Privacy Specific Requirements

Authentication & Authorization
  • Two Factor Authentication Technology
  • System Access Must Be Logged
  • Access Logs Retained for At Least 90 Days
  • Registration & Access Privilege Process Must Be Documented
  • Audit Monthly/Quarterly The List of System Administration & Support Users
  • Disable Access to Users No Longer Need to Support Contract
  • Password Life No Longer than 90 days
  • Audit Password Policy Compliance at least every 6 months and Report Weaknesses
  • Notify Customer with 24 Hours of Any Compromise
  • Automatic Lockouts after 4 Consecutive Unsuccessful Tries
  • Limit Access to Authorized Users

Transmission & Storage of PII (Personally Identifiable Information)

  • Encrypt Transmissions of PII
  • Stored PII Encrypted
  • Encryption must be Integral and Enforced by the Application
  • Master Keys Under Exclusive Control of Customer

Event Logging

  • Virus Infections
  • System Administrative Rights Usage
  • System Support Logins
  • System Shutdowns and Restarts

Security Patches and Viruses Protection

  • Where Technically Feasible, Vendor installs Virus Protection Software
  • Apply Virus Updates within 24 Hours
  • Apply Security Patches within 24 Hours

Access Restrictions

  • Limit Physical Access to Equipment Storing PII on "Need" Basis
  • Upon Contract Termination, Documentation Destroyed or Rendered Unreadable

Equipment Sanitization

  • Termination of Agreement or Replacement of Equipment Storing PII
  • Render Data Unreadable and Unrecoverable
  • Includes Equipment and Storage Media

Audit Requirements

  • Audit System at least Every 2 Years
  • Results of Audits and Corrective Actions Made Available to Customer and Possibly Regulatory Agencies
Backup Requirements
  • Replicate All PII on Backup System
  • Locate Backup Facilities at Different Geographic Location
  • Allow Data to Be Reconstructed Within Specified Timeframe

Collaborate with clients to help them realize their visions and create tangible value

Collaborate with clients to help them realize their visions and create tangible value

Home   |   Gallery   |  Staff Mail    |   Vote of thanks |   Contact Information     © COPYRIGHTS TO GVRS © 2010.