Contractor Hosted Data Clause Samples

Contractor Hosted Data. If Contractor hosts Protected University Data in or on Contractor or subcontractor facilities, the following additional clauses apply. Computers that host Protected University Data shall be housed in secure areas that have adequate walls and entry control such as a card-controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter, and visitor entry will be strictly controlled. Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements. Contractor shall backup systems or media stored at a separate location with regular scheduled incremental and full back-ups with sufficient retention of backup files to restore data. Contractor shall test restore procedures not less than once per year. Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention. Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-repudiation of the transaction while crossing networks. Contractor shall require strong passwords for any user accessing Protected University Data. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character. The installation or modification of software on systems containing Protected University Data shall be subject to formal change management procedures and segregation of duties requirements. Contractor who hosts Protected University Data shall engage an independent third-party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request.
View SourceView Similar (29)
Contractor Hosted Data. If Contractor hosts University Compliant Data or Business Sensitive Data, in or on Contractor facilities, the following clauses apply. A. Contactor computers that host University Compliant Data or Business Sensitive Information shall be housed in secure areas that have adequate walls and entry control such as a card controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter and visitor entry will be strictly controlled. B. Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements. C. Contractor shall backup systems or media stored at a separate location with incremental back-ups at least daily and full back-ups at least weekly. Incremental and full back-ups shall be retained for 15 days and 45 days respectively. Contractor shall test restore procedures not less than once per year. D. Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention. E. Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-repudiation of the transaction while crossing networks. F. The installation or modification of software on systems containing University Compliant Data or Business Sensitive Information shall be subject to formal change management procedures and segregation of duties requirements. G. Contractor who hosts University Compliant Data or Business Sensitive Information shall engage an independent third-party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request. H. Contractor shall require strong passwords for any user accessing personally identifiable information or data covered under law, regulation, or standard such as HIPAA, FERPA, or PCI. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character.
View SourceView Similar (2)

Related to Contractor Hosted Data

  • Customer Data 8.1 You, not bookinglab or JRNI, have sole responsibility for the entry, deletion, correction, accuracy, quality, integrity, legality, reliability, appropriateness, and right to use the Customer Data. bookinglab and JRNI is not responsible for any of the foregoing or for any destruction, damage, loss, or failure to store any Customer Data beyond its reasonable control or resulting from any failure in data transmission or operation of the Booking Service by you. 8.2 As of the MSA Start Date, JRNI is certified under ISO 27001 and shall maintain an information security program for the Services that complies with the ISO 27001 standards or such other standards as are substantially equivalent to ISO 27001. 8.3 If JRNI and/or bookinglab processes any Personal Data on your behalf when performing its obligations under this Agreement, the Parties acknowledge that you shall be the Data Controller and JRNI and/or bookinglab shall be a Data Processor and in any such case: (a) you shall ensure that you are entitled to transfer the relevant Customer Personal Data to JRNI and/or bookinglab so that they may lawfully use, process and transfer the Customer Personal Data in accordance with this Agreement on your behalf; (b) you shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable Data Protection Laws; (c) each Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (d) notwithstanding any other provision of this Agreement, but subject always to Appendix B(1) Data Protection and B(2) Data Processing Activities, nothing shall prevent JRNI or bookinglab from disclosing Customer Personal Data or Customer Data to their Group Companies, Affiliates and third party service providers as necessary to provide the Services in accordance with clause 3, and otherwise in order to comply with Applicable Law or at the request of a governmental, regulatory or supervisory authority. 8.4 From the MSA Start Date the Parties shall comply with Appendix B(1) Data Protection and Appendix B(2) Data Processing Activities 8.5 ensure that Customer Data and Personal Data deemed as a special category of Data under GDPR is not given to us in any form unless pre-agreed by us in writing 8.6 You are solely responsible and liable for any transfer of Customer Data made by you (or made by JRNI or bookinglab at your request) from the Booking Service to a third party and for ensuring that such transfer is in compliance with the Parties' obligations under the Data Protection Laws.

  • Client Data The Subrecipient shall maintain client data demonstrating client eligibility for services provided. Such data shall include, but not be limited to, client name, address, income level or other basis for determining eligibility, and description of service provided. Such information shall be made available to Grantee monitors or their designees for review upon request.