to USA Financial, USA Financial

More information

Service Schedule for CLOUD SERVICES

Service Schedule for CLOUD SERVICES Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

More information

STANDING CLOUD, INC. ( SC ) TERMS OF SERVICE

STANDING CLOUD, INC. ( SC ) TERMS OF SERVICE STANDING CLOUD, INC. ( SC ) TERMS OF SERVICE These Terms of Service ( Terms ) govern your use of Standing Cloud s online deployment platform for application software (the Services ). By using the Services,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

MTN Managed Firewall. Description of Service

MTN Managed Firewall. Description of Service MTN Managed Firewall Description of Service Managed Firewall ("Service") is a managed security service for Internet access customers that provides firewall configuration, administration, monitoring, support

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

CONSULTING SERVICES AGREEMENT

CONSULTING SERVICES AGREEMENT CONSULTING SERVICES AGREEMENT THIS AGREEMENT ("Agreement") is entered into on / /, between SCWOA ("Consultant"), a CA corporation with its principal place of business located at PO Box 1195, Pacifica,

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

esnc ACCESS AGREEMENT

esnc ACCESS AGREEMENT FEDERAL RESERVE BOARD Shared National Credit Function esnc ACCESS AGREEMENT A. Introduction This agreement (Agreement) sets forth the terms for your Institution s use of our Electronic Shared National

More information

Online Banking Agreement and Disclosures

Online Banking Agreement and Disclosures Online Banking Agreement and Disclosures This agreement states the terms and conditions that apply to your use of Online Banking services offered by Eastman Credit Union. Please read this agreement carefully.

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Security Annex for Firewalls Additional Terms for Firewall Service

Security Annex for Firewalls Additional Terms for Firewall Service CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Firewall Service and Next Generation Firewall Service... 2 2.2 Roaming SSL Access Services... 2 2.3 DMZ Services... 3 2.4

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT Note: This form is not meant to encompass all the various ways in which any particular facility may use health information and should be specifically tailored to your organization. In addition, as with

More information

If you have any questions about any of our policies, please contact the Customer Services Team.

If you have any questions about any of our policies, please contact the Customer Services Team. Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting

More information

ELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT

ELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT ELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT This License Agreement (the Agreement) is made and entered into between

More information

SERVICE TERMS AND CONDITIONS

SERVICE TERMS AND CONDITIONS SERVICE TERMS AND CONDITIONS Last Updated: April 19th, 2016 These Service Terms and Conditions ( Terms ) are a legal agreement between you ( Customer or you ) and Planday, Inc., a Delaware corporation

More information