fbpx

LINKS TO, AND DEALINGS WITH, THIRD PARTIES

The Service may contain links to, and interactive functionality interacting with, third party sites, applications and other online services (collectively “applications”), including social media applications, e-commerce applications, job recruitment applications, and product manufacturers’ applications (collectively, “Third Party Services”). Shepherd Meats is not responsible for and has no liability for the functionality, actions, inactions, privacy settings, privacy policies, terms, or content of any such Third-Party Services. Before enabling any sharing functions of the Service to communicate with any such Third-Party Services or otherwise visiting any such Third-Party Services, Shepherd Meats strongly recommends that you review and understand the terms and conditions, privacy policies, settings, and information-sharing functions of each such Third-Party Services. The links and interactive functionality for Third-Party Services on the Service do not constitute an endorsement by Shepherd Meats of such Third-Party Services. In some cases, Third-Party Services may post both our and the Third-Party Services operators’ terms and privacy policy, in which case our terms and privacy policy govern us and the Third-Party Services operators’ terms and privacy policy govern them.

Other Third-Party Services may link to the Service with or without our authorization, and we may block any links to or from the Third-Party Services, in our sole discretion. YOUR USE OF THIRD-PARTY SERVICES AND RESOURCES IS AT YOUR OWN RISK.

Any interactions, correspondence, transactions, and other dealings that you have with any third parties found on or through the Service (including on or via Third-Party Services or advertisements) are solely between you and the third party (including issues related to the content of third party advertisements, payments, delivery of goods, warranties (including product warranties), privacy and data security, and the like). Shepherd Meats disclaims all liability in connection therewith.

DMCA NOTICE – NOTICE AND PROCEDURE FOR MAKING CLAIMS OF COPYRIGHT INFRINGEMENT

Shepherd Meats policy is to respond to notices of alleged infringement that comply with the Digital Millennium Copyright Act (“DMCA”). Copyright-infringing materials found on the Service can be identified and removed using the process listed below, and you agree to comply with such process in the event you are involved in any claim of copyright infringement to which the DMCA may be applicable.
If you believe in good faith that your work has been copied in a way that constitutes copyright infringement, please provide Shepherd Meats copyright agent the written information specified below. Please note that this procedure is exclusively for notifying Shepherd Meats that your copyrighted material has been infringed via the Service. Shepherd Meats does not and will not make any legal decisions about the validity of your claim of infringement or the possible defenses to a claim. When a clear and valid Notice is received pursuant to the guidelines set forth below, Shepherd Meats will respond by either taking down the allegedly infringing content or blocking access to it.
Shepherd Meats may contact the notice provider to request additional information. Under the DMCA, Shepherd Meats is required to take reasonable steps to notify the user who posted the allegedly infringing content (“Alleged Infringer”). The Alleged Infringer is allowed under the law to send Shepherd Meats a counter-notification. Notices and counter-notices are legal notices distinct from regular Service activities or communications. We may publish or share them with third parties in our sole discretion (in addition to producing them pursuant to a subpoena or other legal discovery request). Anyone making a false or fraudulent notice or counter-notice may be liable for damages under the DMCA, including costs and attorneys’ fees. Any person who is unsure of whether certain material infringes a copyright held by such person or a third party should contact an attorney.
To file a DMCA notice, the copyright owner must send in a written letter by fax, regular mail, or email only. We reserve the right to ignore a notice that is not in compliance with the DMCA, and we may, but are not obligated to, respond to a non-compliant notice. A DMCA notice must:

  1. Identify specifically the copyrighted work(s) believed to have been infringed (for example, “My copyrighted work is the picture that appears at [list location where the material is located].”);
  2. Identify the Content that a copyright owner claims is infringing upon copyrighted work. The copyright owner must provide information reasonably sufficient to enable us to locate the item on the Service. The copyright owner should provide clear screenshots of the allegedly infringing materials for identification purposes only. The information provided should be as detailed as possible;
  3. Provide information sufficient to permit us to contact the copyright owner directly: name, street address, telephone number, and email (if available);
  4. If available, provide information sufficient to permit us to notify the Alleged Infringer (email address preferred);
  5. Include the following statement: “I have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law”;
  6. Include the following statement: “I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed”;
  7. Be signed; and
  8. Be sent to our DMCA designated agent by email to the following email address: legal@shepherdmeats.com,

USER CONTENT

If the Service allows you to submit ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions or other content, including personal information (“User Content”) through or to the Service, Shepherd Meats welcomes such User Content as long as the User Content submitted by you complies with these Terms & Conditions.

You agree that any User Content that you submit: (i) will be accurate; (ii) will not violate or facilitate the violation of any law or regulation; (iii) will not violate any right of a third party, including copyright, trademark, privacy, or publicity rights; (iv) will not cause injury to any person or entity; and (v) will not contain, or provide links to, obscene, profane, or threatening language, malware, political campaigning, commercial solicitation, chain letters, mass mailings, any form of “spam”, or any material that could be considered harmful, sexually explicit, indecent, lewd, violent, abusive, or degrading.

You are solely responsible for the User Content you submit, and Shepherd Meats assumes no liability for any User Content submitted by you. You acknowledge and agree that we reserve the right (but have no obligation) to do any or all of the following, in our sole discretion without notice or any liability to you or any third party: (i) monitor, review, display, post, store, maintain, accept or otherwise make use of User Content; (ii) alter, remove, reject, delete, move, re-format or refuse to post or allow to be posted any User Content; and/or (iii) disclose any User Content, and the circumstances surrounding its transmission, to any third party. Without limitation, we may do so to address content that comes to our attention that we believe is offensive, obscene, lewd, lascivious, filthy, violent, harassing, threatening, abusive, illegal or otherwise objectionable or inappropriate, or to enforce the rights of third parties or these Terms & Conditions or any applicable Additional Terms.

Such User Content submitted by you or others need not be maintained on the Service by us for any period of time and you will not have the right, once submitted, to access, archive, maintain, or otherwise use such User Content on the Service or elsewhere, except that California minors have certain rights to have certain content about them that they have themselves posted on the Service prospectively removed from public display.

You agree that (a) your User Content will be treated as non-confidential and non-proprietary by us – regardless of whether you mark it “confidential,” “proprietary,” or the like – and will not be returned, and (b) to the maximum extent not prohibited by applicable law, Shepherd Meats does not assumeany obligation of any kind to you or any third party with respect to your User Content. Upon Shepherd Meats request, you will furnish us with any documentation necessary to substantiate the rights to such content and to verify your compliance with these Terms & Conditions or any applicable Additional Terms. You acknowledge that the Internet and mobile communications may be subject to breaches of security and that you are aware that submissions of User Content may not be secure, and you will consider this before submitting any User Content and do so at your own risk.

In your communications with Shepherd Meats, please keep in mind that we do not seek any unsolicited ideas or materials for products or services, or even suggested improvements to products or services, including, without limitation, ideas, concepts, inventions, or designs for websites, apps, books, recipes, formulas, foodstuffs, other products or services or otherwise (collectively, “Unsolicited Ideas and Materials”). Any Unsolicited Ideas and Materials you submit are deemed User Content and licensed to us as set forth below. In addition, Shepherd Meats retains all of the rights held by members of the general public with regard to your Unsolicited Ideas and Materials. Shepherd Meats receipt of your Unsolicited Ideas and Materials is not an admission by Shepherd Meats of their novelty, priority, or originality, and it does not impair Shepherd Meats right to contest existing or future intellectual property rights relating to your Unsolicited Ideas and Materials.

For any User Content you submit, you grant to Shepherd Meats a non-exclusive, unrestricted, unconditional, unlimited, worldwide, sub-licensable, fully paid-up, perpetual, irrevocable, royalty-free and cost-free, transferable right and license to use, display, publicly perform, transmit, copy, modify, delete, adapt, publish, translate, create derivative works from, sell, distribute, record, reproduce, disclose, re-sell, sublicense (through multiple levels), broadcast, and otherwise use and exploit in any manner whatsoever, all or any portion of such User Content (and derivative works thereof) for any purpose whatsoever in all formats, on or through any form, means, or medium now known or hereafter developed, and with any technology or devices that are now known or hereafter developed, throughout the world, and to advertise, market, and promote the same, all without compensation or other obligation to you. For this reason, do not send us any User Content that you do not wish to license to us, including any confidential information or any original creative materials such as stories, product ideas, computer code or original artwork. In addition, you grant to Shepherd Meats the right, without any obligation, to include the name provided along with the User Content submitted by you.
In order to further affect the rights and license that you grant to Shepherd Meats to your User Content, you also hereby grant to Shepherd Meats, and agree to grant to Shepherd Meats, the unconditional, perpetual, irrevocable right to use and exploit your name, persona, and likeness in connection with any User Content, without any obligation or remuneration to you.

Without limitation, the granted rights include the right to: (a) configure, host, index, cache, archive, store, digitize, compress, optimize, modify, reformat, edit, adapt, publish in searchable format, and remove such User Content and combine same with other materials, and (b) use any ideas, concepts, know-how, or techniques contained in any User Content for any purposes whatsoever, including developing, producing, and marketing products and/or services. You understand that in exercising such rights metadata, notices and content may be removed or altered, including copyright management information, and you consent thereto and represent and warrant you have all necessary authority to do so. We are not responsible for the use or disclosure of any personal information that you voluntarily disclose in connection with any User Content you submit. You represent and warrant that you have all rights necessary for you to grant the licenses granted in this section. You further irrevocably waive any “moral rights” or other rights with respect to attribution of authorship or integrity of materials regarding User Content that you may have under any applicable law under any legal theory, even if it is altered or changed in a manner not agreeable to you.

To the extent not waivable, you irrevocably agree not to exercise such rights (if any) in a manner that interferes with any exercise of the granted rights.
Each time you submit any User Content, you represent and warrant that you are at least the age of majority in the jurisdiction in which you reside or are at least thirteen (13) years of age and have all proper consents from your parent or legal guardian. In addition, you represent and warrant that you are the parent or legal guardian, or have all proper consents from the parent or legal guardian, of any minor who is depicted in or contributed to any User Content you submit, and that, as to that User Content, you are the sole author and owner of the intellectual property and other rights to the User Content, or you have a lawful right to submit the User Content and grant Shepherd Meats the rights to it that you are granting by these Terms & Conditions and any Additional Terms, all without any obligation for Shepherd Meats to obtain consent of any third party and without creating any obligation or liability to Shepherd Meats.

You grant us the right to protect and enforce our rights to your User Content, including by bringing and controlling actions in your name and on your behalf (at Shepherd Meats cost and expense, to which you hereby consent and irrevocably appoint Shepherd Meats as your attorney-in-fact, with the power of substitution and delegation, which appointment is coupled with an interest).

Content is also provided by third party visitors to the Service. Please note that visitors to the Service may post content that is inaccurate, misleading, or deceptive. Shepherd Meats neither endorses nor is responsible for any opinion, advice, information, or statements made by third parties. Shepherd Meats will not be liable for any loss or damage caused by your reliance on such information or materials. The opinions expressed by third parties reflect solely the opinions of the parties who submitted such opinions and may not reflect the opinions of Shepherd Meats.

You are solely responsible for your interaction with other users of the Service, whether online or online. We reserve the right, but have no obligation, to monitor or become involved in disputes between you and other users. Exercise common sense and best judgment practices in your interactions with others (e.g., when you submit any personal or other information) and in all of your other online activities.

MODIFICATION AND TERMINATION

Shepherd Meats may at any time in its sole discretion without notice or liability: (i) modify, suspend or discontinue any part of the Service; or (ii) offer opportunities to some or all Service users.

Shepherd Meats reserves the right to make changes to these Terms & Conditions at any time, and such changes will be effective immediately upon being posted on the Service. Each time you use the Service, you should review the current Terms & Conditions. Your continued use of the Service will indicate your acceptance of the current Terms & Conditions; however, any material change to these Terms & Conditions after your last usage of the Service will not be applied retroactively. With respect to any such material changes, the Terms & Conditions that were in effect at the time any claim or dispute arose between you and us will be applied.

Shepherd Meats reserves the right, without notice and in its sole discretion, to suspend or terminate your account or your use of the Service and to block or prevent future access to and use of the Service (i) if you violate any of these Terms & Conditions, (ii) for any other reason, or (iii) for no reason. Upon any such termination, your right to use the Service will immediately cease.

You agree that we shall not be liable to you or any third party for any suspension or termination of your access to the Service. Upon termination, all provisions of these Terms & Conditions which are by their nature intended to survive termination, all representations and warranties, all limitations of liability, and all indemnities shall survive such termination.

YOUR ACCOUNT

You are required to register with Shepherd Meats in order to access Shepherd Meats services. If you are under the age of thirteen (13), then you are not permitted to register as a user, or otherwise use the Service or submit personal information to us. If you are required to register with Shepherd Meats, we may not be able, or we may refuse to provide you the user name you request. Your user name and password are for your personal use only. If you use the Service, you are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your account or password. You will immediately notify us of any unauthorized use of your account, password, or username, or any other breach of security; and you will not sell, transfer, or assign your account or any account rights.

In addition to all other rights available to Shepherd Meats including those set forth in these Terms & Conditions, Shepherd Meats reserves the right, in its sole discretion, to terminate or suspend your account, refuse service to you, or cancel orders. The information you submit in connection with your account, and that is associated with your account, is subject to our Privacy Policy.

UNLAWFUL OR PROHIBITED USES

The Service may only be used for lawful purposes in accordance with the terms of the license granted in these Terms & Conditions. As a condition of your use of this Service, you warrant to Shepherd Meats that you will not use the Service for any purpose that is unlawful or prohibited by these Terms & Conditions. Whether on behalf of yourself or on behalf of any third party, unless you have the express prior written consent of Shepherd Meats, YOU MAY NOT:

  1. Make any commercial use of the Service or its Content, including making any collection or use of any product listings, descriptions, prices, or images;
  2. Download, copy, or transmit any Content for the benefit of any other merchant;
  3. Use or attempt to use any engine, software, tool, agent, data, or other device or mechanism (including browsers, spiders, robots, avatars, or intelligent agents) to navigate or search the Service;
  4. Frame, mirror, or use framing techniques on any part of the Service or its Content;
  5. Make any use of data extraction, scraping, mining, or other data gathering tools, or create a database by systematically downloading or storing Service Content, or otherwise scrape, collect, store, or use any Content, product listings, descriptions, prices, or images, except pursuant to the limited license granted by these Terms & Conditions;
  6. Use any meta tags or any other hidden text utilizing Shepherd Meats name or trademarks;
  7. Misrepresent the identity of a user, impersonate any person or entity, falsely state or otherwise misrepresent your aliation with any person or entity in connection with the Service, or express or imply that we endorse any statement you make;
  8. Use a buying agent to conduct transactions on the Service;
  9. Conduct fraudulent activities on the Service;
  10. Violate or attempt to violate the security of the Service, including, without limitation: (i) accessing data not intended for you or logging onto a server or an account that you are not authorized to access; (ii) trying to change the functionality of the Service; (iii) attempting to probe, scan, or test the vulnerability of a system or network, or to breach security or authentication measures; (iv) attempting to interfere with service to any user, host, or network, including, without limitation, via means of submitting malware to the Service, overloading, “flooding,” “spamming,” “mailbombing”, or “crashing”; (v) forging any header or any part of the header information in any e-mail or posting; or (vi) forging communications on behalf of the Service (impersonating the Service) or to the Service (impersonating another user);
  11. Send unsolicited or unauthorized email on behalf of Shepherd Meats, including promotions and/or advertising of products or services;
  12. Tamper with the Service or use or attempt to use any device, software, routine, or data that interferes or attempts to interfere with the working or functionality of the Service, or any activity being conducted on the Service;
  13. Use the Service to defame, abuse, harass, stalk, threaten, or otherwise violate the legal rights of others, including others’ privacy rights or rights of publicity;
  14. Harvest or collect personally identifiable information about other users of the Service;
  15. Restrict or inhibit any other person from using the Service (including, without limitation, by hacking or defacing any portion of the Service);
  16. Use the Service to advertise or offer to sell or buy (other than from Shepherd Meats) any goods or services;
  17. Reproduce, duplicate, copy, sell, resell, or otherwise exploit for any commercial purposes any portion of, use of, or access to the Service;
  18. Modify, adapt, translate, reverse engineer, decompile, or disassemble any portion of the Service;
  19. Create any derivative works of the Content except as expressly authorized by Us; or
  20. Remove any copyright, trademark, or other proprietary rights notice from the Service or materials originating from the Service.

TRADEMARKS

Shepherd Meats and other related marks, design marks, product names, feature names and related logos used in the Service are trademarks of Shepherd Meats and may not be used, copied or imitated, in whole or in part, without the express prior written permission of Shepherd Meats. In addition, the look and feel of the Service constitute the service mark, trademark and/or trade dress of Shepherd Meats and may not be copied imitated or used, in whole or in part, without the express prior written permission of Shepherd Meats. Shepherd Meats trademarks and trade dress may not be used in connection with any product or service in any manner that is likely to cause confusion among customers, or in any manner that disparages Shepherd Meats or suggests sponsorship, affiliation or endorsement by Shepherd Meats.

All other trademarks, service marks, logos, slogans, domain names, and trade names are the properties of their respective owners.

LICENSE AND ACCESS

Subject to your strict compliance with these Terms & Conditions and the Additional Terms, Shepherd Meats grants you a limited, non-exclusive, revocable, non-assignable, personal, and non-transferable license to access and make personal use of the Service and the Content for non-commercial purposes only and only to the extent such use does not violate these Terms & Conditions including, without limitation, the prohibitions listed in the UNLAWFUL OR PROHIBITED USES section below.

You may download, print, and copy Content for such authorized personal, non-commercial purposes only, provided you do not modify or alter the Content in any way, delete or change any copyright or trademark notice, or violate these Terms & Conditions in any way. Accessing, downloading, printing, posting, storing, or otherwise using the Service or any of the Content for any commercial purpose, whether on behalf of yourself or on behalf of any third party, constitutes a material breach of these Terms & Conditions. The foregoing limited license (i) does not give you any ownership of, or any other intellectual property interest in, any Content, and (ii) may be immediately suspended or terminated for any reason, in Shepherd Meats sole discretion, and without advance notice or liability.

In some instances, we may permit you to have greater access to and use of Content, subject to certain Additional Terms.

PROPRIETARY RIGHTS

All right, title and interest in the Service, including all copyrights, patents, trade secrets, trade dress and other proprietary rights, and any derivative works thereof, shall belong solely and exclusively to Shepherd Meats or its licensors and partners. Nothing in these Terms & Conditions or otherwise will be deemed to grant to you an ownership interest in the Service, in whole or in part.

In using the Service, you must respect the intellectual property and other rights of Shepherd Meats and others. Your unauthorized use of Content (defined below) may violate copyright, trademark, privacy, publicity, communications, and other laws, and any such use may result in your personal liability, including potential criminal liability. Shepherd Meats respects the intellectual property rights of others. If you believe that your work has been infringed by means of an improper posting or distribution of it via the Service, then please see the Section entitled DMCA NOTICE – NOTICE AND PROCEDURE FOR MAKING CLAIMS OF COPYRIGHT INFRINGEMENT below. These Terms & Conditions and any applicable Additional Terms include only narrow, limited grants of rights to Content and to use and access the Service. No right or license may be construed, under any legal theory, by implication, estoppel, industry custom, or otherwise. All rights not expressly granted to you are reserved for Shepherd Meats and its licensors, partners and other third parties. Any unauthorized use of any Content or the Service for any purpose is prohibited.

The Service (including past, present, and future versions) and all content included on the Service, such as recipes, menus, meal planners, guides, shopping lists, sales flyers, text, graphics, logos, images, button icons, audio clips, video, photographs, data, music, software, and other material (collectively “Content”) are owned or licensed property of Shepherd Meats or its suppliers or licensors and are protected by copyright, trademark, patent, trade secret or other proprietary rights and these rights are valid and protected in all forms, media and technologies existing now or hereinafter developed. All Content is copyrighted as individual works and as a collective work under the U.S. copyright laws (17 U.S.C. Section 101, et. seq.) and international treaty provisions, and Shepherd Meats owns a copyright in the selection, compilation, assembly, coordination, arrangement and enhancement thereof. All Content is also protected by U.S. and international trademark, trade dress, patent and/or other intellectual property and unfair competition rights and laws to the fullest extent possible.

YOUR USE OF OUR SERVICE IS GOVERNED BY THESE TERMS & CONDITIONS

You are interacting with our Service (defined below), which is owned and operated by Shepherd Meats LLC., a California, United States based company. These Terms & Conditions govern your use of any online service location that posts a link to these Terms & Conditions and all features, content, and other services that we own, control and make available through such online service locations (collectively, the “Service”). By using the Service, you accept the Service’s Privacy Policy and these Terms & Conditions, and consent to the collection and use of your data in accordance with the Shepherd Meats Privacy Policy. In some instances, both these Terms & Conditions and separate terms will apply to your use of the Service (“Additional Terms”). To the extent there is a conflict between these Terms & Conditions and any Additional Terms, the Additional Terms will control unless they expressly state otherwise.

LINKS BY YOU TO THE SERVICE

We grant you a limited, non-exclusive, revocable, non-assignable, personal, and non-transferable license to create hyperlinks to the Service, so long as: (a) the links only incorporate text, and do not use any trademarks, (b) the links and the content on your website do not suggest any affiliation with Shepherd Meats or cause any other confusion, and (c) the links and the content on your website do not portray Shepherd Meats or its products or services in a false, misleading, derogatory, or otherwise offensive manner, and do not contain content that is unlawful, offensive, obscene, lewd, lascivious, filthy, violent, threatening, harassing, or abusive, or that violate any right of any third party or are otherwise objectionable to Shepherd Meats. Shepherd Meats reserves the right to suspend or prohibit linking to the Service for any reason, in its sole discretion, without advance notice or any liability of any kind to you or any third party.

WIRELESS, MESSAGING, AND LOCATION-BASED FEATURES

The Service may offer certain features and services that are available to you via your wireless device. These features and services may include the ability to access the Service’s features and upload content to the Service, receive messages from the Service, and download applications to your wireless device (collectively, “Wireless Features”). You agree that as to the Wireless Features for which you are registered or otherwise use, we may send communications via such features or apps to your wireless device regarding us or other parties. Further, we may collect information related to your use of the Wireless Features. If you have registered via the Service for Wireless Features, then you agree to notify Shepherd Meats of any changes to your wireless contact information (including phone number) and update your accounts on the Service to reflect the changes. The Service may include push notifications or other mobile communication capability and you hereby approve our delivery of electronic communications directly to your mobile device. These notifications, including badge, alert or pop-up messages, may be delivered to your device even when it is running in the background. You may have the ability, and it is your responsibility, to control the notifications you do, or do not receive via your device through your device settings. Standard message, data and other fees may be charged by your carrier, and carriers may deduct charges from pre-paid amounts or data allowances, for which you are responsible.

Your carrier may prohibit or restrict certain Wireless Features and certain Wireless Features may be incompatible with your carrier or wireless device. Contact your carrier with questions regarding these issues.

You may be given opportunities to subscribe to various text marketing or other text messaging programs and by doing so, you consent to receive ongoing text alerts (including by auto-dialers) from us related to our various businesses and affiliates, which may include co-promotions with or about other parties, except that if the scope of your consent for a particular subscription is limited that subscription will be so limited. For each subscription, text “HELP” for help and text “STOP” to terminate (i.e., opt-out) of that subscription. Subsequent or different subscriptions will be unaffected by an opt-out. You consent to receive a text confirming any opt-out as well as non-marketing administrative or transactional messages. For subscriptions to recurring text messages, you may receive up to the number of text messages per month specified in your consent, or to which you later consent. Alerts auto-renew unless otherwise specified when you consented. Your consent to receive text messages is not a condition of purchase, and no purchase is necessary. You understand that we will send mobile text messages using automated technology. If you subscribe to text messages, you represent that you are at least the age of majority in the jurisdiction in which you reside or are at least thirteen (13) years of age and have all proper consents from your parent or legal guardian.

Standard message, data and other fees may be charged by your carrier, and carriers may deduct charges from pre-paid amounts or data allowances, for which you are responsible. Contact your carrier for details. If we are charging a premium rate for text messages, that will be explained in the applicable subscription consent. Not all phones and/or carriers are supported. We are the sponsor of our text messages and may be contacted regarding them.

You may cancel or modify our e-mail marketing communications you receive from us by following the instructions contained within our promotional e-mails. This will not affect subsequent subscriptions and if your opt-out is limited to certain types of e-mails the opt-out will be so limited. Please note that we reserve the right to send you certain communications relating to your account or use of our Service, such as administrative and service announcements and these transactional account messages may be unaffected if you choose to opt-out from receiving our marketing communications.

If you have enabled GPS or use other location-based features on the Service, you acknowledge that your device location may be tracked. You can terminate device location tracking by our web app by uninstalling the web app and control some location tracking via the app by using the app and/or device setting. Our web app may access and use information about your device location (such as based on IP address), or your account information, to suggest appropriate services. Our Service Content may be personalized based on various information we may have about you to try to provide you with more relevant content. The location-based services offered in connection with the Service are for individual use only and should not be used or relied on as an emergency locator system, used while driving or operating vehicles, or used in connection with any hazardous environments requiring fail-safe performance, or any other situation in which the failure or inaccuracy of use of the location-based services could lead directly to death, personal injury, or severe physical or property damage.

Location-based services are used at your own risk and location data may not be accurate.

DISCLAIMERS OF WARRANTIES

As permitted by applicable law, Shepherd Meats cannot and does not represent or warrant that the Service or its server will be error-free, uninterrupted, free from unauthorized access (including third party hackers or denial of service attacks), or otherwise meet your requirements.

TO THE FULLEST EXTENT NOT PROHIBITED BY APPLICABLE LAW, THE SERVICE AND ALL INFORMATION, CONTENT, MATERIALS , PRODUCTS, SERVICES, AND USER CONTENT INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THE SERVICE (COLLECTIVELY, THE “SERVICE CONTENTS”) ARE PROVIDED BY SHEPHERD MEATS ON AN “AS IS,” “AS AVAILABLE,” AND “WITH ALL FAULTS” BASIS, WITHOUT REPRESENTATIONS OR WARRANTIES OF ANY KIND.

Therefore, to the fullest extent permissible by law, Shepherd Meats and its direct and indirect parents, subsidiaries, partners, aliates and each of their respective employees, directors, ocers, members, managers, shareholders, agents, vendors, licensors, licensees, suppliers, contractors, customers, successors, and assigns (collectively, “Shepherd Meats Parties”) hereby disclaim and make no representations, warranties, endorsements, or promises, express or implied, as to: (a) the Service (including the Content and the User Content); (b) the functions, features, or any other elements on, or made accessible through, the Service; (c) any products, services, or instructions offered or referenced at or linked through the Service except as applicable Shepherd Meats Parties may otherwise expressly provide in writing; (d) security associated with the transmission of your User Content transmitted to Shepherd Meats or via the Service; (e) whether the Service or the servers that make the Service available are free from any harmful components (including viruses, Trojan horses, and other technologies that could adversely impact your device); (f) whether the information (including any instructions) on the Service is accurate, complete, correct, adequate, useful, timely, or reliable; (g) whether any defects to or errors on the Service will be repaired or corrected; (h) whether the Service will be compatible with any other specific hardware, software or service; (i) whether your access to the Service will be uninterrupted; (j) whether the Service will be available at any particular time or location; and (k) whether your use of the Service is lawful in any particular jurisdiction.

AS PERMITTED BY APPLICABLE LAW, SHEPHERD MEATS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SERVICE, THE ACCURACY OR COMPLETENESS OF THE SERVICE CONTENT, OR THAT EMAILS SENT FROM SHEPHERD MEATS ARE FREE OF MALWARE OR OTHER HARMFUL COMPONENTS. AS PERMITTED BY APPLICABLE LAW, YOU EXPRESSLY AGREE THAT YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK AND THAT SHEPHERD MEATS WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THE SERVICE OR THE SERVICE CONTENT INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES, UNLESS OTHERWISE AGREED BY SHEPHERD MEATS IN WRITING. TO THE FULL EXTENT PERMITTED BY LAW, SHEPHERD MEATS DISCLAIMS ANY AND ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO THE SERVICE AND THE SERVICE CONTENTS, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTABILITY, NON-INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF THIRD PARTIES, CUSTOM, TRADE, QUIET ENJOYMENT, SYSTEM INTEGRATION, FREEDOM FROM COMPUTER VIRUS, AND FITNESS FOR A PARTICULAR PURPOSE OR USE.

NOTWITHSTANDING THE FOREGOING, THIS SECTION DOES NOT EXPAND OR LIMIT (i) ANY EXPRESS, WRITTEN PRODUCT WARRANTY OR RELATED DISCLAIMERS THAT ARE PROVIDED BY SHEPHERD MEATS PARTIES OR THEIR SUPPLIERS WITH REGARD TO A PHYSICAL PRODUCT SOLD BY SHEPHERD MEATS PARTIES TO YOU, OR ANY WARRANTY ON A PHYSICAL PRODUCT TO THE EXTENT REQUIRED BY APPLICABLE LAW; (ii) SHEPHERD MEATS PARTIES’ LIABILITY FOR PERSONAL INJURY TO YOU CAUSED BY SHEPHERD MEATS PARTIES TO THE EXTENT NOT WAIVABLE UNDER APPLICABLE LAW; OR (iii) ANY CAUSE OF ACTION YOU MAY HAVE AGAINST SHEPHERD MEATS PARTIES THAT IS NOT WAIVABLE UNDER APPLICABLE LAW.

IF PRODUCTS ARE PROVIDED BY THIRD PARTIES THROUGH THE SERVICE, THOSE THIRD PARTIES MAY SEPARATELY PROVIDE LIMITED REPRESENTATIONS AND/OR WARRANTIES REGARDING THEIR PRODUCTS. THIS DISCLAIMER DOES NOT APPLY TO SUCH PRODUCT REPRESENTATIONS OR WARRANTIES, BUT ANY SUCH REPRESENTATIONS OR WARRANTIES ARE PROVIDED SOLELY BY SUCH THIRD-PARTY PROVIDER AND NOT BY SHEPHERD MEATS.

IF NUTRITION, INGREDIENT, ALLERGEN, AND OTHER PRODUCT INFORMATION IS PROVIDED THROUGH THE SERVICE, SHEPHERD MEATS DOES NOT REPRESENT OR WARRANT THAT SUCH INFORMATION IS ACCURATE OR COMPLETE. ON OCCASION MANUFACTURERS MAY MODIFY THEIR PRODUCTS AND UPDATE THEIR LABELS. WE RECOMMEND THAT YOU DO NOT RELY SOLELY ON THE INFORMATION PRESENTED ON OUR SERVICE AND THAT YOU CONSULT THE PRODUCT’S LABEL OR CONTACT THE MANUFACTURER DIRECTLY IF YOU HAVE A SPECIFIC DIETARY CONCERN OR QUESTION ABOUT A PRODUCT.

Third party names, marks, products, advertisements, or services or pop-up texts or links to third-party applications may appear on the Service. AS PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL SHEPHERD MEATS BE LIABLE, DIRECTLY OR INDIRECTLY, TO ANYONE FOR ANY DAMAGE OR LOSS ARISING FROM OR RELATING TO ANY USE, CONTINUED USE, OR RELIANCE ON ANY ADVERTISEMENT DISPLAYED ON THE SERVICE, ANY PRODUCTS, SERVICES, OR OTHER MATERIALS RELATING TO ANY SUCH ADVERTISEMENT, ANY THIRD PARTY SERVICES, OR ANY LINK CONTAINED IN A THIRD PARTY SERVICE. If you decide to link to any such third-party application, you do so entirely at your own risk.

JURISDICTIONAL ISSUES

The Service is controlled and operated by Shepherd Meats from the United States and is not intended to subject Shepherd Meats to the laws or jurisdiction of any state, country or territory other than that of the United States. Shepherd Meats does not represent or warrant that the Service or any part thereof is appropriate or available for use in any particular jurisdiction other than the United States. In choosing to access the Service, you do so on your own initiative and at your own risk, and you are responsible for complying with all local laws, rules, and regulations. We may limit the Service’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion.

RELEASE

We provide information through the Service for your information and enjoyment. Your use of the Service is strictly voluntary. Because some of the information in the Service may relate to modifications to your diet, you agree to use your good judgment and reasonable care prior to making any changes to your lifestyle. By using the Service, you assume the risks associated with the activities in which you will be participating. Such risks may include but are not limited to, the risk of physical injury or other harm. You and you alone are solely responsible for taking proper care to limit your risk.

As permitted by applicable law, you knowingly and voluntarily do hereby indemnify, release, acquit, waive, forever discharge, and covenant not to sue Shepherd Meats, its employees, agents, any related affiliate and/or subsidiary entities from and against any and all liabilities, costs and expenses (including without limitations, any reasonable fees and expenses of its attorneys and consultants) relating to or arising out of any claims, demands or causes of action of every kind and character (including, without limitation, personal injury and property damage claims) as a result of the Content, information and materials offered by Shepherd Meats through the Service.

Notwithstanding anything to the contrary and for the purposes of clarity, this section does not expand or limit any express, written product terms that are provided by Shepherd Meats Parties or their suppliers with regard to a physical product sold by Shepherd Meats Parties to you or liability for direct damages for personal injury caused by a product manufactured, sold or provided by Shepherd Meats Parties or to the extent liability is not waivable or cannot be limited under applicable law.

LIMITATION OF LIABILITY

TO THE EXTENT NOT PROHIBITED BY APPLICABLE LAW, UNDER NO CIRCUMSTANCES SHALL ANY SHEPHERD MEATS PARTIES BE RESPONSIBLE OR LIABLE FOR ANY DIRECT OR INDIRECT LOSSES OR DAMAGES OF ANY KIND ARISING OUT OF OR IN CONNECTION WITH (A) THE SERVICE (INCLUDING THE CONTENT AND THE USER CONTENT); OR (B) YOUR ACCESS TO, USE OF OR INABILITY TO ACCESS OR USE THE SERVICE, OR THE PERFORMANCE OF THE SERVICE.

THIS IS A COMPREHENSIVE LIMITATION OF LIABILITY THAT APPLIES TO ALL LOSSES AND DAMAGES OF ANY KIND (INCLUDING PERSONAL INJURY OR DEATH OR FOR ANY DIRECT, INDIRECT, ECONOMIC, GENERAL, SPECIAL, PUNITIVE, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING WITHOUT LIMITATION, LOSS OF DATA, INCOME, OR PROFITS, IN CONNECTION WITH, OR OTHERWISE DIRECTLY OR INDIRECTLY RELATED TO, WITHOUT LIMITATION, THE SERVICE, CONTENT, USER CONTENT OR OTHER SHEPHERD MEATS PRODUCTS OR SERVICES, EXCEPT FOR DIRECT DAMAGES FOR PERSONAL INJURY CAUSED BY A PHYSICAL PRODUCT MANUFACTURED, SOLD OR PROVIDED SHEPHERD MEATS), EVEN IF SHEPHERD MEATS HAS BEEN ADVISED OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES REGARDLESS OF WHETHER YOU BRING AN ACTION BASED IN CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR TORT (INCLUDING WHETHER CAUSED, IN WHOLE OR IN PART, BY NEGLIGENCE, ACTS OF GOD, TELECOMMUNICATIONS FAILURE, OR DESTRUCTION OF THE SERVICE). EACH PROVISION OF THESE TERMS & CONDITIONS THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS UNDER THE AGREEMENT BETWEEN YOU AND SHEPHERD MEATS. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN YOU AND SHEPHERD MEATS. THE LIMITATIONS IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE(S).

IF YOU ARE DISSATISFIED WITH THE SERVICE, ANY CONTENT ON THE SERVICE, OR THESE TERMS & CONDITIONS, YOUR SOLE, AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE SERVICE. YOU ACKNOWLEDGE, BY YOUR USE OF THE SERVICE, THAT YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OF LIABILITY SET FORTH ABOVE, SO THIS LIMITATION OF LIABILITY MAY NOT APPLY TO YOU, AND YOU MAY HAVE RIGHTS ADDITIONAL TO THOSE CONTAINED HEREIN.
NOTWITHSTANDING THE FOREGOING, THIS SECTION DOES NOT EXPAND OR LIMIT (i) ANY EXPRESS, WRITTEN PRODUCT WARRANTY OR RELATED DISCLAIMERS THAT ARE PROVIDED BY SHEPHERD MEATS PARTIES OR THEIR SUPPLIERS WITH REGARD TO A PHYSICAL PRODUCT SOLD BY SHEPHERD MEATS PARTIES TO YOU, OR ANY WARRANTY ON A PHYSICAL PRODUCT TO THE EXTENT REQUIRED BY APPLICABLE LAW; (ii) SHEPHERD MEATS PARTIES’ LIABILITY FOR PERSONAL INJURY TO YOU CAUSED BY SHEPHERD MEATS PARTIES TO THE EXTENT NOT WAIVABLE UNDER APPLICABLE LAW; OR (iii) ANY CAUSE OF ACTION YOU MAY HAVE AGAINST SHEPHERD MEATS PARTIES THAT IS NOT WAIVABLE UNDER APPLICABLE LAW.

WAIVER OF INJUNCTIVE OR OTHER EQUITABLE RELIEF

TO THE FULLEST EXTENT NOT PROHIBITED BY APPLICABLE LAW, IF YOU CLAIM THAT YOU HAVE INCURRED ANY LOSS, DAMAGES, OR INJURIES IN CONNECTION WITH YOUR USE OF THE SERVICE, THEN THE LOSSES, DAMAGES, AND INJURIES WILL NOT BE DEEMED IRREPARABLE OR SUFFICIENT TO ENTITLE YOU TO AN INJUNCTION OR TO OTHER EQUITABLE RELIEF OF ANY KIND. THIS MEANS THAT, IN CONNECTION WITH YOUR CLAIM, YOU AGREE THAT YOU WILL NOT SEEK, AND THAT YOU WILL NOT BE PERMITTED TO OBTAIN, ANY COURT OR OTHER ACTION THAT MAY INTERFERE WITH OR PREVENT THE DEVELOPMENT OR EXPLOITATION OF ANY WEBSITE, APPLICATION, CONTENT, USER-GENERATED CONTENT, PRODUCT, SERVICE, OR INTELLECTUAL PROPERTY OWNED, LICENSED, USED OR CONTROLLED BY SHEPHERD MEATS (INCLUDING YOUR USER CONTENT) OR A LICENSOR OF SHEPHERD MEATS.

INDEMNIFICATION AND DEFENSE

As a condition of the use of the Service, as permitted by applicable law you agree to defend, indemnify, and hold harmless Shepherd Meats Parties from and against any liabilities, losses, investigations, inquiries, claims, suits, damages, costs, and expenses (including, without limitation, reasonable attorneys’ fees and expenses) (each, a “Claim”) arising out of or otherwise relating to your access to or use of the Service, including without limitation any User Content submitted by you and Claims alleging facts that if true would constitute a breach by you of these Terms & Conditions. You will cooperate as fully required by Shepherd Meats Parties in the defense of any Claim. Notwithstanding the foregoing, Shepherd Meats Parties retain the exclusive right to settle, compromise, and pay any and all Claims. Shepherd Meats Parties reserve the right to assume the exclusive defense and control of any Claims. You will not settle any Claims without, in each instance, the prior written consent of an officer of a Shepherd Meats Party.

Notwithstanding anything to the contrary and for the purposes of clarity, this section does not expand or limit any express, written product terms that are provided by Shepherd Meats Parties or their suppliers with regard to a physical product sold by Shepherd Meats Parties to you or liability for direct damages for personal injury caused by a product manufactured, sold or provided by Shepherd Meats Parties or to the extent liability is not waivable or cannot be limited under applicable law.

NOTICES AND ELECTRONIC COMMUNICATIONS

In the case of notices Shepherd Meats sends to you, you consent to receive notices and other communications by Shepherd Meats posting notices on the Service, sending you an email at the email address listed in your profile in your account, or mailing a notice to you at your billing address listed in your profile in your account. You agree that all agreements, notices, disclosures, and other communications that Shepherd Meats provides to you in accordance with the prior sentence satisfy any legal requirement that such communications be in writing.

A notice shall be deemed given (i) 24 hours after the notice is posted on the Service or an electronic message is sent, unless the sending party is notified that the message did not reach the recipient, or (ii) in the case of mailing, three days after the date of mailing. You agree that a printed version of these Terms & Conditions and/or any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to these Terms & Conditions to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form.

RULES FOR PROMOTIONS

Any sweepstakes, contests, raffles, or other promotions (collectively, “Promotions”) made available through the Service may be governed by rules that are separate from these Terms & Conditions. If you participate in any Promotions, please review the applicable rules as well as our Privacy Policy. If the rules for a Promotion conflict with these Terms & Conditions, the Promotion rules will apply.

EXPORT CONTROLS

Software related to or made available by the Service may be subject to export controls of the U.S.A.
To the extent permissible under applicable domestic laws, no software from the Service may be downloaded, exported, or re-exported (i) into (or to a national or resident of) any country or other jurisdiction to which the U.S.A. has embargoes, or (ii) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Commerce Department’s Table of Deny Orders, or (iii) to anyone on the U.S. Department of Commerce’s Bureau of Industry and Security Entities List as published in the Export Administration Regulations (including entities engaged in weapons of mass destruction proliferation in various countries and persons and entities that are suspected of diverting U.S. origin items to embargoed countries or terrorist end-uses). You are responsible for complying with all applicable trade regulations and laws both foreign and domestic. Except as authorized by law, you agree and warrant not to export or re-export the software to any county, or to any person, entity, or end-user subject to U.S. export controls or sanctions, including, without limitation, as set forth in subsections (i) – (iii) above.

NOTICES FOR CALIFORNIA RESIDENTS

Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: If you have a question or complaint regarding the Service, please send an email message to legal@shephherdmeats.com. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Aairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request that such information be removed from the Service by contacting us at the e-mail set forth in the “Contact Us” section, making such a request, stating that they personally posted such content or information and detailing where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control.

California consumers are entitled to certain privacy rights explained in the Your California Privacy Rights section of our Privacy Policy.

APPLICABLE LAW; ARBITRATION OF DISPUTES; CLASS ACTION WAIVER

Certain portions of this Section are deemed to be a “written agreement to arbitrate” pursuant to the Federal Arbitration Act. You and Shepherd Meats agree that the parties intend that this Section satisfies the “writing” requirement of the Federal Arbitration Act. This Section can only be amended by mutual agreement.

If any controversy, allegation, or claim arising out of, related to, or connected in any way to your use of the Service (collectively, “Dispute”), then you agree the Dispute shall be submitted to confidential arbitration in Riverside County, California, except that, to the extent you have in any manner violated or threatened to violate our intellectual property rights, we may seek injunctive or other appropriate relief in any state or federal court in the State of California. You agree that all Disputes will be governed by the laws of the State of California without regard to California’ choice of law principles.

You hereby consent to and waive all defenses of lack of personal jurisdiction and forum non-conveniens with respect to venue and jurisdiction in the state and federal courts of California. Arbitration under these Terms & Conditions shall be conducted pursuant to the Commercial Arbitration Rules then prevailing at the American Arbitration Association. The arbitrator’s award shall be final and binding and may be entered as a judgment in any court or tribunal with jurisdiction over the parties. YOU AND SHEPHERD MEATS AGREE THAT EACH MAY BRING CLAIMS OR CAUSES OF ACTION ARISING OUT OF, RELATED TO, OR CONNECTED IN ANY WAY WITH YOUR USE OF THE SERVICE IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. As permitted by applicable law, you agree that any claim or cause of action you may have arising out of, related to or connected in any way with your use of the Service must be filed by you within one (1) year after such claim or cause of action arose or be forever banned. Any and all claims, judgments, and awards will be limited to actual third-party, out-of-pocket costs incurred (if any), but in no event will attorneys’ fees be awarded or recoverable.

DEVICES AND CONNECTIVITY

You are responsible for obtaining and maintaining all devices and other equipment and software, and all internet service provider, mobile service, and other services needed for your access to and use of the Service and you will be responsible for all charges related to them. You further agree to look solely to the entity that manufactured and/or sold you the device for any issues related to the device and its compatibility with the Service.

By using the Service, you agree that Shepherd Meats may change, alter, or modify the settings or configurations on your device in order to allow for or optimize your use of the Service (e.g., save content, access data, enable services, etc.). For instance, the Service may access and read accounts, data and/or content on your device, add content to your device, and change settings of your device, for reasons such as showing you the location of things near you; saving Service images, sound files and writing usage logs to the device; sending Facebook, Instagram and Twitter messages you initiate; sending and receiving data needed for Service operations; and to provide you notice when you are not connected to a network. You consent to these activities by installing or otherwise using the Service. Your device settings may enable you to disable, change or limit some of these activities, and you can disable all of them associated with the Service by uninstalling the Service.and its compatibility with the Service.

Shepherd Meats makes no representations or warranties about the quality of your Service experience on your device or the ability of any device to access or display the Content.

MISCELLANEOUS

These Terms & Conditions, including any applicable Additional Terms, constitute the entire agreement between you and Shepherd Meats with respect to the Service and supersede all prior or contemporaneous communications, agreements, and proposals with respect to the Service. No provision of these Terms & Conditions shall be waived except pursuant to a writing executed by the party against whom the waiver is sought. No failure to exercise, partial exercise of, or delay in exercising any right or remedy under these Terms & Conditions shall operate as a waiver or estoppel of any right, remedy, or condition. If any provision of these Terms & Conditions is held invalid, illegal or unenforceable, the validity, legality, and enforceability of the remaining provisions will not be affected or impaired. You may not assign, transfer, or sublicense any of your rights or obligations under these Terms & Conditions without our express prior written consent. Shepherd Meats may assign its rights and obligations under these Terms and any applicable Additional Terms, in whole or in part, to any party at any time without any notice. We will not be responsible for failure to fulfill any obligation due to causes beyond our control. Shepherd Meats reserves the right to prosecute any suspected breaches of these Terms & Conditions or the Service. Shepherd Meats may disclose any information as necessary to satisfy any law, regulation, legal process or governmental request.

TERMS APPLICABLE FOR APPLE IOS

If you are accessing or using our web app through an Apple device, the following applicable additional terms and conditions are applicable to you and are incorporated into the Terms and Conditions by this reference:

  1. You acknowledge that these Terms & Conditions are entered into between Shepherd Meats and, that Apple, Inc. (“Apple”) is not a party to these Terms & Conditions other than as third-party beneficiary as contemplated below.
  2. The license granted to you in these Terms & Conditions is subject to the permitted Usage Rules set forth in the App Store Terms of Service (see: http://www.apple.com/legal/itunes/us/terms.html) and any third-party terms of agreement applicable to the Service.
  3. You acknowledge that Shepherd Meats, and not Apple, is responsible for providing the Service and Content thereof.
  4. You acknowledge that Apple has no obligation whatsoever to furnish any maintenance or any support services to you with respect to the Service.
  5. To the maximum extent not prohibited by applicable law, Apple will have no other warranty obligation whatsoever with respect to the Service.
  6. Notwithstanding anything to the contrary herein, and subject to the terms in these Terms & Conditions, you acknowledge that, solely as between Apple and Shepherd Meats, Shepherd Meats and not Apple is responsible for addressing any claims you may have relating to the Service, or your possession and/or use thereof, including, but not limited, to: (i) product liability claims; (ii) any claim that the Service fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation.
  7. Further, you agree that if the Service, or your possession and use of the Service, infringes on a third party’s intellectual property rights, you will not hold Apple responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claims.
  8. You acknowledge and agree that Apple, and Apple’s subsidiaries, are third-party beneficiaries of these Terms & Conditions, and that, upon your acceptance of these Terms & Conditions, Apple will have the right (and will be deemed to have accepted the right) to enforce these Terms & Conditions against you as a third-party beneficiary thereof.
  9. When using the Service, you agree to comply with any and all third-party terms that are applicable to any platform, website, technology or service that interacts with the Service.

 Information Security Policy  

 

October 1st, 2019 

 

 

Contents

 

  1. Introduction 3
  2. Information Security Policy 3
  3. Acceptable Use Policy 4
  4. Disciplinary Action 4
  5. Protect Stored Data 4
  6. Information Classification 5
  7. Access to the sensitive cardholder data 5
  8. Physical Security 6
  9. Protect Data in Transit 7
  10. Disposal of Stored Data 8
  11. Security Awareness and Procedures 8
  12. Network security 9
  13. System and Password Policy 10
  14. Anti-virus policy 11
  15. Patch Management Policy 11
  16. Remote Access policy 12
  17. Vulnerability Management Policy 12
  18. Configuration standards: 12
  19. Change control Process 13
  20. Audit and Log review 15
  21. Secure Application development 17
  22. Penetration testing methodology 18
  23. Incident Response Plan 20
  24. Roles and Responsibilities 25
  25. Third party access to card holder data 25
  26. User Access Management 26
  27. Access Control Policy 26
  28. Wireless Policy 28

Appendix A 29

Appendix B 30

 

  • Introduction 

 

 

This Policy Document encompasses all aspects of security surrounding confidential company information and must be distributed to all company employees. All company employees must read this document in its entirety and sign the form confirming they have read and understand this policy fully. This document will be reviewed and updated by Management on an annual basis or when relevant to include newly developed security standards into the policy and distribute it all employees and contracts as applicable.

 

 

  • Information Security Policy

 

 

Shepherd Meats handles sensitive cardholder information daily.  Sensitive Information must have adequate safeguards in place to protect them, to protect cardholder privacy, to ensure compliance with various regulations and to guard the future of the organisation.

Shepherd Meats commits to respecting the privacy of all its customers and to protecting any data about customers from outside parties.  To this end management are committed to maintaining a secure environment in which to process cardholder information so that we can meet these promises.

Employees handling Sensitive cardholder data should ensure:

 

  • Handle Company and cardholder information in a manner that fits with their sensitivity;
  • Limit personal use of Shepherd Meats information and telecommunication systems and ensure it doesn’t interfere with your job performance;
  • Shepherd Meats reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems and network traffic for any purpose;
  • Do not use e-mail, internet and other Company resources to engage in any action that is offensive, threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal;
  • Do not disclose personnel information unless authorised;
  • Protect sensitive cardholder information;
  • Keep passwords and accounts secure;
  • Request approval from management prior to establishing any new software or hardware, third party connections, etc.; 
  • Do not install unauthorised software or hardware, including modems and wireless access unless you have explicit management approval;
  • Always leave desks clear of sensitive cardholder data and lock computer screens when unattended;
  • Information security incidents must be reported, without delay, to the individual responsible for incident response locally – Please find out who this is.

We each have a responsibility for ensuring our company’s systems and data are protected from unauthorised access and improper use.  If you are unclear about any of the policies detailed herein you should seek advice and guidance from your line manager.

 

  • Acceptable Use Policy

 

 

The Management’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Shepherd Meats’s established culture of openness, trust and integrity. Management is committed to protecting the employees, partners and Shepherd Meats from illegal or damaging actions by individuals, either knowingly or unknowingly. Shepherd Meats will maintain an approved list of technologies and devices and personnel with access to such devices as detailed in Appendix B.

 

  • Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
  • Employees should ensure that they have appropriate credentials and are authenticated for the use of technologies
  • Employees should take all necessary steps to prevent unauthorized access to confidential data which includes card holder data. 
  • Employees should ensure that technologies should be used and setup in acceptable network locations
  • Keep passwords secure and do not share accounts. 
  • Authorized users are responsible for the security of their passwords and accounts. 
  • All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature. 
  • All POS and PIN entry devices should be appropriately protected and secured so they cannot be tampered or altered.
  • Because information contained on portable computers is especially vulnerable, special care should be exercised. 
  • Postings by employees from a Company email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Shepherd Meats, unless posting is in the course of business duties. 
  • Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code. 

 

 

  • Disciplinary Action  

 

 

Violation of the standards, policies and procedures presented in this document by an employee will result in disciplinary action, from warnings or reprimands up to and including termination of employment. Claims of ignorance, good intentions or using poor judgment will not be used as excuses for non compliance. 

  

 

  • Protect Stored Data  

 

 

  • All sensitive cardholder data stored and handled by Shepherd Meats and its employees must be securely protected against unauthorised use at all times. Any sensitive card data that is no longer required by Shepherd Meats for business reasons must be discarded in a secure and irrecoverable manner.
  • If there is no specific need to see the full PAN (Permanent Account Number), it has to be masked when displayed.
  • PAN’S which are not protected as stated above should not be sent to the outside network via end user messaging technologies like chats, ICQ messenger etc.,

 

It is strictly prohibited to store: 

  1. The contents of the payment card magnetic stripe (track data) on any media whatsoever.  
  2. The CVV/CVC (the 3 or 4 digit number on the signature panel on the reverse of the payment card) on any media whatsoever.  
  3. The PIN or the encrypted PIN Block under any circumstance.

 

 

  • Information Classification

 

 

Data and media containing data must always be labelled to indicate sensitivity level

 

  • Confidential data might include information assets for which there are legal requirements for preventing disclosure or financial penalties for disclosure, or data that would cause severe damage to Shepherd Meats if disclosed or modified.  Confidential data includes cardholder data.
  • Internal Use data might include information that the data owner feels should be protected to prevent unauthorized disclosure; 
  • Public data is information that may be freely disseminated.

 

 

  • Access to the sensitive cardholder data

 

 

All Access to sensitive cardholder should be controlled and authorised. Any Job functions that require access to cardholder data should be clearly defined.

  • Any display of the card holder should be restricted at a minimum of the first 6 and the last 4 digits of the cardholder data.
  • Access rights to privileged user ID’s should be restricted to least privileges necessary to perform job responsibilities
  • Privileges should be assigned to individuals based on job classification and function (Role based access control)
  • Access to sensitive cardholder information such as PAN’s, personal information and business data is restricted to employees that have a legitimate need to view such information. 
  • No other employees should have access to this confidential data unless they have a genuine business need. 
  • If cardholder data is shared with a Service Provider (3rd party) then a list of such Service Providers will be maintained as detailed in Appendix B.
  • Shepherd Meats will ensure a written agreement that includes an acknowledgement is in place that the Service Provider will be responsible for the for the cardholder data that the Service Provider possess.
  • Shepherd Meats will ensure that a there is an established process including proper due diligence is in place before engaging with a Service provider.
  •  Shepherd Meats will have a process in place to monitor the PCI DSS compliance status of the Service provider.

 

 

  • Physical Security  

 

 

Access to sensitive information in both hard and soft media format must be physically restricted to prevent unauthorised individuals from obtaining sensitive data. 

 

  • Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
  • Employees should ensure that they have appropriate credentials and are authenticated for the use of technologies
  • Employees should take all necessary steps to prevent unauthorized access to confidential data which includes card holder data. 
  • Employees should ensure that technologies should be used and setup in acceptable network locations
  • A list of devices that accept payment card data should be maintained.
  • The list should include make, model and location of the device
  • The list should have the serial number or a unique identifier of the device
  • The list should be updated when devices are added, removed or relocated
  • POS devices surfaces should be periodically inspected to detect tampering or substitution. 
  • Personnel using the devices should be trained and aware of handling the POS devices
  • Personnel using the devices should verify the identity of any third party personnel claiming to repair or run maintenance tasks on the devices, install new devices or replace devices.
  • Personnel using the devices should be trained to report suspicious behaviour and indications of tampering of the devices to the appropriate personnel.  
  • A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to enter the premises for a short duration, usually not more than one day.
  • Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. 
  • Media is defined as any printed or handwritten paper, received faxes, floppy disks, back-up tapes, computer hard drive, etc.  
  • Media containing sensitive cardholder information must be handled and distributed in a secure manner by trusted individuals.  
  • Visitors must always be escorted by a trusted employee when in areas that hold sensitive cardholder information. 
  • Procedures must be in place to help all personnel easily distinguish between employees and visitors, especially in areas where cardholder data is accessible. “Employee” refers to full-time and part-time employees, temporary employees and personnel, and consultants who are “resident” on Shepherd Meats sites. A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to enter the premises for a short duration, usually not more than one day.
  • Network Jacks located in public and areas accessible to visitors must be disabled and enabled when network access is explicitly authorised.
  • All POS and PIN entry devices should be appropriately protected and secured so they cannot be tampered or altered.
  • Strict control is maintained over the external or internal distribution of any media containing card holder data and has to be approved by management
  • Strict control is maintained over the storage and accessibility of media
  • All computer that store sensitive cardholder data must have a password protected screensaver enabled to prevent unauthorised use. 

 

 

  • Protect Data in Transit  

 

 

All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. 

 

  • Card holder data (PAN, track data etc) must never be sent over the internet via email, instant chat or any other end user technologies.
  • If there is a business justification to send cardholder data via email or via the internet or any other modes then it should be done after authorization and by using a strong encryption mechanism (i.e. – AES encryption, PGP encryption, IPSEC, GSM, GPRS, Wireless technologies etc.,).    
  • The transportation of media containing sensitive cardholder data to another location must be authorised by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location. 

 

  • Disposal of Stored Data

 

 

  • All data must be securely disposed of when no longer required by Shepherd Meats, regardless of the media or application type on which it is stored.
  • An automatic process must exist to permanently delete on-line data, when no longer required.
  • All hard copies of cardholder data must be manually destroyed as when no longer required for valid and justified business reasons. A quarterly process must be in place to confirm that all non-electronic cardholder data has been appropriately disposed of in a timely manner.
  • Shepherd Meats will have procedures for the destruction of hardcopy (paper) materials. These will require that all hardcopy materials are crosscut shredded, incinerated or pulped so they cannot be reconstructed.
  • Shepherd Meats will have documented procedures for the destruction of electronic media. These will require:
    • All cardholder data on electronic media must be rendered unrecoverable when deleted e.g. through degaussing or electronically wiped using military grade secure deletion processes or the physical destruction of the media;
    • If secure wipe programs are used, the process must define the industry accepted standards followed for secure deletion.
  • All cardholder information awaiting destruction must be held in lockable storage containers clearly marked “To Be Shredded” – access to these containers must be restricted.

 

 

  • Security Awareness and Procedures  

 

 

The policies and procedures outlined below must be incorporated into company practice to maintain a high level of security awareness. The protection of sensitive data demands regular training of all employees and contractors. 

 

  • Review handling procedures for sensitive information and hold periodic security awareness meetings to incorporate these procedures into day to day company practice. 
  • Distribute this security policy document to all company employees to read. It is required that all employees confirm that they understand the content of this security policy document by signing an acknowledgement form (see Appendix A) 
  • All employees that handle sensitive information will undergo background checks (such as criminal and credit record checks, within the limits of the local law) before they commence their employment with Shepherd Meats. 
  • All third parties with access to credit card account numbers are contractually obligated to comply with card association security standards (PCI/DSS).  
  • Company security policies must be reviewed annually and updated as needed. 

 

  •   Network security

 

 

  • Firewalls must be implemented at each internet connection and any demilitarized zone and the internal company network.
  • A network diagram detailing all the inbound and outbound connections must be maintained and reviewed every 6 months.
  • A firewall and router configuration document must be maintained which includes a documented list of services, protocols and ports including a business justification.
  • Firewall and router configurations must restrict connections between untrusted networks and any systems in the card holder data environment.
  • Stateful Firewall technology must be implemented where the Internet enters Shepherd Meats Card network to mitigate known and on-going threats. Firewalls must also be implemented to protect local network segments and the IT resources that attach to those segments such as the business network, and open network.
  • All inbound and outbound traffic must be restricted to that which is required for the card holder data environment.
  • All inbound network traffic is blocked by default, unless explicitly allowed and the restrictions have to be documented.
  • All outbound traffic has to be authorized by management (i.e. what are the whitelisted category of sites that can be visited by the employees) and the restrictions have to be documented
  • Shepherd Meats will have firewalls between any wireless networks and the cardholder data environment. 
  • Shepherd Meats will quarantine wireless users into a DMZ, where they will be authenticated and firewalled as if they were coming in from the Internet.
  • Disclosure of private IP addresses to external entities must be authorized.
  • A topology of the firewall environment has to be documented and has to be updated in accordance to the changes in the network.
  • The firewall rules will be reviewed on a six months basis to ensure validity and the firewall has to have clean up rule at the bottom of the rule base.
  • Shepherd Meats have to quarantine wireless users into a DMZ, where they were authenticated and firewalled as if they were coming in from the Internet.
  • No direct connections from Internet to cardholder data environment will be permitted. All traffic has to traverse through a firewall.

 

Rules Source IP Destination IP Action

 

  • System and Password Policy

 

 

All users, including contractors and vendors with access to Shepherd Meats systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

 

  • A system configuration standard must be developed along industry acceptable hardening standards (SANS, NIST, ISO)
  • System configurations should be updated as new issues are identified (as defined in PCI DSS requirement 6.1)
  • System configurations must include common security parameter settings 
  • The systems configuration standard should be applied to any news systems configured.
  • All vendor default accounts and passwords for the systems have to be changed at the time of provisioning the system/device into Shepherd Meats network and all unnecessary services and user/system accounts have to be disabled.
  • All unnecessary default accounts must be removed or disabled before installing a system on the network.
  • Security parameter settings must me set appropriately on System components
  • All unnecessary functionality (scripts, drivers, features, subsystems, file systems, web servers etc.,) must be removed.
  • All unnecessary services, protocols, daemons etc., should be disabled if not in use by the system.
  • Any insecure protocols, daemons, services in use must be documented and justified.
  • All users with access to card holder data must have a unique ID.
  • All user must use a password to access Shepherd Meats network or any other electronic resources 
  • All user ID’s for terminated users must be deactivated or removed immediately. 
  • The User ID will be locked out if there are more than 5 unsuccessful attempts. This locked account can only be enabled by the system administrator. Locked out user accounts will be disabled for a minimum period of 30 minutes or until the administrator enables the account.
  • All system and user level passwords must be changed on at least a quarterly basis.
  • A minimum password history of four must be implemented.
  • A unique password must be setup for new users and the users prompted to change the password on first login.
  • Group, shared or generic user account or password or other authentication methods must not be used to administer any system components.
  • Where SNMP is used, the community strings must be defined as something other than the

Standard defaults of “public,” “private” and “system” and must be different from the passwords used to log in interactively.

  • All non-console administrative access will use appropriate technologies like ssh,vpn etc or strong encryption is invoked before the administrator password is requested 
  • System services and parameters will be configured to prevent the use of insecure technologies like telnet and other insecure remote login commands
  • Administrator access to web based management interfaces is encrypted using strong cryptography.
  • The responsibility of selecting a password that is hard to guess generally falls to users. A strong password must:

 

  1. Be as long as possible (never shorter than 6 characters).
  2. Include mixed-case letters, if possible.
  3. Include digits and punctuation marks, if possible.
  4. Not be based on any personal information.
  5. Not be based on any dictionary word, in any language. 

 

  • If an operating system without security features is used (such as DOS, Windows or MacOS), then an intruder only needs temporary physical access to the console to insert a keyboard monitor program. If the workstation is not physically secured, then an intruder can reboot even a secure operating system, restart the workstation from his own media, and insert the offending program.
  • To protect against network analysis attacks, both the workstation and server should be cryptographically secured. Examples of strong protocols are the encrypted Netware login and Kerberos.

 

 

  • Anti-virus policy

 

 

  • All machines must be configured to run the latest anti-virus software as approved by Shepherd Meats. The preferred application to use is XXXX Anti-Virus software, which must be configured to retrieve the latest updates to the antiviral program automatically on a daily basis. The antivirus should have periodic scanning enabled for all the systems.
  • The antivirus software in use should be cable of detecting all known types of malicious software (Viruses, Trojans, adware, spyware, worms and rootkits)
  • All removable media (for example floppy and others) should be scanned for viruses before being used.
  • All the logs generated from the antivirus solutions have to be retained as per legal/regulatory/contractual requirements or at a minimum of PCI DSS requirement 10.7 of 3 months online and 1 year offline.
  • Master Installations of the Antivirus software should be setup for automatic updates and periodic scans
  • End users must not be able to modify and any settings or alter the antivirus software
  • E-mail with attachments coming from suspicious or unknown sources should not be opened. All such e-mails and their attachments should be deleted from the mail system as well as from the trash bin. No one should forward any e-mail, which they suspect may contain virus.

 

 

  • Patch Management Policy

 

 

  • All Workstations, servers, software, system components etc. owned by Shepherd Meats must have up-to-date system security patches installed to protect the asset from known vulnerabilities.
  • Where ever possible all systems, software must have automatic updates enabled for system patches released from their respective vendors. Security patches have to be installed within one month of release from the respective vendor and have to follow the process in accordance with change control process.
  • Any exceptions to this process have to be documented.

 

  • Remote Access policy

 

 

  • It is the responsibility of Shepherd Meats employees, contractors, vendors and agents with

remote access privileges to Shepherd Meats’s corporate network to ensure that their remote

access connection is given the same consideration as the user’s on-site connection to Shepherd Meats.

  • Secure remote access must be strictly controlled. Control will be enforced by two factor authentication via one-time password authentication or public/private keys with strong pass-phrases. 
  • Vendor accounts with access to Shepherd Meats network will only be enabled during the time period the access is required and will be disabled or removed once access is no longer required.
  • Remote access connection will be setup to be disconnected automatically after 30 minutes of inactivity
  • All hosts that are connected to Shepherd Meats internal networks via remote access technologies will be monitored on a regular basis.
  • All remote access accounts used by vendors or 3rd parties will be reconciled at regular interviews and the accounts will be revoked if there is no further business justification.
  • Vendor accounts with access to Shepherd Meats network will only be enabled during the time period the access is required and will be disabled or removed once access is no longer required.

 

 

  • Vulnerability Management Policy

 

  • All the vulnerabilities would be assigned a risk ranking such as High, Medium and Low based on industry best practices such as CVSS base score.
  • As part of the PCI-DSS Compliance requirements, Shepherd Meats will run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
  • Quarterly internal vulnerability scans must be performed by Shepherd Meats by internal staff or a 3rd party vendor and the scan process has to include that rescans will be done until passing results are obtained, or all High vulnerabilities as defined in PCI DSS Requirement 6.2 are resolved.
  • Quarterly external vulnerability scans must be performed by an Approved Scanning Vendor (ASV) qualified by PCI SSC. Scans conducted after network changes may be performed by Shepherd Meats’s internal staff. The scan process should include re-scans until passing results are obtained.

 

 

  • Configuration standards:

 

 

  • Information systems that process transmit, or store card holder data must be configured in accordance with the applicable standard for that class of device or system.  Standards must be written and maintained by the team responsible for the management of the system in conjunction with the Information Security Office. 
  • All network device configurations must adhere to Shepherd Meats required standards before being placed on the network as specified in Shepherd Meats configuration guide. Using this guide, a boilerplate configuration has been created that will be applied to all network devices before being placed on the network.
  • Before being deployed into production, a system must be certified to meet the applicable configuration standard
  • Updates to network device operating system and/or configuration settings that fall under Shepherd Meats standards are announced by the Information security Office. Updates must be applied within the time frame identified by the Information security Office.
  •  Administrators of network devices that do not adhere to Shepherd Meats standards (as identified via a previous exception) must document and follow a review process of announced vendor updates to operating system and/or configuration settings.  This process must include a review schedule, risk analysis method and update method.
  • All network device configurations must be checked annually against the configuration boilerplate to ensure the configuration continues to meet required standards.
  • Where possible, network configuration management software will be used to automate the process of confirming adherence to the boilerplate configuration.
  • For other devices an audit will be performed quarterly to compare the boilerplate configuration to the configuration currently in place.
  • All discrepancies will be evaluated and remediated by Network Administration.

 

 

  • Change control Process

 

 

  • Changes to information resources shall be managed and executed according to a formal change control process. The control process will ensure that changes proposed are reviewed, authorised, tested, implemented, and released in a controlled manner; and that the status of each proposed change is monitored.
  • The change control process shall be formally defined and documented. A change control process shall be in place to control changes to all critical company information resources (such as hardware, software, system documentation and operating procedures).  This documented process shall include management responsibilities and procedures. Wherever practicable, operational and application change control procedures should be integrated.
  • All change requests shall be logged whether approved or rejected on a standardised and central system. The approval of all change requests and the results thereof shall be documented. A documented audit trail, maintained at a Business Unit Level, containing relevant information shall be maintained at all times.  This should include change request documentation, change authorisation and the outcome of the change. No single person should be able to effect changes to production information systems without the approval of other authorised personnel.
  • A risk assessment shall be performed for all changes and dependant on the outcome, an impact assessment should be performed.
  • The impact assessment shall include the potential effect on other information resources and potential cost implications. The impact assessment should, where applicable consider compliance with legislative requirements and standards. 
  • All change requests shall be prioritised in terms of benefits, urgency, effort required and potential impact on operations.
  • Changes shall be tested in an isolated, controlled, and representative environment (where such an environment is feasible) prior to implementation to minimise the effect on the relevant business process, to assess its impact on operations and security and to verify that only intended and approved changes were made. (For more information see System Development Life Cycle [citation here]).
  •  Any software change and/or update shall be controlled with version control. Older versions shall be retained in accordance with corporate retention and storage management policies. (For more information see System Development Life Cycle [citation here])
  • All changes shall be approved prior to implementation. Approval of changes shall be based on formal acceptance criteria i.e. the change request was done by an authorised user, the impact assessment was performed and proposed changes were tested. 
  • All users, significantly affected by a change, shall be notified of the change.  The user representative shall sign-off on the change. Users shall be required to make submissions and comment prior to the acceptance of the change.
  • Implementation will only be undertaken after appropriate testing and approval by stakeholders. All major changes shall be treated as new system implementation and shall be established as a project. Major changes will be classified according to effort required to develop and implement said changes. (For more information see System Development Life Cycle [citation here])
  • Procedures for aborting and recovering from unsuccessful changes shall be documented. Should the outcome of a change be different to the expected result (as identified in the testing of the change), procedures and responsibilities shall be noted for the recovery and continuity of the affected areas. Fall back procedures will be in place to ensure systems can revert back to what they were prior to implementation of changes.
  • Information resources documentation shall be updated on the completion of each change and old documentation shall be archived or disposed of as per the documentation and data retention policies.
  • Specific procedures to ensure the proper control, authorisation, and documentation of emergency changes shall be in place. Specific parameters will be defined as a standard for classifying changes as Emergency changes.
  • All changes will be monitored once they have been rolled-out to the production environment. Deviations from design specifications and test results will be documented and escalated to the solution owner for ratification.  

 

 

  • Audit and Log review 

 

 

  • This procedure covers all logs generated for systems within the cardholder data environment, based on the flow of cardholder data over Shepherd Meats network, including the following components: 

 

  • Operating System Logs (Event Logs and su logs).
  • Database Audit Logs.
  • Firewalls & Network Switch Logs.
  • IDS Logs.
  • Antivirus Logs.
  • Cctv Video recordings.
  • File integrity monitoring system logs.

 

  • Audit Logs must be maintained for a minimum of 3 months online (available for immediate analysis) and 12 months offline.
  • Review of logs is to be carried out by means of Shepherd Meats’s network monitoring system (Shepherd Meats to define hostname), which is controlled from Shepherd Meats console (Shepherd Meats to define hostname). The console is installed on the server (Shepherd Meats to define hostname / IP address), located within Shepherd Meats data centre environment.
  • The following personnel are the only people permitted to access log files (Shepherd Meats to define which individuals have a job-related need to view audit trails and access log files).
  • The network monitoring system software (Shepherd Meats to define) is configured to alert Shepherd Meats [RESPONSIBLE TEAM] to any conditions deemed to be potentially suspicious, for further investigation. Alerts are configured to:
  • A dashboard browser-based interface, monitored by Shepherd Meats [RESPONSIBLE TEAM]. 
  • Email / SMS alerts to Shepherd Meats [RESPONSIBLE TEAM] mailbox with a summary of the incident. Shepherd Meats [ROLE NAME] also receives details of email alerts for informational purposes. 
  • The following Operating System Events are configured for logging, and are monitored by the console (Shepherd Meats to define hostname):
  1. Any additions, modifications or deletions of user accounts. 
  2. Any failed or unauthorised attempt at user logon. 
  3. Any modification to system files. 
  4. Any access to the server, or application running on the server, including files that hold cardholder data. 
  5. Actions taken by any individual with root or administrative privileges. 
  6. Any user access to audit trails. 
  7. Any creation / deletion of system-level objects installed by Windows. (Almost all system-level objects run with administrator privileges, and some can be abused to gain administrator access to a system.) 

 

  • The following Database System Events are configured for logging, and are monitored by the network monitoring system (Shepherd Meats to define software and hostname):
  1. Any failed user access attempts to log in to the Oracle database. 
  2. Any login that has been added or removed as a database user to a database. 
  3. Any login that has been added or removed from a role. 
  4. Any database role that has been added or removed from a database. 
  5. Any password that has been changed for an application role. 
  6. Any database that has been created, altered, or dropped. 
  7. Any database object, such as a schema, that has been connected to. 
  8. Actions taken by any individual with DBA privileges.

 

  • The following Firewall Events are configured for logging, and are monitored by the network monitoring system (Shepherd Meats to define software and hostname):
  1. ACL violations. 
  2. Invalid user authentication attempts. 
  3. Logon and actions taken by any individual using privileged accounts. 
  4. Configuration changes made to the firewall (e.g. policies disabled, added, deleted, or modified). 

 

  • The following Switch Events are to be configured for logging and monitored by the network monitoring system (Shepherd Meats to define software and hostname):
  1. Invalid user authentication attempts. 
  2. Logon and actions taken by any individual using privileged accounts. 
  3. Configuration changes made to the switch (e.g. configuration disabled, added, deleted, or modified). 

 

  • The following Intrusion Detection Events are to be configured for logging, and are monitored by the network monitoring system (Shepherd Meats to define software and hostname):
  1. Any vulnerability listed in the Common Vulnerability Entry (CVE) database. 
  2. Any generic attack(s) not listed in CVE. 
  3. Any known denial of service attack(s). 
  4. Any traffic patterns that indicated pre-attack reconnaissance occurred. 
  5. Any attempts to exploit security-related configuration errors. 
  6. Any authentication failure(s) that might indicate an attack. 
  7. Any traffic to or from a back-door program. 
  8. Any traffic typical of known stealth attacks. 

 

  • The following File Integrity Events are to be configured for logging and monitored by (Shepherd Meats to define software and hostname):
  1. Any modification to system files. 
  2. Actions taken by any individual with Administrative privileges. 
  3. Any user access to audit trails. 
  4. Any Creation / Deletion of system-level objects installed by Windows. (Almost all system-level objects run with administrator privileges, and some can be abused to gain administrator access to a system.) 

 

  • For any suspicious event confirmed, the following must be recorded on F17 – Log Review Form, and Shepherd Meats [ROLE NAME] informed:
  1. User Identification. 
  2. Event Type. 
  3. Date & Time. 
  4. Success or Failure indication. 
  5. Event Origination (e.g. IP address). 
  6. Reference to the data, system component or resource affected. 

 

 

  • Secure Application development

 

 

  • The Secure Application development policy is a plan of action to guide developers’ decisions and actions during the software development lifecycle (SDLC) to ensure software security. This policy aims to be language and platform independent so that it is applicable across all software development projects
  • The adherence to and use of Secure Application Development Coding Policy is a requirement for all software development on Shepherd Meats information technology systems and trusted contractor sites processing Shepherd Meats data.
  • Each phase of the SDLC is mapped with security activities, as explained below:

 

  1. Design
  • Identify Design Requirements from security perspective
  • Architecture & Design Reviews
  • Threat Modelling

 

  1. Coding
  • Coding Best Practices
  • Perform Static Analysis

 

  1. Testing
  • Vulnerability Assessment
  • Fuzzing

 

  1. Deployment
  •  Server Configuration Review
  •  Network Configuration Review

 

  • Development of code shall be checked and validated with the most current versions of Shepherd Meats Coding Standards for Secure Application Development. All code developers shall verify that their code is in compliance with the most recent and approved coding standards and guidelines.
  • Only validated code shall be implemented into Shepherd Meats production environment. A review and validation ensures that code exhibits fundamental security properties to include correctness, predictability, and attack tolerance.

 

Application Code Developers shall:

  • Ensure code meets the level of confidence that software is free from exploitable code vulnerabilities, regardless of whether they are already designed into the software or inserted later in its life cycle. 
  • Ensure code provides predictable execution or justifiable confidence and that the software, when executed, will provide security functionality as intended. 
  • Coding techniques must address injection flaws particularly SQL injection,buffer overflow vulnerabilities, cross site scripting vulnerabilities, improper access control (insecure direct object reference, failure to restrict URL access, directory traversal etc.,), cross site request forgery (CSRF), broken authentication and session management
  • Never trust incoming data to the system, apply checks to this data. 
  • Never rely on the client to store sensitive data no matter how trivial. 
  • Disable Error messages that return any information to the user. 
  • Use object inheritance, encapsulation, and polymorphism wherever possible. 
  • Use environment variables prudently and always check boundaries and buffers. 
  • Applications must validate input to ensure it is well-formed and meaningful. 

 

 

  • Penetration testing methodology

 

 

  •  In this section should be listed the risks inherent in conducting penetration testing over the information systems of Shepherd Meats. Additionally, it should be noted for each mitigation measures that will be taken. Examples might be:

 

Example 1#

    Risk: Denial of Service in systems or network devices because of the network scans.

    Mitigation measure 1: network scans must be performed in a controlled manner. The start and end of the scan must be notified to responsible personnel to allow monitoring during testing. For any sign of trouble will abort the scan in progress.

    Mitigation measure 2: scanning tools must be configured to guarantee that the volume of sent packets or sessions established per minute does not cause a problem for network elements. In this sense, we must perform the first scans in a very controlled way and a use minimum configuration that may be expanded when is evident that the configuration is not dangerous for network devices or servers in the organization.

 

  • Key staff involved in the project by the organization will be listed:

 

    Technical Project Manager: 

    Chief Information Security Officer: 

    Chief Information Officer: 

    Head of Communications: 

    Responsible for web site YYYY.com: 

 

  • External intrusion tests will be performed remotely from the supplier’s premises .Internal intrusion tests will be conducted in the office Shepherd Meats of the Organization. Audit team must to have access to the Organization’s network. It must manage access permissions to the building early enough to ensure that the audit team can access without problems during planning period.
  • All the tests will be conducted from the equipment owned by the audit team so no equipment for the execution of the tests is required. The only requirement in this regard will be to have an active network connection for each member of the audit team. Those connections must provide access to the target network segment in every case.
  • If an incident occurs during the execution of the tests that have an impact on the systems or services of the organization, the incident should be brought immediately to the attention of those responsible for incident management in the project
  • It should be noted that in order to comply with PCI DSS the scope of the test should include, at least the following:

 

  • All systems and applications that are part of the perimeter of the cardholder data environment card (CDE).

 

Example:

  1. Systems included in the scope

    System 1: IP: System: System Description

    System 2: IP: System: System Description

    Wifi network Shepherd Meats

    …………….

  1.  Applications included in the scope

    Application 1: URL: Description of the application 

    ……………….

  1.  Systems excluded from the scope

    System 5: IP: System: System Description

    System 6: IP: System: System Description

    ………………..

  1.  Applications excluded from the scope

    Application 3: URL: Description of the application

    …………………

 

  • Technical tests must follow the OSSTMM methodology. Tests must be conducted at network, system and application level and must ensure that at least identifies any vulnerabilities documented by OWASP and SANS, as well as those identified in the PCI DSS standard v3:

 

  1. Injections: Code, SQL, OS commands, LDAP , XPath , etc.
  2. Buffer overflows.
  3. Insecure storage of cryptographic keys
  4. Insecure Communications
  5. Improper error handling
  6. Cross -site scripting (XSS)
  7. Control of inappropriate access.
  8. Cross – site request forgery (CSRF).
  9. Broken authentication and incorrectly session management.
  10. Any other vulnerability considered High Risk by the organization.

 

  • For all findings or vulnerabilities identified during the tests carried out will be generated and documented sufficient evidence to prove the existence of the same. The format of the evidence can be variable in each case, screen capture, raw output of security tools, photographs, paper documents, etc.
  • As a result of tests performed should generate a document containing at least the following sections:

 

    Introduction

    Executive Summary

    Methodology

    Identified vulnerabilities

    Recommendations for correcting vulnerabilities

    Conclusions

    Evidence

 

  1. Incident Response Plan

 

‘Security incident’ means any incident (accidental, intentional or deliberate) relating to your communications or information processing systems. The attacker could be a malicious stranger, a competitor, or a disgruntled employee, and their intention might be to steal information or money, or just to damage your company.

 

The Incident response plan has to be tested once annually. Copies of this incident response plan is to be made available to all relevant staff members, and take steps to ensure that they understand it and what is expected of them.

 

Employees of Shepherd Meats will be expected to report to the security officer for any security related issues.

 

Shepherd Meats PCI security incident response plan is as follows:

 

  1. Each department must report an incident to the Information Security Officer (preferably) or to another member of the PCI Response Team. 
  2. That member of the team receiving the report will advise the PCI Response Team of the incident. 
  3. The PCI Response Team will investigate the incident and assist the potentially compromised department in limiting the exposure of cardholder data and in mitigating the risks associated with the incident. 
  4. The PCI Response Team will resolve the problem to the satisfaction of all parties involved, including reporting the incident and findings to the appropriate parties (credit card associations, credit card processors, etc.) as necessary. 
  5. The PCI Response Team will determine if policies and processes need to be updated to avoid a similar incident in the future, and whether additional safeguards are required in the environment where the incident occurred, or for the institution. 
  6. If an unauthorised wireless access point or devices is identified or detected as part of the quarterly test this is should be immediately escalated to the Security officer or someone with similar privileges who has the authority to stop, cease, shut down, and remove the offending device immediately.
  7. A department that reasonably believes it may have an account breach, or a breach of cardholder information or of systems related to the PCI environment in general, must inform Shepherd Meats PCI Incident Response Team. After being notified of a compromise, the PCI Response Team, along with other designated staff, will implement the PCI Incident Response Plan to assist and augment departments’ response plans.

 

Shepherd Meats PCI Security Incident Response Team: (Update as applicable)

 

CIO
Communications Director
Compliance Officer
Counsel
Information Security Officer
Collections & Merchant Services
Risk Manager

 

Incident Response Notification

 

Escalation Members

 

Escalation – First Level

Information Security Officer Controller

Executive Project Director for Credit Collections and Merchant Services Legal Counsel

Risk Manager

 

Director of Shepherd Meats Communications

 

Escalation – Second Level

Shepherd Meats President

Executive Cabinet

 

Internal Audit

Auxiliary members as needed

 

      External Contacts (as needed)

Merchant Provider Card Brands

Internet Service Provider (if applicable)

Internet Service Provider of Intruder (if applicable) Communication Carriers (local and long distance) Business Partners

Insurance Carrier

External Response Team as applicable (CERT Coordination Center 1, etc) Law Enforcement Agencies as applicable inn local jurisdiction

 

In response to a systems compromise, the PCI Response Team and designees will:

 

  1. Ensure compromised system/s is isolated on/from the network. 
  2. Gather, review and analyze the logs and related information from various central and local safeguards and security controls 
  3. Conduct appropriate forensic analysis of compromised system. 
  4. Contact internal and external departments and entities as appropriate. 
  5. Make forensic and log analysis available to appropriate law enforcement or card industry security personnel, as required. 
  6. Assist law enforcement and card industry security personnel in investigative processes, including in prosecutions.

 

The card companies have individually specific requirements the Response Team must address in reporting suspected or confirmed breaches of cardholder data. 

 

Incident Response notifications to various card schemes  

 

  1. In the event of a suspected security breach, alert the information security officer or your line manager immediately.  
  2. The security officer will carry out an initial investigation of the suspected security breach.  
  3. Upon confirmation that a security breach has occurred, the security officer will alert management and begin informing all relevant parties that may be affected by the compromise.   

 

 VISA Steps

 

If the data security compromise involves credit card account numbers, implement the following procedure: 

 

  • Shut down any systems or processes involved in the breach to limit the extent, and prevent further exposure.  
  • Alert all affected parties and authorities such as the Merchant Bank (your Bank), Visa Fraud Control, and the law enforcement. 
  • Provide details of all compromised or potentially compromised card numbers to Visa Fraud Control within 24 hrs.  
  • For more Information visit: http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_if_ compromised.html  

 

Visa Incident Report Template

 

This report must be provided to VISA within 14 days after initial report of incident to VISA. The following report content and standards must be followed when completing the incident report. Incident report must be securely distributed to VISA and Merchant Bank. Visa will classify the report as “VISA Secret”*.

  1. Executive Summary 

 

      1. Include overview of the incident 
      2. Include RISK Level (High, Medium, Low) 
      3. Determine if compromise has been contained 
  1. Background 

III. Initial Analysis 

  1. Investigative Procedures

 

  1. Include forensic tools used during investigation 
  1. Findings 
    1. Number of accounts at risk, identify those stores and compromised 

 

    1. Type of account information at risk 
    2. Identify ALL systems analyzed. Include the following: 

 

      • Domain Name System (DNS) names 

 

      • Internet Protocol (IP) addresses 

 

      • Operating System (OS) version 

 

      • Function of system(s) 

 

    1. Identify ALL compromised systems. Include the following: 

 

      • DNS names 

 

      • IP addresses 

 

      • OS version 

 

      • Function of System(s) 
    1. Timeframe of compromise 

 

    1. Any data exported by intruder 
    2. Establish how and source of compromise 
    3. Check all potential database locations to ensure that no CVV2, Track 1 or Track 2 data is stored anywhere, whether encrypted or unencrypted (e.g., duplicate or backup tables or databases, databases used in development, stage or testing environments, data on software engineers’ machines, etc.) 
    4. If applicable, review VisaNet endpoint security and determine risk 
  1. Compromised Entity Action

VII. Recommendations

 

VIII. Contact(s) at entity and security assessor performing investigation

 

*This classification applies to the most sensitive business information, which is intended for use within VISA. Its unauthorized disclosure could seriously and adversely impact VISA, its employees, member banks, business partners, and/or the Brand

 

MasterCard Steps:

 

  1. Within 24 hours of an account compromise event, notify the MasterCard Compromised Account Team via phone at 1-636-722-4100. 
  2. Provide a detailed written statement of fact about the account compromise (including the contributing circumstances) via secured e-mail to  compromised_account_team@mastercard.com

 

  1. Provide the MasterCard Merchant Fraud Control Department with a complete list of all known compromised account numbers. 
  2. Within 72 hours of knowledge of a suspected account compromise, engage the services of a data security firm acceptable to MasterCard to assess the vulnerability of the compromised data and related systems (such as a detailed forensics evaluation). 

 

  1. Provide weekly written status reports to MasterCard, addressing open questions and issues until the audit is complete to the satisfaction of MasterCard. 
  2. Promptly furnish updated lists of potential or known compromised account numbers, additional documentation, and other information that MasterCard may request. 

 

  1. Provide finding of all audits and investigations to the MasterCard Merchant Fraud Control department within the required time frame and continue to address any outstanding exposure or recommendation until resolved to the satisfaction of MasterCard. 

 

Once MasterCard obtains the details of the account data compromise and the list of compromised account numbers, MasterCard will:

 

  1. Identify the issuers of the accounts that were suspected to have been compromised and group all known accounts under the respective parent member IDs. 

 

  1. Distribute the account number data to its respective issuers.

 

Employees of Shepherd Meats will be expected to report to the security officer for any security related issues. The role of the security officer is to effectively communicate all security policies and procedures to employees within Shepherd Meats and contractors. In addition to this, the security officer will oversee the scheduling of security training sessions, monitor and enforce the security policies outlined in both this document and at the training sessions and finally, oversee the implantation of the incident response plan in the event of a sensitive data compromise. 

 

Discover Card Steps

 

  1. Within 24 hours of an account compromise event, notify Discover Fraud Prevention 
  2. Prepare a detailed written statement of fact about the account compromise including the contributing circumstances 
  3. Prepare a list of all known compromised account numbers 

 

  1. Obtain additional specific requirements from Discover Card 

 

American Express Steps

 

  1. Within 24 hours of an account compromise event, notify American Express Merchant Services 
  2. Prepare a detailed written statement of fact about the account compromise including the contributing circumstances 
  3. Prepare a list of all known compromised account numbers 

Obtain additional specific requirements from American Express

 

 

  • Roles and Responsibilities

 

 

  • Chief Security Officer (or equivalent) is responsible for overseeing all aspects of information security, including but not limited to:
  • Creating and distributing security policies and procedures.
  • Monitoring and analysing security alerts and distributing information to appropriate information security and business unit management personnel.
  • creating and distributing security incident response and escalation procedures that include:
  • Maintaining a formal security awareness program for all employees that provide multiple methods of communicating awareness and educating employees (for example, posters, letters, meetings).
  • The Information Technology Office (or equivalent) shall maintain daily administrative and technical operational security procedures that are consistent with the PCI-DSS (for example, user account maintenance procedures, and log review procedures).
  • System and Application Administrators shall:
  • monitor and analyse security alerts and information and distribute to appropriate personnel
  • administer user accounts and manage authentication
  • Monitor and control all access to data.
  • Maintain a list of service providers.
  • Ensure there is a process for engaging service providers including proper due diligence prior to engagement.
  • Maintain a program to verify service providers’ PCI-DSS compliant status, with supporting documentation.
  • The Human Resources Office (or equivalent) is responsible for tracking employee participation in the security awareness program, including:
  • Facilitating participation upon hire and at least annually.
  • Ensuring that employees acknowledge in writing at least annually that they have read and understand Shepherd Meats’s information security policy.
  • General Counsel (or equivalent) will ensure that for service providers with whom cardholder information is shared:
  • Written contracts require adherence to PCI-DSS by the service provider.
  • Written contracts include acknowledgement or responsibility for the security of cardholder data by the service provider.

 

 

  • Third party access to card holder data

 

 

  • All third-party companies providing critical services to Shepherd Meats must provide an agreed Service Level Agreement.
  • All third-party companies providing hosting facilities must comply with Shepherd Meats’s Physical Security and Access Control Policy.
  • All third-party companies which have access to Card Holder information must:

 

  1. Adhere to the PCI DSS security requirements.
  2. Acknowledge their responsibility for securing the Card Holder data.
  3. Acknowledge that the Card Holder data must only be used for assisting the completion of a transaction, supporting a loyalty program, providing a fraud control service or for uses specifically required by law.
  4. Have appropriate provisions for business continuity in the event of a major disruption, disaster or failure.
  5. Provide full cooperation and access to conduct a thorough security review after a security intrusion to a Payment Card industry representative, or a Payment Card industry approved third party.

 

 

  • User Access Management

 

  • Access to company is controlled through a formal user registration process beginning with a formal notification from HR or from a line manager. 
  • Each user is identified by a unique user ID so that users can be linked to and made responsible for their actions. The use of group IDs is only permitted where they are suitable for the work carried out.
  • There is a standard level of access; other services can be accessed when specifically authorized by HR/line management. 
  • The job function of the user decides the level of access the employee has to cardholder data
  • A request for service must be made in writing (email or hard copy) by the newcomer’s line manager or by HR. The request is free format, but must state: 

 

Name of person making request:

Job title of the newcomers and workgroup: 

Start date: 

Services required (default services are: MS Outlook, MS Office and Internet access):

 

  • Each user will be given a copy of their new user form to provide a written statement of their access rights, signed by an IT representative after their induction procedure. The user signs the form indicating that they understand the conditions of access. 
  • Access to all company systems is provided by IT and can only be started after proper procedures are completed. 
  • As soon as an individual leaves Shepherd Meats employment, all his/her system logons must be immediately revoked.  
  • As part of the employee termination process HR (or line managers in the case of contractors) will inform IT operations of all leavers and their date of leaving. 

 

 

  • Access Control Policy

 

 

  • Access Control systems are in place to protect the interests of all users of Shepherd Meats computer systems by providing a safe, secure and readily accessible environment in which to work.
  • Shepherd Meats will provide all employees and other users with the information they need to carry out their responsibilities in as effective and efficient manner as possible.
  • Generic or group IDs shall not normally be permitted, but may be granted under exceptional circumstances if sufficient other controls on access are in place.
  • The allocation of privilege rights (e.g. local administrator, domain administrator, super-user, root access) shall be restricted and controlled, and authorization provided jointly by the system owner and IT Services. Technical teams shall guard against issuing privilege rights to entire teams to prevent loss of confidentiality.
  • Access rights will be accorded following the principles of least privilege and need to know.
  • Every user should attempt to maintain the security of data at its classified level even if technical security mechanisms fail or are absent.
  • Users electing to place information on digital media or storage devices or maintaining a separate database must only do so where such an action is in accord with the data’s classification
  • Users are obligated to report instances of non-compliance to the Shepherd Meats CISO
  • Access to Shepherd Meats IT resources and services will be given through the provision of a unique Active Directory account and complex password.
  • No access to any Shepherd Meats IT resources and services will be provided without prior authentication and authorization of a user’s Shepherd Meats Windows Active Directory account.
  • Password issuing, strength requirements, changing and control will be managed through formal processes. Password length, complexity and expiration times will be controlled through Windows Active Directory Group Policy Objects. 
  • Access to Confidential, Restricted and Protected information will be limited to authorised persons whose job responsibilities require it, as determined by the data owner or their designated representative. Requests for access permission to be granted, changed or revoked must be made in writing.
  • Users are expected to become familiar with and abide by Shepherd Meats policies, standards and guidelines for appropriate and acceptable usage of the networks and systems.
  • Access for remote users shall be subject to authorization by IT Services and be provided in accordance with the Remote Access Policy and the Information Security Policy. No uncontrolled external access shall be permitted to any network device or networked system.
  • Access to data is variously and appropriately controlled according to the data classification levels described in the Information Security Management Policy.
  • Access control methods include logon access rights, Windows share and NTFS permissions, user account privileges, server and workstation access rights, firewall permissions, IIS intranet/extranet authentication rights, SQL database rights, isolated networks and other methods as necessary.
  • A formal process shall be conducted at regular intervals by system owners and data owners in conjunction with IT Services to review users’ access rights. The review shall be logged and IT Services shall sign off the review to give authority for users’ continued access rights

 

 

  • Wireless Policy

 

  • Installation or use of any wireless device or wireless network intended to be used to connect to any of the Shepherd Meats networks or environments is prohibited. 
  • A quarterly test should be run to discover any wireless access points connected to Shepherd Meats network
  • Usage of appropriate testing using tools like net stumbler, kismet etc. must be performed on a quarterly basis to ensure that:
  • Any devices which support wireless communication remain disabled or decommissioned.
  • If any violation of the Wireless Policy is discovered as a result of the normal audit processes, the security officer or any one with similar job description has the authorisation to stop, cease, shut down, and remove the offending device immediately.

 

If the need arises to use wireless technology it should be approved by Shepherd Meats and the following wireless standards have to be adhered to:

 

  1. Default SNMP community strings and passwords, passphrases, Encryption keys/security related vendor defaults (if applicable) should be changed immediately after the installation of the device and if anyone with knowledge of these leaves Shepherd Meats.
  2. The firmware on the wireless devices has to be updated accordingly as per vendors release schedule
  3. The firmware on the wireless devices must support strong encryption for authentication and transmission over wireless networks.
  4. Any other security related wireless vendor defaults should be changed if applicable.
  5. Wireless networks must implement industry best practices (IEEE 802.11i) and strong encryption for authentication and transmission of cardholder data.
  6. An Inventory of authorized access points along with a business justification must be maintained. (Update Appendix B)

 

Appendix A – Agreement to Comply Form Agreement to Comply With Information Security Policies  

 

 

 

________________________ 

Employee Name (printed)  

 

________________ 

Department  

 

I agree to take all reasonable precautions to assure that company internal information, or information that has been entrusted to Shepherd Meats by third parties such as customers, will not be disclosed to unauthorised persons. At the end of my employment or contract with Shepherd Meats, I agree to return all information to which I have had access as a result of my position. I understand that I am not authorised to use sensitive information for my own purposes, nor am I at liberty to provide this information to third parties without the express written consent of the internal manager who is the designated information owner.  

I have access to a copy of the Information Security Policies, I have read and understand these policies, and I understand how it impacts my job. As a condition of continued employment, I agree to abide by the policies and other requirements found in Shepherd Meats security policy. I understand that non-compliance will be cause for disciplinary action up to and including dismissal, and perhaps criminal and/or civil penalties.  

I also agree to promptly report all violations or suspected violations of information security policies to the designated security officer.  

 

 

 

________________________ 

Employee Signature  

 

Appendix B

 

Asset/Device Name Description Owner/Approved User Location
     
       
       
       
       
       
       
       
       
       
       
       
       

 

List of Service Providers

 

Name of Service Provider Contact Details Services Provided PCI DSS Compliant PCI DSS Validation Date