Data Management Security Policy Sample Clauses
A Data Management Security Policy clause establishes the requirements and standards for handling, storing, and protecting data within an organization or between contracting parties. It typically outlines the types of data covered, such as personal, confidential, or proprietary information, and specifies security measures like encryption, access controls, and regular audits. The core function of this clause is to safeguard sensitive information from unauthorized access or breaches, thereby reducing the risk of data loss and ensuring compliance with relevant data protection laws.
Data Management Security Policy. The Contractor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties.
Data Management Security Policy. The vendor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties.
Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. ▪ Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis. Application Service Providers must have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) must identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the mutually agreed upon recovery time and point objectives. County of Orange Page 47 of 53 MA-042-19011809 Health Care Agency File Folder No. C018820