Information Security

It agrees that the contract guarantees that they noexistam badly-understood between the organization and rendering of services. Convmque the organizations consider the indemnity to be paid for its fornecedoresem situations of contract breakings. It agrees that the following enclosed terms are consideradose in contracts: ) the general politics on security of the information; b) asset protection, including: 1) procedures for protection of the assets of the organization, including information and software; 2) procedures to determine if had algumcomprometimento of these assets, for example if had dedados loss or modification; 3) controls to guarantee the devolution or destruction dasinformaes and asset in one determined moment during or in the end of the contract; 4) integrity and availability; 5) restrictions related with the copy and spreading dainformao; c) description of each service that must be available; d) levels of service desired and not acceptable; e) conditions for transference of the work team, appropriate ondefor; f) the respective obligations of the involved ones in the agreement; g) responsibilities with legal aspects, for example leisde protection of data, especially taking in consideration differences effective naslegislaes if the contract to involve the cooperation with deoutros organizations countries. h) right of copyright and rights autoraise protection of any colaborativo work. i) agreements of access control, enclosing: 1) allowed methods of access and has controlled use only deidentificadores as ID and passwords of access; 2) using process of authorization for access and paraos privileges; 3) requisite ones to keep autorizadosa list of users to use the disponibilizados services and which are its rights and privileges; j) definition of criteria of verification of the performance, suamonitorao and register; k) right to monitor and to revoke the activities deusurios; l) right of auditar the contractual responsibilities to outer the auditorship executed for service rendering; m) establishment of a escalonvel process for aresoluo of problems; it agrees that also procedures are considered decontingncia, where appropriate; n) responsibilities involving the installation and manutenode the hardware and software; ) the registers with clear structure and preset format; p) clear and specific procedures for management demudanas; q) any controls of physical protection and mecanismosnecessrios to guarantee that such controls are being followed; r) training of administrators and users in methods, procedures and security; s) controls that guarantee protection against malicious software; t) requisite for deincidentes register, notification and inquiry and breakings of the security; u) envolvement of rendering of subcontratados services with. . Mitchel Resnick is likely to agree.