The purpose of this standard is to ensure that company assets, supporting systems and data stored or transmitted by them is utilized by users in a professional and responsible manner and define guidelines for the use of the information systems and other information assets.
The purpose of this standard is to mandate the requirements for ensuring that access to Clarivate information and information assets is controlled and provided only on a need-to-know basis. It states the minimum set of directives that must be complied with for an effective and controlled set of access control practices.
This standard mandates requirements for monitoring and logging events from information systems and ensures proper configuration, collection and analysis of required event logs.
The purpose of this Standard is to define the information security requirements that need to be addressed during the acquisition, development and enhancement of information systems deployed within Clarivate. This Standard aims to provide guiding principles to:
The purpose of this standard is to mandate the requirements for a formal change management process to be followed for all appropriate changes to Clarivate information assets. This standard is intended to accompany and support Clarivate’s Information Security Policy.
The purpose for this Standard is to establish a culture of security and trust for all employees at Clarivate. An effective clear desk effort involving the participation and support of all Clarivate employees can help to protect documents in hardcopy or electronic form that contain confidential information.
The purpose of the Data Backup & Recovery Standard is to mandate the requirements for maintaining backup copies of data to ensure availability of data and data recoverability in the event of accidental data deletion, corrupted information or scenarios leading to unavailability of information systems due to an unforeseen event.
The purpose of this standard is to assign levels of classification to information resources and to provide a foundation for the development and implementation of necessary security controls to ensure confidentiality, integrity, and availability of information and to minimize risks associated with it.
The purpose of this standard is to mandate the requirements for controlled disposal and destruction of media storing company data to prevent unauthorized disclosure of information.
The purpose of the Encryption Standard is to mandate the requirements of use of encryption to protect Clarivate sensitive data, as it is stored, processed, or transmitted.
Clarivate has a requirement to protect the corporate data stored on mobile devices from unauthorized access, theft, damage and interference that leads to disruption of business activities.
This standard mandates the requirements for keeping Clarivate information assets updated with the latest patches and security updates to mitigate the risk of exploits or configuration weaknesses and reduce the likelihood of compromises caused by known vulnerabilities exploited by malicious threat actors.
This standard defines the physical and environmental controls to protect Clarivate information systems and information processing facilities from unauthorized physical access, theft, damage and interference that can disrupt business activities.
This standard defines the methodology for assessing and treating information security risks within Clarivate and the acceptable level of risk as determined by the Clarivate Risk Assessment methodology.
This standard establishes guidance for secure file transfer methods for all Clarivate Analytics employees when transmitting company data.
The purpose of this standard is to define rules and requirements for connecting to Clarivate’s network or Information Systems (whether via VPN or directly to SaaS Applications) from any host. These rules and requirements are designed to minimize the potential exposure to Clarivate from damages which may result from unauthorized use of resources.
The purpose of this Standard is to mandate requirements for managing, monitoring, and controlling Supplier relations, performance, and contract management.
The purpose of this standard is to mandate the requirements for securing Clarivate information assets against threats arising from viruses and other malicious programs.
The purpose of the Vulnerability Management Standard is to mandate the requirements for timely identification, remediation and management of vulnerabilities to Clarivate information assets.
The purpose of this standard is to provide a clear and concise statement regarding Clarivate’s commitment to the management of confidentiality, integrity and availability of its software product assets when hosted outside of the internal network on a public cloud service provider.
The purpose of this standard is to set guidelines that apply before, during and after any period of employment and to maintain an effective and controlled process around hiring (including screening), duration of employment and exit process of Clarivate colleagues.
The Customer is responsible for preventing unauthorized access to Clarivate solutions and licensor data and must notify Clarivate of any unauthorized use. Customers and their end users are prohibited from sharing Clarivate’s solutions, data, or proprietary information without consent, reverse engineering, violating password protections, or using automated means to access the solutions without permission. They must not store sensitive personal data or unauthorized information in the Clarivate cloud and must maintain confidentiality of non-public information. Customers cannot perform unauthorized security tests or access unpermitted resources, and Clarivate reserves the right to disable access for policy violations.
The purpose of this policy is to define the acceptable use of Clarivate assets in a manner to ensure the integrity, availability, confidentiality, and protection of Clarivate assets and state management intent and commitment to maintain a secure information-processing environment, to protect information from all threats, whether internal or external, and deliberate or accidental acts and maintain compliance with applicable laws, directives, policies. Clarivate will identify and coordinate system and information integrity with internal and external organizations.