IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing
|
|
- Felicia Snow
- 8 years ago
- Views:
Transcription
1 IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed outside of your enterprise and may not be duplicated, used or disclosed in whole or in part for any purpose other than to evaluate the services, provided that if a contract is awarded to IBM as a result of or in connection with the submission of this Statement of Work, you will have the right to duplicate, use or disclose the information to the extent provided by the contract. This restriction does not limit your right to use information contained in this Statement of Work if it is obtained from another source without restriction. IBM retains ownership of this Statement of Work. GUIDANCE PAGE Z Page 1 of 2
2 Table of Contents 1. Scope of Services Definitions Services Services Coordination IBM Services Coordination Responsibilities Your Point of Contact Responsibilities Your General Responsibilities Mutual Responsibilities Penetration Testing IBM Penetration Testing Responsibilities Your Penetration Testing Responsibilities Estimated Schedule Completion Criteria Charges Other Terms and Conditions Economic Monetary Union Permission to Perform Testing Systems Owned by a Third Party Disclaimer Z Page 2 of 12
3 IBM Australia Limited ABN Level 13, IBM Centre, 601 Pacific Highway, St Leonards, NSW 2065 Statement of Work for Services IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing 1. Scope of Services IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing (called Express Penetration Testing or Services ) will be provided to: 1) conduct a real-life attack on Internet-connected systems designated by the Services Recipient, 2) help identify critical business risks, 3) analyse and document the attack, and 4) prioritise and outline the identified security risks and recommended corrective actions. IBM will use existing, commercially available tools, as well as IBM proprietary tools, to perform the Services. Such tools and their associated documentation remain the property of IBM or third parties. The details of the Services will be specified in the applicable schedule (called Schedule ). IBM does not provide for the purchase or acquisition of any products as part of the Services. 2. Definitions Credentials in information systems, credentials are commonly used to control access to information or other resources. The combination of a user account number or name, and a secret password is a widelyused example of credentials. Demilitarised Zone ( DMZ ) a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Such DMZ is designed to prevent outside users from getting direct access to a server that has company data. Device any system that responds on the network including routers, firewalls, Web servers, file transfer protocol ( FTP ) servers, and mail servers. Services Recipient any entity or individual receiving or using the Services, or the results or products of the Services. 3. Services 3.1 Services Coordination IBM Services Coordination Responsibilities IBM will provide an IBM Services specialist who will be IBM s focal point during performance of the Services. The IBM Services specialist will: a. review the SOW, and any associated documents, with your Point of Contact; b. establish and maintain communications through your Point of Contact, as defined in the section entitled Your Point of Contact Responsibilities below; c. provide data collection questionnaire(s) (if applicable) to your Point of Contact at the onset of the Services; d. review and administer the Project Procedures with your Point of Contact, as defined in the Schedule; and e. coordinate and manage the technical activities of IBM s assigned personnel. This is an ongoing activity that will be considered complete at the end of the Services. None Z Page 3 of 12
4 3.1.2 Your Point of Contact Responsibilities Prior to the start of the Services, you will designate a person ("your Point of Contact"), to whom all communications relative to the Services will be addressed and who will have the authority to act on your behalf in all matters regarding this SOW. Your Point of Contact will: a. complete and return any questionnaires or checklists within five days of your receipt from IBM; b. serve as the interface between IBM s project team and all of your departments participating in the Services; c. obtain and provide applicable information, data, consents, decisions and approvals as required by IBM to perform the Services, within two business days of IBM s request; and d. help resolve Services issues, and escalate issues within your organisation, as necessary Your General Responsibilities IBM's performance is dependent upon your management and fulfillment of your responsibilities under this SOW and the Agreement specified in the Schedule ( Agreement ), at no charge to IBM. You will: a. make appropriate personnel available to assist IBM in the performance of IBM s responsibilities; b. ensure that current maintenance and license agreements are in place with applicable vendors for those products and services upon which IBM is relying to provide the Services described herein; c. authorise International Business Machines Corporation and its subsidiaries (and their successors and assigns, contractors and IBM Business Partners) to store and use your business contact information wherever they do business, for use in connection with IBM products and services or in furtherance of IBM s business relationship with you; d. obtain any necessary consents, including those of individuals, and take any other actions required by applicable laws, including but not limited to the Privacy Act, prior to disclosing any of your employee information, or other personal information or data, to IBM. You agree that IBM may transfer your data to countries outside of Australia as IBM reasonably considers necessary or appropriate to perform the Services. If you disclose any Personal Information to IBM when supplying your data to IBM as specified in this clause, on or prior to making the disclosure you will take all reasonable steps necessary to disclose to the relevant individuals such information about IBM that is prescribed under national Privacy Principle 1.3. IBM will refer individuals who request access to their Personal Information to you. However, if required by applicable law, IBM may deal with such access requests directly and will notify you as soon as reasonably possible after receipt of the request. You will reimburse IBM for its reasonable expenses incurred in dealing with the request. For the purposes of this clause, Privacy Act means the Privacy Act 1988 as amended from time to time; Personal Information and National Privacy Principle have the same meaning as defined in the Privacy Act. The Services Recipient is solely responsible for determining that any transfer by IBM or Services Recipient of Services Recipient s data, including Personal Information, across a country border under the SOW and the Agreement complies with the applicable data protection laws. e. prior to making the facilities, software, hardware, networks or other similar resources available to IBM, promptly obtain any licenses or approvals necessary for IBM or its subcontractors to use, access and modify such resources to the extent necessary for IBM to perform the Services, including the development of any Materials. IBM will be relieved of its obligations to the extent your failure to promptly obtain such licenses or approvals adversely affects IBM s ability to perform its obligations. If a third party asserts a claim against IBM as a result of your failure to promptly obtain these licenses or approvals, you agree to reimburse IBM for any costs and damages that IBM may reasonably incur in connection with such claim; f. be responsible for: (1) the content of any database, the selection and implementation of controls on its access and use, backup and recovery, and the security of the stored data. This security will also include any procedures necessary to safeguard the integrity and security of software and data used in the Services from access by unauthorised personnel; (2) the identification and interpretation of any applicable laws, regulations, and statutes that affect the existing application systems, programs, or data to which IBM will have access during the Z Page 4 of 12
5 Services. It is your responsibility to ensure that the systems, programs, and data meet the requirements of those laws, regulations and statutes; (3) obtaining those products (such as any required software or hardware) and services upon which IBM is relying to provide the Services; (4) the physical installation and cabling of all hardware devices; (5) providing and paying for Internet access service or telecommunications transport circuits; and (6) your own network security policy and security violation response procedures Mutual Responsibilities Each of us will comply with applicable export and import laws and regulations, including those of the United States that prohibit or limit export for certain uses or to certain end users. Each of us will cooperate with the other by providing all necessary information to the other, as needed for compliance. Each of us will provide the other with advance written notice prior to providing the other party with access to data requiring an export license. 3.2 Penetration Testing IBM Penetration Testing Responsibilities Activity 1 - Project Initiation The purpose of this activity is to finalise the project team members, develop a common understanding of the project objectives, roles and responsibilities, and assess your readiness to implement the Services by confirming that the appropriate information is documented. IBM will: a. at least five business days prior to the project initiation conference call, provide any questionnaires or other data input sheets to your Point of Contact; b. facilitate a project initiation conference call, for up to two hours, on a mutually agreed date and time to: (1) initiate the project; (a) (b) (c) (d) introduce the project participants; discuss project team roles and responsibilities; review the project objectives; and provide an overview of the project methodology; (2) review your environment and organisation, including: (a) (b) (c) (d) network address range(s) to be tested, as specified in the Schedule (called target network range(s) ); devices and vulnerabilities present within the agreed upon target network range(s); penetration testing schedule; emergency contact plan, including event triggers and establishment of designated telephone number(s) and address(es); (3) review the completed data collection questionnaire(s) and identify any missing information; c. discuss risk tolerance; and d. develop a preliminary schedule of activities. This activity will be complete when the project initiation conference call has been conducted. None Activity 2 - External Network Vulnerability Testing The purpose of this activity is to identify active host systems and associated services within the targeted network range, assess such systems for known vulnerabilities, and evaluate the identified vulnerabilities. For the targeted network range specified in the Schedule, IBM will: Z Page 5 of 12
6 a. identify and document security exposures that may be used to infiltrate your network, for up to the number of Class C networks (targeted network range) specified in the Schedule; b. scan your designated network(s), using non-intrusive methods, to: (1) identify current vulnerabilities from an external perspective; and (2) identify false positives; and c. as applicable, analyse and document its findings and recommendations to be included in the External Network Vulnerability Report. This activity will be complete when IBM has delivered the External Network Vulnerability Test Report to your Point of Contact. External Network Vulnerability Test Report The External Network Vulnerability Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary - a high-level overview of the security posture; (2) Services Overview; (3) Assessment Findings Summary and Detail; and (4) Recommendations specific actions or considerations to address documented issues. IBM will deliver one copy of the External Network Vulnerability Test Report to your Point of Contact within ten business days following completion of the External Network Vulnerability Testing activity, or as otherwise mutually agreed. Activity 3 - Network Discovery and Assessment The purpose of this activity is to identify active hosts and services within the target network range(s) and assess the security posture of those systems. IBM will: a. conduct network discovery testing of the target network range; b. for up to the number of in-scope active Devices specified in the Schedule, identify active hosts and services. Test such hosts and services for issues and vulnerabilities that could lead to remote exploitation; Note: Only the Devices identified in the Schedule as in-scope for the penetration test will be included in a vulnerability assessment. A full network vulnerability assessment across all Devices in a specified network range will require a Network Vulnerability Assessment and is not included in the scope of this SOW. c. determine which vulnerabilities are conducive to attack and may be more likely to lead to a network compromise; d. assess and investigate high-value targets within the target network range(s) such as: (1) Web, application, database, and mail servers; (2) routers and switches; (3) firewalls; and (4) file transfer protocol ( FTP ) servers; and e. document the findings to be included in a Final Penetration Test Report. This activity will be complete when IBM has documented its findings to be included in the Final Penetration Test Report. None Z Page 6 of 12
7 Activity 4 - Perimeter Network Attack The purpose of this activity is to attempt to exploit identified vulnerabilities and demonstrate the impact of those vulnerabilities in terms of successful attack scenarios for the target network range(s), IP addresses, in-scope active Devices, and Web sites specified in the Schedule. IBM will: a. exploit key identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems. Note: Only vulnerabilities believed to contribute to a viable attack scenario, as determined by IBM, will be targeted; b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present. Examples of methods used to demonstrate such weaknesses may include: (1) mining of login Credentials using public sources; (2) brute-force password cracking directly against applications and virtual private networks ( VPNs ); (3) exploitation of buffer overflow and format string vulnerabilities; (4) session hijacking, if possible; and (5) Web application vulnerabilities testing including SQL injection, cross site, improper input validation, and application logic errors; and Note: Web application testing is conducted as a non-credentialed user. e. document the findings to be included in the Final Penetration Test Report. This activity will be complete when IBM has documented its findings to be included in the Final Penetration Test Report. None Activity 5 - Remote Exploitation The purpose of this activity is to utilise discovered successful attacks to initiate mutually agreed upon breach scenarios for the target network range(s). IBM will: a. attempt penetration into the DMZ and internal network(s); b. target confidential data (such as personnel, customer, and financial information); c. examine network linkages and implicit trust relationships; d. determine which portions of the internal network(s) are vulnerable to attack; e. work with your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and f. document the findings in the Final Penetration Test Report. This activity will be complete when IBM has delivered the Final Penetration Test Report to your Point of Contact. Z Page 7 of 12
8 The deliverable Material, identified as a Type II Material, resulting from the completion of the Services is: Final Penetration Test Report The Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Network Discovery and Assessment (Reconnaissance) an inventory of identified systems, ports, software versions, and vulnerabilities within the target network range(s) that may pose a security risk to your enterprise. The following information will be included as applicable: (a) (b) (c) (d) (e) host identification information; operating system information or device hardware; open port information; serious vulnerabilities found on hosts or devices; and configurations that may potentially impact your security or operations; (3) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (4) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies. IBM will deliver one copy of the Final Penetration Test Report to your Point of Contact within ten business days after the planned penetration attempts have been performed as detailed in the Remote Exploitation activity, or as otherwise mutually agreed. Activity 6 - Standard Penetration Retest The purpose of this activity is to conduct a retest of high risk vulnerabilities identified during a penetration test performed by IBM within the previous six months. Such retest is designed to verify the success of the recommended remediation activities resulting from the original penetration test. For only the high risk vulnerabilities identified during the original penetration test, IBM will: a. attempt to exploit identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems. b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present e. attempt penetration into the DMZ and internal network(s); f. target confidential data (such as personnel, customer, and financial information); g. examine network linkages and implicit trust relationships; h. determine which portions of the internal network(s) are vulnerable to attack; i. work with the your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and j. update the Final Penetration Test Report with the findings from the penetration retest. Z Page 8 of 12
9 This activity will be complete when IBM has delivered the updated Final Penetration Test Report to your Point of Contact. Updated Final Penetration Test Report The updated Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (3) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies. IBM will deliver one copy of the updated Final Penetration Test Report to your Point of Contact within ten business days after the completion of the Standard Penetration Retest activity, or as otherwise mutually agreed. Activity 7 - Full Penetration ReTest The purpose of this activity is to conduct a retest of the IP addresses tested during a penetration test performed by IBM within the previous six months. Such retest is designed to verify the success of the recommended remediation activities resulting from the original penetration test. For only the IP addresses included in the original penetration test, IBM will: a. attempt to exploit identified vulnerabilities: (1) on perimeter (remotely accessed) systems; or (2) on internal (locally accessed) systems; b. target specific systems and attempt to gain direct access to confidential data and administrator or elevated access privileges on vulnerable systems; c. attempt to compromise internal networks and systems by leveraging limited external access; d. demonstrate specific or systematic security weaknesses, if present; e. attempt penetration into the DMZ and internal network(s); f. target confidential data (such as personnel, customer, and financial information); g. examine network linkages and implicit trust relationships; h. determine which portions of the internal network(s) are vulnerable to attack; i. work with the your Point of Contact to identify goals regarding internal targets, such as: (1) accessing domain controller systems and cracking user passwords; (2) attempting to collect company confidential data from development servers; (3) attempting to leverage access to your sensitive systems to demonstrate malicious activity that may be possible; and (4) attempting to gain access to executive desktop computers; and j. update the Final Penetration Test Report with the findings from the penetration retest. This activity will be complete when IBM has delivered the updated Final Penetration Test Report to your Point of Contact. Updated Final Penetration Test Report The updated Final Penetration Test Report is a Type II Material consisting of the following, as appropriate: Z Page 9 of 12
10 (1) Executive Summary a high-level overview of the security posture, summary of findings and a summary of recommendations; (2) Penetration detailed description of how the identified information and vulnerabilities may be used to obtain internal access; and (3) Recommendations specific actions or considerations for fixing identified security weaknesses or implementing other viable mitigation strategies.. IBM will deliver one copy of the updated Final Penetration Test Report to your Point of Contact within ten business days after the completion of the Standard Penetration Retest activity, or as otherwise mutually agreed Your Penetration Testing Responsibilities You agree to: a. complete and return any data collection questionnaires within five days of receipt of such questionnaires; b. work with IBM to schedule the project initiation conference call identified in the Project Initiation activity such that all participants have enough notice to attend and can complete required input documents (such as the data collection questionnaire) prior to the call; c. invite and confirm attendance of all intended participants of the project initiation conference call, and arrange the meeting room and all logistics at your premises; d. ensure, to the extent possible, participation by various management levels with representative skills and data protection ownership and mandates within the business units, security group, information technology, audit and risk departments, and operations management at your facility; e. ensure the in-scope systems and infrastructure remain in a static state throughout the testing period; and Note: Configuration or infrastructure modifications made during the testing may cause inconsistencies in the results, and may incur additional charges. f. ensure the IP addresses associated with the technical testers are added to any filtering devices (such as firewalls and intrusion prevention systems), such that the testers have unfiltered access to the target systems. 4. Estimated Schedule The estimated schedule for the Services is detailed in the Schedule. Both parties agree to make reasonable efforts to carry out our respective responsibilities in order to achieve the estimated schedule. If the Schedule signature date is beyond the Estimated Start Date, the Estimated Start Date will automatically be extended to the first business day following the date of the last signature on the Schedule. The Estimated End Date will automatically be extended by the same number of days. 5. Completion Criteria IBM will have fulfilled its obligations for the Services when any one of the following first occurs: a. IBM completes the activities described in this SOW, including provision of the deliverable Materials; or b. the Services are terminated in accordance with the provisions of the Agreement identified in the Schedule. 6. Charges The charges for the Services described in this SOW, exclusive of applicable taxes, are as specified in the Schedule. Unless otherwise stated in the Schedule, pricing is based upon a contiguous work schedule. Delays in the work schedule are subject to the Project Change Control Procedure and may result in an increase in pricing. IBM shall not be responsible for delays or additional requirements imposed by any government agencies, labor disputes, fire, unavoidable casualties, or unforeseen conditions. Z Page 10 of 12
11 7. Other Terms and Conditions 7.1 Economic Monetary Union The Services do not address the capability of your systems to handle monetary data in the euro denomination. You acknowledge that it is your responsibility to assess your current systems and take appropriate action to ensure that such systems are able to correctly process or properly exchange accurate monetary data in the euro denomination. 7.2 Permission to Perform Testing Certain laws prohibit any unauthorised attempt to penetrate or access computer systems. You authorise IBM to perform the Services as described herein and acknowledge that the Services constitute authorised access to your computer systems. IBM may disclose this grant of authority to a third party if deemed necessary to perform the Services. The Services that IBM performs entail certain risks and you agree to accept all risks associated with such Services; provided, however, that this does not limit IBM s obligation to perform the Services in accordance with the terms of this SOW. You acknowledge and agree to the following: a. excessive amounts of log messages may be generated, resulting in excessive log file disk space consumption; b. the performance and throughput of your systems, as well as the performance and throughput of associated routers and firewalls, may be temporarily degraded; c. some data may be changed temporarily as a result of probing vulnerabilities; d. your computer systems may hang or crash, resulting in system failure or temporary system unavailability; e. any service level agreement rights or remedies will be waived during any testing activity; f. a scan may trigger alarms by intrusion detection systems; g. some aspects of the Services may involve intercepting the traffic of the monitored network for the purpose of looking for events; and h. new security threats are constantly evolving and no service designed to provide protection from security threats will be able to make network resources invulnerable from such security threats or ensure that such service has identified all risks, exposures and vulnerabilities. 7.3 Systems Owned by a Third Party For systems (which for purposes of this provision includes but is not limited to applications and IP addresses) owned by a third party that will be the subject of testing hereunder, you agree: a. that prior to IBM initiating testing on a third party system, you will obtain a signed letter from the owner of each system authorising IBM to provide the Services on that system, and indicating the owner's acceptance of the conditions set forth in the section entitled Permission to Perform Testing and to provide IBM with a copy of such authorisation; b. to be solely responsible for communicating any risks, exposures, and vulnerabilities identified on these systems by IBM s remote testing to the system owner, and c. to arrange for and facilitate the exchange of information between the system owner and IBM as deemed necessary by IBM. You agree: d. to inform IBM immediately whenever there is a change in ownership of any system that is the subject of the testing hereunder; e. not to disclose the deliverable Materials, or the fact that IBM performed the Services, outside your Enterprise without IBM s prior written consent; and f. to indemnify IBM in full for any losses or liability IBM incurs due to third party claims arising out of your failure to comply with the requirements of this section entitled, "Systems Owned by a Third Party" and for any third party subpoenas or claims brought against IBM or IBM s subcontractors or agents arising out of (a) testing the security risks, exposures or vulnerabilities of the systems that are the subject of testing hereunder, (b) providing the results of such testing to you, or (c) your use or disclosure of such results. Z Page 11 of 12
12 7.4 Disclaimer You understand and agree: a. that it is solely within your discretion to use or not use any of the information provided pursuant to the Services hereunder. Accordingly, IBM will not be liable for any actions that you take or choose not to take based on the Services performed and/or deliverables provided hereunder; b. that it is your sole responsibility to provide appropriate and adequate security for the company, its assets, systems and employees; c. that it is your responsibility to add the IP addresses associated with the testers to any filtering devices, thereby permitting unfiltered network access to the target systems; and d. not to modify the configurations of any in-scope systems and infrastructure devices during the period of testing. e. that new technology, configuration changes, software upgrades and routine maintenance, among other items, can create new and unknown security exposures. Moreover, computer hackers and other third parties continue to employ increasingly sophisticated techniques and tools, resulting in ever-growing challenges to individual computer system security. IBM s performance of the Services does not constitute any representation or warranty by IBM about the security of your computer systems including, but not limited to, any representation that your computer systems are safe from intrusions, viruses, or any other security exposures. IBM does not make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information provided as part of the Services. Z Page 12 of 12
THIS PAGE NOT FOR RELEASE TO CUSTOMER
Guidance for Use of This Document THIS PAGE NOT FOR RELEASE TO CUSTOMER Use this Guidance page to determine if this SOW fits your Customer's needs. Discard it prior to presenting the SOW to your Customer.
More informationIBM Implementation Services for Power Systems IBM Systems Director
Sample Statement of Work for Services This an example and your Statement of Work may vary given your specific requirements and the related IBM engagement. IBM Implementation Services for Power Systems
More informationAttachment for IBM Internet Security Systems Products and Services
IBM Customer Agreement IBM Ireland Limited Registered in Dublin: No. 16226 Registered Office: Oldbrook House 24-32 Pembroke Road Ballsbridge, Dublin 4. Attachment for IBM Internet Security Systems Products
More informationIBM Managed Security Services (Cloud Computing) hosted mobile device security management
IBM Managed Security Services (Cloud Computing) hosted mobile device security management Z125-8855-00 11-2011 Page 1 of 15 Table of Contents 1. Scope of Services... 3 2. Definitions... 3 3. Services...
More information3.1 Security Operations Centers. 3.2 Portal. 3.3 Services Contacts
Services Description IBM United Kingdom Limited Registered in England: 741598 Registered Office: PO Box 41, North Harbour, Portsmouth, PO6 3AU (hereinafter IBM ) IBM Managed Security Services (Cloud Computing)
More informationService Agreement Hosted Dynamics GP
Service Agreement Hosted Dynamics GP This is a Contract between you ( Company ) and WebSan Solutions Inc. ( WebSan ) of 245 Fairview Mall Drive, Suite 508, Toronto, ON M2J 4T1, Canada. This contract applies
More informationBUSINESS ONLINE BANKING AGREEMENT
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
More informationInformation Services and Technology THIRD PARTY CONNECTION AGREEMENT
Information Services and Technology THIRD PARTY CONNECTION AGREEMENT This Third Party Network Connection Agreement (the Agreement ) by and between Information Services and Technology (IS&T), with principal
More informationModule 12 Managed Services TABLE OF CONTENTS. Use Guidelines
1 Module 12 Managed Services Version 3.0 TABLE OF CONTENTS 1. AGREED TERMS AND INTERPRETATION... 2 2. TERM OF... 4 3. TRANSITION IN... 4 4. SERVICES... 10 5. SERVICE LEVELS... 12 6. CHANGE CONTROL... 13
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationHow To Use Adobe Software For A Business
EXHIBIT FOR MANAGED SERVICES (2013V3) This Exhibit for Managed Services, in addition to the General Terms, the OnDemand Exhibit, and any applicable PDM, applies to any Managed Services offering licensed
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationSupport Line for Storage
Agreement for IBM Software Support Services This Agreement for IBM Software Support Services Support Line for Storage is between the Customer (also called you and your ) and International Business Machines
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationIBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security
IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3
More informationWEBSITE HOSTING SERVICES AGREEMENT. Effective Date: 1/1/2015
WEBSITE HOSTING SERVICES AGREEMENT Effective Date: 1/1/2015 1) Scope of Services. Company will provide Client a shared or dedicated virtual machine, an Internet address for storage and access to Content,
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationOur Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION
Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION iinet Limited ACN 068 628 937 Phone: 13 22 58 Westnet Pty Ltd ACN 086 416 908 Phone: 1300 786 068 Adam Internet Pty Ltd ACN 055
More informationTerms of Use/ Disclaimers/ Contract/ Agreement
Website Development and Ongoing Services Agreement Terms of Use/ Disclaimers/ Contract/ Agreement Between You as the client and WideNet Consulting, LLC as the service provider. By using the services of
More informationTEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE
TEXTURA AUSTRALASIA PTY LTD ACN 160 777 088 ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE Welcome to the Textura Construction Payment Management ( CPM ) System. By clicking
More informationTerms and Conditions of Use - Connectivity to MAGNET
I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING
ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the
More informationSPECIAL CONDITIONS FOR WEBSITE HOSTING SERVICES ON A DEDICATED SERVER
SPECIAL CONDITIONS FOR WEBSITE HOSTING SERVICES ON A DEDICATED SERVER Version Date 03-09-13 The Supplier provides different categories of Dedicated Server. The hardware and software configurations, and
More informationMemorandum. 1. Introduction
Memorandum To: Mississippi Government IT Directors and Purchasing Agents From: Craig P. Orgeron, Ph.D. Date: April 22, 2015 (Revised June 29, 2015) Re: Security Assessment Services RFP No. 3735 Instructions
More informationHosting Agreement. WHEREAS, Lanex is a software development and hosting firm that offers design, programming and hosting services; and
Hosting Agreement This Hosting Agreement ( Agreement ) comprises the terms and conditions that govern the provision of the hosting services, as defined below, to the clients ( Client ) of Lanex, LLC, with
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered
More informationNextiraOne, LLC d/b/a Black Box Network Services
NextiraOne, LLC d/b/a Black Box Network Services Black Box Network Services Additional Terms and Conditions Managed Services ( Additional Terms ) applicable to furnishing of equipment and services within
More informationCLOUD SERVICE SCHEDULE
CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless
More informationPLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT.
Access Governance Suite 6 Lifecycle Manager 6 Compliance Manager 6 Software License Agreement PLEASE READ THIS AGREEMENT CAREFULLY. BY INSTALLING, DOWNLOADING OR OTHERWISE USING THE SOFTWARE, YOU AGREE
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationDisclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
More informationVIRTUAL OFFICE WEBSITE LICENSE AGREEMENT
Florida Keys Multiple Listing Service, Inc. VIRTUAL OFFICE WEBSITE LICENSE AGREEMENT Florida Keys MLS, Inc. 92410 Overseas Hwy, Ste. 11 Tavernier FL 33070 305-852-92940 305-852-0716 (fax) www.flexmls.com
More informationRollstone Bank & Trust Business Online Bill Pay Agreement
Rollstone Bank & Trust Business Online Bill Pay Agreement By choosing to use the Rollstone Bank & Trust Online Bill Pay, you agree to the terms and conditions in this Agreement. Please read this Agreement
More informationStatement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP)
Statement of Work for Online Event Registration Product Deployment for Salesforce Implementation for Open Web Application Security Project (OWASP) July 9, 2010 TABLE OF CONTENTS INTRODUCTION... 3 SCOPE...
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationPaychex Accounting Online Terms of Use
Paychex Accounting Online Terms of Use Paychex recommends that Client read the Terms of Use prior to using the Paychex Accounting Online Software ( Software ). If Client does not accept and agree with
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationInfinedi HIPAA Business Associate Agreement RECITALS SAMPLE
Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationCLOUD SERVICE SCHEDULE Newcastle
CLOUD SERVICE SCHEDULE Newcastle 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule,
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationADDENDUM. Dedicated Servers v3.0
ADDENDUM Dedicated Servers v3.0 ICUK is an International Communications company that provides Dedicated Server services to Resellers and Customers, and the said party wishes to obtain those services from
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationREDCENTRIC MANAGED FIREWALL SERVICE DEFINITION
REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance
More informationKinetic Internet Limited
Kinetic Internet Limited Company No: 4470080 ADDENDUM Dedicated Server Terms and Conditions KINETIC INTERNET is an International Communications company that provides Dedicated Server services. The customer
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationHP Technical Phone Support service agreement ( Agreement ) terms and conditions
HP Technical Phone Support service agreement ( Agreement ) terms and conditions Thank you for purchasing this HP Technical Phone Support Service Agreement. Service descriptions with more detailed information
More informationTerms and Conditions for Tax Services
Terms and Conditions for Tax Services In the course of delivering services relating to tax return preparation, tax advisory, and assistance in tax controversy matters, Brady, Martz & Associates, P.C. (we
More informationIP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT
IP AUSTRALIA B2B ONLINE TRANSACTION SYSTEM AGREEMENT Name of Customer: (The Customer) A.C.N. A.B.N. IPA Customer Number Telephone Fax Email Physical Address Postcode Mail Address Postcode Name of the Customer
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationThis form may not be modified without prior approval from the Department of Justice.
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
More informationLouisiana State University System
PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered
More informationEthical Hacking Agreement for External Network Security Unannounced Penetration Test
Ethical Hacking Agreement for External Network Security Unannounced Penetration Test Agreement made on the (date), between (Name of Consultant) of (street address, city, state, zip code), referred to herein
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationUSER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY
USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting
More informationEXHIBIT C BUSINESS ASSOCIATE AGREEMENT
EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date
More informationFIREWALL POLICY November 2006 TNS POL - 008
FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and
More informationCOMPUTER SERVICES AGREEMENT
COMPUTER SERVICES AGREEMENT This COMPUTER SERVICES AGREEMENT ( "Agreement") is made and entered into effective as of the 1 day of January, 2008 (the Effective Date ), by and between 3T Productions, Inc.,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,
More informationEvoqua Water Technologies LLC. ( Evoqua )
Evoqua Water Technologies LLC. ( Evoqua ) Remote Monitoring Services Terms and Conditions of Use These terms and conditions govern the use of Evoqua Link2Site sm Remote Monitoring Services whether the
More informationTERMS OF USE 1 DEFINITIONS
1 DEFINITIONS In these Terms of Use a) CDA shall mean Common Data Access Limited, a company registered in England and Wales whose registered office is at 6th Floor East, Portland House, Bressenden Place,
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT
ANTHEM INSURANCE COMPANIES, INC. ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT This Electronic Transactions Trading Partner Agreement ( Agreement ), by and between Anthem Insurance Companies, Inc.,
More informationINFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia
INFRASTRUCTURE AS A SERVICE (IAAS) SERVICE SCHEDULE Australia 1 DEFINITIONS Capitalised terms in this Service Schedule not otherwise defined here have the meaning given in the Standard Terms and Conditions:
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationSPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY
SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY A. ACCEPTANCE: The College shall commence Acceptance testing within five (5) days, or within such other period as agreed upon. Acceptance testing
More informationHow To Ensure The C.E.A.S.A
APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT TUGeneral TUSecurity TURequirements TUDesign TUIntegration
More informationWeb Site Development Agreement
Web Site Development Agreement 1. Parties; Effective Date. This Web Site Development Agreement ( Agreement ) is between Plug-N-Run, its affiliates, (including but not limited to USA Financial, USA Financial
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationSTANDING CLOUD, INC. ( SC ) TERMS OF SERVICE
STANDING CLOUD, INC. ( SC ) TERMS OF SERVICE These Terms of Service ( Terms ) govern your use of Standing Cloud s online deployment platform for application software (the Services ). By using the Services,
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationMTN Managed Firewall. Description of Service
MTN Managed Firewall Description of Service Managed Firewall ("Service") is a managed security service for Internet access customers that provides firewall configuration, administration, monitoring, support
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCONSULTING SERVICES AGREEMENT
CONSULTING SERVICES AGREEMENT THIS AGREEMENT ("Agreement") is entered into on / /, between SCWOA ("Consultant"), a CA corporation with its principal place of business located at PO Box 1195, Pacifica,
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationesnc ACCESS AGREEMENT
FEDERAL RESERVE BOARD Shared National Credit Function esnc ACCESS AGREEMENT A. Introduction This agreement (Agreement) sets forth the terms for your Institution s use of our Electronic Shared National
More informationOnline Banking Agreement and Disclosures
Online Banking Agreement and Disclosures This agreement states the terms and conditions that apply to your use of Online Banking services offered by Eastman Credit Union. Please read this agreement carefully.
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationSecurity Annex for Firewalls Additional Terms for Firewall Service
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Firewall Service and Next Generation Firewall Service... 2 2.2 Roaming SSL Access Services... 2 2.3 DMZ Services... 3 2.4
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationBUSINESS ASSOCIATE AGREEMENT
Note: This form is not meant to encompass all the various ways in which any particular facility may use health information and should be specifically tailored to your organization. In addition, as with
More informationIf you have any questions about any of our policies, please contact the Customer Services Team.
Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting
More informationELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT
ELKHART COUNTY BOARD OF REALTORS AND MULTIPLE LISTING SERVICE OF ELKHART COUNTY INC. VIRTUAL OFFICE WEBSITE (VOW) LICENSE AGREEMENT This License Agreement (the Agreement) is made and entered into between
More informationSERVICE TERMS AND CONDITIONS
SERVICE TERMS AND CONDITIONS Last Updated: April 19th, 2016 These Service Terms and Conditions ( Terms ) are a legal agreement between you ( Customer or you ) and Planday, Inc., a Delaware corporation
More information