6.4.6 All default installation and administration accounts secured via changing the account password from the well-known default passwords and/or disabling, deleting or renaming the account.
6.5 User privileges for users with access to Sensitive systems and Sensitive information must be revoked within thirty (30) days of termination of employment at the Insured and where notified, for termination of employment at a service provider.
6.6 Resiliency controls including:
6.6.1 Documented disaster recovery and business continuity plans.
6.6.2 Generate backups at least weekly or have replication implemented.
6.6.3 At any point in time have a backup or replicated copy which is disconnected, offline or cannot be overwritten from the production environment.
6.6.4 Monitor for or test to ensure the successful generation of backups or replication.
6.6.5 Test the ability to restore data from backups or read from replicated copies at least every six (6) months.
If the Insured’s Computer System includes a company network:
6.7 6.8 6.9
6.10
Next generation firewalls with geo-location blocking configured to restrict access to digitally stored Sensitive information.
Generally accepted vulnerable network protocols are secured via disabling/blocking on the firewall or where required restricted based on IP address and/or to secured areas.
Administrative/remote access interfaces such as Remote Desktop Protocol (RDP) are not accessible via the open internet. Where such interfaces are required these are accessible exclusively over secured channels such as multi-factor authenticated Virtual Private Network (VPN) connections.
The system and/or activity logs for all Sensitive systems including firewalls and Active Directory as implemented in the Insured’s environment stored for a minimum period of 6 (six) months.
Cyber Insurance (Claims-made Basis)
  Page | 132
Hollard Business Policy – Binder – Version 8 2024