新澳门六合彩开奖

Table of Contents

• Section 1: ACCESS TO SYNOPSYS NETWORKS AND/OR SYNOPSYS DATA PROCESSED WITHIN SYNOPSYS
• Section 2: ACCESS TO SYNOPSYS DATA PROCESSED EXTERNAL TO SYNOPSYS CONTROLLED ENVIRONMENT
• Section 3: ACCESS TO CARDHOLDER DATA
• Section 4: DEFINITIONS

PURPOSE: The purpose of these requirements (“Requirements”) is to establish minimum information security standards and data privacy requirements for any person or entity that performs services for 新澳门六合彩开奖 or otherwise has access to 新澳门六合彩开奖 Data (“Vendor”). Vendor must handle, treat, and otherwise protect 新澳门六合彩开奖 Data in accordance with these Requirements and any contractual agreement between such Vendor and 新澳门六合彩开奖.

Defined terms used herein are found in Section 4 (Definitions) below.

SECTION 1: ACCESS TO SYNOPSYS NETWORKS AND/OR SYNOPSYS DATA PROCESSED WITHIN SYNOPSYS- CONTROLLED ENVIRONMENT

1.1 Compliance: Vendor shall comply with all applicable privacy and security laws to which it is subject, and shall not by act or omission place 新澳门六合彩开奖 in violation of any applicable privacy or security law, including without limitation HIPAA. Vendor policies and practices must comply with all applicable laws, regulations, and contractual obligations under its agreements with 新澳门六合彩开奖. Where local laws appear to prevent compliance with these Requirements, Vendor is responsible for notifying 新澳门六合彩开奖 to determine appropriate compensating controls. In the event Vendor transfers Personal Data from the European Economic Area (EEA) to outside the EEA, either directly or via onward transfer, Vendor agrees to comply with the revised Standard Contractual Clauses issued by European Commission Decision 2021/914/EC (the “2021 SCCs”) available for review at /company/legal/dpa-supplement.html.

1.2 Third Party Disclosure: Vendor shall not disclose 新澳门六合彩开奖 Data to any third party (including, without limitation, Vendor’s subsidiaries and affiliates and any person or entity acting on behalf of Vendor) unless with respect to each such disclosure: (A) the disclosure is necessary in order to carry out Vendor’s obligations under its agreements with 新澳门六合彩开奖; (B) such third party is bound by the same provisions and obligations as set forth in these Requirements; (C) Vendor has received 新澳门六合彩开奖’s prior written consent; and (D) Vendor remains responsible for any breach of the obligations set forth herein to the same extent as if Vendor caused such breach.

1.3 Breach and Security Threat Notification: Vendor shall notify 新澳门六合彩开奖 Information Security immediately but in no event later than 48 hours from the date of obtaining actual knowledge of any Data Security Breach or potential security threat or security incident (such as any security attack or hack allowing unauthorized access to Vendor’s or its customer’ network) that could impact 新澳门六合彩开奖 Information or 新澳门六合彩开奖 Information Assets.  At Vendor’s cost and expense, Vendor shall assist and cooperate with 新澳门六合彩开奖 concerning any investigation, or disclosures to affected parties, and other remedial measures as requested by 新澳门六合彩开奖 or required under applicable law. Vendor shall indemnify 新澳门六合彩开奖 from any resulting damages and costs, including, without limitation, identity protection assistance and services procured for data subjects and reasonable attorneys and technical consultant fees for 新澳门六合彩开奖’ handling of the incident.  Notification shall be submitted to Information Security using the form: /cgi-bin/contactus.cgi. Vendor shall respond within 3 business days to 新澳门六合彩开奖’ request to complete a security assessment/questionnaire concerning the level of impact to 新澳门六合彩开奖 and/or 新澳门六合彩开奖 Data associated with an identified exploit or vulnerability.

1.4 Remote Access Control: If Vendor requires remote access to 新澳门六合彩开奖 Data, Vendor must always use a 新澳门六合彩开奖-approved method when connecting. Vendor must not install technology that provides remote access to any 新澳门六合彩开奖 Data on the 新澳门六合彩开奖 network, including, but not limited to wireless access points, modems, Virtual Private Networks, remote access software, etc. 新澳门六合彩开奖 reserves the right to monitor all systems used by Vendor to connect to 新澳门六合彩开奖 networks or access 新澳门六合彩开奖 Data.

1.5 Data Owner: 新澳门六合彩开奖 Data shall at all times remain the sole property of 新澳门六合彩开奖 and nothing in these Requirements will be interpreted or construed as granting Vendor any license or other right under any patent, copyright, trademark, trade secret, or other proprietary right to 新澳门六合彩开奖 Data.

1.6 Derivative Data: Vendor shall not create or maintain data which are derivative of 新澳门六合彩开奖 Data, except for the purpose of performing its obligations under its agreements with 新澳门六合彩开奖 and as authorized by 新澳门六合彩开奖. Any derivative of 新澳门六合彩开奖 Data, regardless of how created, shall be deemed 新澳门六合彩开奖 Data.

1.7 Background and Screening Checks: To the extent permitted by local law, Vendor shall conduct appropriate background and screening checks prior to permitting any employee or contractor of Vendor to have access to 新澳门六合彩开奖 Data. Vendor shall in no event expose 新澳门六合彩开奖 to a level of risk which is commercially unreasonable or which is higher than that to which the Vendor would be comfortable exposing itself. 新澳门六合彩开奖 may at its sole option require more extensive background checks for any employee or contractor of Vendor who will have access to Personal Data or other information deemed highly sensitive by 新澳门六合彩开奖.

1.8 Security Awareness and Education: Vendor shall have a defined program to provide periodic information security awareness training to Vendor’s employees and contractors who will have access to 新澳门六合彩开奖 Data. Education and awareness training shall include Vendor’s security policies and standards for the secure handling of 新澳门六合彩开奖 Data. If Vendor’s services include software development, Vendor training must include secure application development training to ensure Vendor developers are programming according to secure coding techniques and principles.

1.9 Audits: Vendor shall, at the Vendor’s expense, agree to submit to reasonable data security and privacy compliance audits by 新澳门六合彩开奖 and/or, at 新澳门六合彩开奖’ request, by an independent third party, to verify compliance with these Requirements, applicable law, and any applicable contractual undertakings.

SECTION 2: ACCESS TO SYNOPSYS DATA PROCESSED EXTERNAL TO SYNOPSYS CONTROLLED ENVIRONMENT

If a Vendor (A) provides Cloud or SaaS services, or (B) provides outsourced software development services, or (C) Processes 新澳门六合彩开奖 Data external to a 新澳门六合彩开奖 controlled environment, the following provisions shall apply in addition to the provisions in Section 1 above:

2.1 Technical and Organizational Security Measures: Vendor shall have in place appropriate and reasonable Technical and Organizational Security Measures to protect the security of 新澳门六合彩开奖 Data and prevent a Data Security Breach. Upon 新澳门六合彩开奖’ request, Vendor shall provide evidence that it has established and maintains Technical and Organizational Security Measures governing the Processing of 新澳门六合彩开奖 Data.

2.2 Cryptographic Controls: Vendor shall employ encryption when transmitting 新澳门六合彩开奖 Data across public or wireless networks. Vendor shall encrypt during storage or transmission any and all Highly Sensitive Personal Data and other information deemed highly sensitive by 新澳门六合彩开奖 such as authentication credentials and cryptographic keys. Vendor shall maintain up-to-date Secure Sockets Layer (SSL) certificates on all software applications that perform or are connected to assets that store or have access to information associated with 新澳门六合彩开奖 Information or products.

2.3 Access Control: Vendor shall implement safeguards and controls to limit access to 新澳门六合彩开奖 Data to those employees and contractors whose role requires such access, and to prevent any unauthorized access.

2.4 Network, Operating System, and Application Control: Vendor must ensure that the Vendor networks that Process 新澳门六合彩开奖 Data employ industry best-practice safeguards and controls to monitor and block unauthorized network traffic.

2.5 Malware Protection: Where technically feasible, Vendor must deploy malware protection on all IT systems that access 新澳门六合彩开奖 Data. Vendor must ensure malware protection technology has the latest and up-to-date manufacturer’s signatures, definition files, software, and patches.

2.6 Asset Management and Equipment: Vendor must have processes in place to inspect all Vendor-supplied computing or data storage equipment used in providing services to 新澳门六合彩开奖 to ensure that data is securely overwritten prior to disposal. Vendor must physically destroy storage media or overwrite information using industry standard techniques to make the original information unrecoverable (e.g., “wiped” or degaussed). Vendor shall ensure accurate and timely inventory for computing assets that perform or are connected to assets that store or have access to information associated with 新澳门六合彩开奖 Information or products.  This includes ensuring software composition analysis (SCA) of IT assets to provide a Software Bill of Materials (SboM) license types and known vulnerabilities in the respective IT Assets.  These SCA reports shall be made available to 新澳门六合彩开奖 as part of any monitoring or review of third party provider services.

2.7 Physical Security: Vendor must implement safeguards and controls that restrict unauthorized physical access to areas containing equipment used to access 新澳门六合彩开奖 Data. Vendor must implement clear desk procedures to secure any printed 新澳门六合彩开奖 Data from unauthorized access.

2.8 Information Security Risk Management: Vendor must have an established process that periodically assesses risk within the organization with respect to the possession and Processing of 新澳门六合彩开奖 Data.

2.9 Password Management and Authentication Controls: Vendor must ensure that systems which Process 新澳门六合彩开奖 Data employ strong password complexity rules, including the following configurations: Passwords must be configured to expire every 90 days or less, systems must enable system lockout after failed login attempts, and systems must enable O/S screen saver locks after a period of inactivity. Vendor must encrypt authentication credentials during storage and transmission. Vendor must prohibit its users from sharing passwords.

2.10 System Security: Vendor must establish and maintain configuration standards to address currently known security vulnerabilities and industry best practices for all network devices and hosts. These standards must address configuration with all applicable security parameters to prevent misuse, including but not limited to unauthorized access to data. Vendor must remove or disable non-essential functionality (i.e., hardening each system) such as scripts, drivers, features, subsystems, or file systems (e.g., unnecessary web servers, default, or sample files, etc.). Vendor must ensure that software used in operational systems maintains up-to-date patching support by its supplier.

Vendor will implement policies and procedures to apply security patches promptly to Software following a change management process, including operational and regression testing in accordance with the following timelines: “High Severity” rated patches should be patched within 30 days for CVSS ratings 7.0 – 8.9 – and “Critical Severity” vulnerability patches should be remediated within 14 days (9.0 and higher per CVSS ver. 3.0 and related CWE scoring systems and scores).

2.11 Return of 新澳门六合彩开奖 Data: Vendor shall return, delete, or destroy (at 新澳门六合彩开奖’ election), or cause or arrange for the return, deletion, or destruction of, all 新澳门六合彩开奖 Data subject to these Requirements, including all originals and copies of such 新澳门六合彩开奖 Data in any medium and any materials derived from or incorporating such 新澳门六合彩开奖 Data, upon the expiration or earlier termination of the agreement between 新澳门六合彩开奖 and Vendor, or when there is no longer any legitimate business need (as determined by 新澳门六合彩开奖) to retain such 新澳门六合彩开奖 Data, or otherwise on the instruction of 新澳门六合彩开奖, but in no event later than ten (10) days from the date of such expiration, earlier termination, expiration of the legitimate business need, or instruction. If applicable law prevents or precludes the return or destruction of any 新澳门六合彩开奖 Data, Vendor shall notify 新澳门六合彩开奖 of such reason for not returning or destroying such 新澳门六合彩开奖 Data and shall not Process such 新澳门六合彩开奖 Data thereafter without 新澳门六合彩开奖’ express prior written consent. Vendor’s obligations under these Requirements to protect the security of 新澳门六合彩开奖 Data shall survive termination of its business relationship with 新澳门六合彩开奖.

SECTION 3: ACCESS TO CARDHOLDER DATA

If Vendor has access to Cardholder Data, whether processed in Vendor’s environment or a 新澳门六合彩开奖-controlled environment, the following provisions will apply in addition to the provisions in Sections 1 and 2 above.

3.1 Attestation of Compliance, PCI-DSS: Vendor represents that it is presently in compliance, and will remain in compliance with the current PCI-DSS for protecting individual credit and debit card account numbers. Vendor agrees to provide 新澳门六合彩开奖 with a copy of its PCI-DSS Attestation of Compliance annually at the time of filing.

3.2 Attestation of Compliance, PA-DSS: If Vendor provides to 新澳门六合彩开奖 software that processes any payments via a Payment Application, Vendor represents that software provided to 新澳门六合彩开奖 has been assessed and complies with the current PA-DSS and agrees to provide 新澳门六合彩开奖 with all documentation, including the PA-DSS Implementation Guide, necessary for 新澳门六合彩开奖 to deploy the software in a manner consistent with PCI-DSS. Vendor agrees to re-assess software following any changes determined to impact payment application security in accordance with the PA-DSS, provide updated documentation as necessary, and immediately notify 新澳门六合彩开奖 of any change in its PA-DSS compliance status.

SECTION 4: DEFINITIONS

For purposes of these Requirements, the following definitions shall apply:

“Cardholder Data” has the same meaning as defined by the PCI-DSS.

“Data Security Breach” means: (A) the loss or misuse (by any means) of 新澳门六合彩开奖 Data, including, without limitation any unauthorized access or disclosure to unauthorized individuals; (B) the inadvertent, unauthorized and/or unlawful Processing, corruption, modification, transfer, sale or rental of 新澳门六合彩开奖 Data; or (C) any other act or omission that compromises the security, confidentiality, or integrity of 新澳门六合彩开奖 Data. Data Security Breach includes, without limitation, a breach resulting from or arising out of Vendor’s internal use, Processing or other transmission of 新澳门六合彩开奖 Data, whether between or among Vendor’s subsidiaries and affiliates or any other person or entity acting on behalf of Vendor.

“Highly Sensitive Personal Data” is that subset of Personal Data whose unauthorized disclosure or use could reasonably entail enhanced risk for the data subject. Highly Sensitive Personal Data includes (A) Social Security number, passport number, driver’s license number, or similar national identifier; (B) financial or medical account authentication data, such as passwords or PINs; and (C) Cardholder Data, including credit card numbers and CVV codes.

“贬滨笔础础” means the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder.

“笔础-顿厂厂” means Payment Application Data Security Standard 2.0, its supporting documentation and any subsequent version(s) of said standard published by the PCI Security Standards Council or its successor(s).

“Payment Application” means any application that stores, processes, or transmits cardholder data as part of authorization or settlement.

"PCI-DSS" means the current version of the Payment Card Industry (PCI) Data Security Standard (DSS), its supporting documentation and any subsequent version(s) of said standard published by the PCI Security Standards Council or its successor(s).

“Personal Data” means any information that can be used to identify, locate, or contact an individual, including an employee, contractor, customer, or potential customer of 新澳门六合彩开奖, including, without limitation: (A) first and last name; (B) home or other physical address; (C) telephone number; (D) email address or online identifier associated with an individual; or (E) any other information relating to an individual, including cookie information and usage and traffic data or profiles, that is combined with any of the foregoing. Personal Data specifically includes (F) Individually Identifiable Health Information as defined pursuant to HIPAA; (G) the meaning assigned under European Union Directive 96/46/EC and (H) criminal history, race, ethnicity, national origin, and information about sexual orientation or activity, political opinions, and religious beliefs.

“笔谤辞肠别蝉蝉颈苍驳” or “Process” means any operation or set of operations that is performed upon 新澳门六合彩开奖 Data, whether or not by automatic means, including without limitation collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, blocking, deletion, erasure, or destruction.

“新澳门六合彩开奖 Data” means any non-public information which is commercially valuable, proprietary, privileged, or personal, the unauthorized disclosure of which could adversely affect 新澳门六合彩开奖 and/or its employees (e.g., competitively, by waiver of legal privilege, monetary loss, or violation of law or right of privacy). 新澳门六合彩开奖 Data includes Personal Data of employees, contractors, customers, or potential customers of 新澳门六合彩开奖, any classified information 新澳门六合彩开奖 receives in connection with participation in government programs, and any data the unauthorized disclosure of which could cause significant harm to 新澳门六合彩开奖 or the individual to whom the information pertains.

“Technical and Organizational Security Measures” means security measures, consistent with the sensitivity of the 新澳门六合彩开奖 Data being Processed and the services being provided by Vendor, to protect 新澳门六合彩开奖 Data, which measures shall implement best industry protections and include physical, electronic and procedural safeguards to protect 新澳门六合彩开奖 Data supplied to Vendor against any Data Security Breach, and any security requirements, obligations, specifications, or event reporting procedures set forth in any agreement between Vendor and 新澳门六合彩开奖.