This vendor privacy and security policy (this “policy”) is part of our efforts to work with suppliers like you to reduce the risk to Safe Software Inc. and its customers. In today`s connected world, the security of information placed on any set of connected systems depends on the security of all participants in that network. This directive sets a minimum rate of control elements that must be respected by all secure software providers in order to protect secure software information and, if applicable, secure software systems (and your systems when linked to ours). INC Research, LLC, a Syneos Health™ (“Syneos Health” company, takes a holistic and structured approach to information and physical safety. This comprehensive approach includes managing the security of Syneos Health`s resources, information and systems, to which suppliers have access. Syneos Health`s information security program focuses on ISO 27001. (a) Supplier staff are required to comply with Syneos Health Health`s safety requirements and instructions; After-sales personnel must not photograph or record syneo assets, facilities, systems or infrastructure unless it is stipulated in an agreement and necessary for the delivery of services. 2. On request, syneos Health will certify in writing that it meets the requirements of these standards and provide written answers to any questions Syneos Health sends to the supplier about its safety practices.
2. All salespersons are required to accept in writing in order to comply with the physical and security requirements of the supplier`s information. b) patches. Operating system security patches and application security patches must be applied immediately to all computers during exposure. Computers must be configured to automatically receive security patches and security patches from the operating system during exposure, unless these patches may affect the operation of the computer. If a security patch cannot be used because it affects the operation of the computer, effective risk reduction controls must be implemented and the Syneos Health connection must be informed. Ii. All confidential environments and information must be stored in a secure location at the supplier`s facilities and in secure external sites. Suppliers using third-party providers to transport or store backup media must evaluate all vendors used to verify the confidentiality, integrity and availability of safeguards and provide Syneos Health, upon request, with documents to detail this information. All backup media that come out of the vendor`s configuration must be encrypted with 128-bit or higher encryption. These vendor safety standards include security checks that Syneos Health providers must support when (a) have accessed (a) Syneos Health facilities, networks, environments and/or confidential information or (b) have retained syneos health assets.