1. Security Management: Must have a comprehensive, written information security program based on best practices for your industry and designed to protect the confidentiality, integrity and availability (“CIA”) of assets under your leadership i. The provider must set security and acceptability criteria for new and updated computers or networks that can access or store confidential information. The criteria should focus on testing (and dermitiging) the security vulnerabilities of the operating system, middleware, database and application, to ensure that adequate security checks are in place for these specific environments. Purchasing services are coordinated with the lender to finalize the UMSPSCQ and work with the unit, OGC and AI at each DPA audit. If the supplier reissues the DPA, the device must complete page 1 of the third-party vendor`s data verification verification requirement and send it to the AI and OGC for verification with the red-lined DPA and the UMSPSCQ. The supply details that the DPA catches up with the lender. The final copy of the AP is managed by purchase after their approval and signature. 2. PCO and DR plans must conduct annual testing for systems and environments that, at the supplier`s discretion, are essential to the provision of services to Syneos Health. The results must be documented and evidence must be provided that the tests have been carried out, that the health syneos is provided during safety assessment checks. INC Research, LLC, a Syneos Health™ (“Syneos Health” company, takes a holistic and structured approach to information and physical safety.
This comprehensive approach includes managing the security of Syneos Health`s resources, information and systems, to which suppliers have access. Syneos Health`s information security program focuses on ISO 27001. 7. Cryptographic controls: cryptographic controls designed to protect the confidentiality, integrity and availability of information resources during transmission and rest, including cryptographic key management and use controls, must be developed, implemented and verified regularly. 1) “agreement,” an agreement between Syneos Health and the provider under which (i) the provider provides services to Syneos Health or Syneos Health customers and/or (ii) provides access to Syneos Health Facilities or Syneos Health Facilities, Network (s), Environments and/or confidential information. 3. Syneos Health reserves the right to conduct safety compliance assessments at DenVendor facilities after proper notification. Assessments can be conducted up to twice a year, except in the event of a security incident in which Syneos Health may conduct immediate audits of the facilities, networks and/or environments involved.
These security checks apply to the personnel, processes and/or technologies involved in the work you or your third parties do with or on behalf of Safe Software. 13. Compliance: Controls and procedures for monitoring and monitoring information security and data protection must comply with applicable laws, legal, regulatory or contractual obligations, as well as all industry standard information security requirements, in order to avoid violations and/or compromises against SSI and SSS. For data considered to be limited, additional agreements may be required to ensure compliance with applicable requirements and statutes. For more information, please contact IA via the ITS Service Centre. i. The provider may only access, use and process confidential information on behalf of Syneos Health and for the purposes defined in the supplier`s agreement with Syneos Health, in accordance with these and other instructions that Syneos Health may provide with respect to the processing of that information.