DATA SECURITY AND SAFEGUARDS Sample Clauses

DATA SECURITY AND SAFEGUARDS. Supplier shall implement and maintain at all times appropriate organisational, operational, managerial, physical and technical measures to protect the Personal Data and Purchaser’s any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, so that all processing is in compliance with the Laws and Purchaser’s reasonable written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined by Supplier, following the recommendations as laid out in ISO/IEC 27000 series (or equivalent, such as SSAE-16(2)) or other recommendations adapted to a level which is suitable, taking into consideration the degree of sensitivity of the personal data, the particular risks which exist, existing technical possibilities, and the costs for carrying out the measures. Supplier shall limit access to the Personal Data to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. Supplier shall also ensure by technical and organisational means that Purchaser’s Personal Data is not processed for different purposes (e.g. for different Supplier customers) and that the Personal Data is processed separately from the data of other Supplier customers. Supplier warrants that in performing the Services under the Agreement all necessary precautions are taken by Supplier to prevent loss and alteration of any data, to prevent unauthorised access to Purchaser’s IT environment, to prevent introduction of viruses to Purchaser’s systems, and to prevent improper access to Purchaser’s IT environment and confidential information of Purchaser.
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
DATA SECURITY AND SAFEGUARDS. The Data Applicant and Data Recipient agree to establish, comply with, and update appropriate administrative, technical, and physical safeguards to protect the confidentiality of MHDO Data and to prevent unauthorized use, access to, or disclosure of the MHDO Data other than as provided for by this Agreement. MHDO Data shall be stored and accessed only in areas that are physically safe from access by unauthorized persons at all times. The MHDO Data shall be protected electronically to prevent unauthorized access by computer, remote access, or any other means. The Data Applicant and Data Recipient agree that all MHDO Data and work product derived therefrom that has not been approved by MHDO for publication will be encrypted at rest and in transit. Block level encryption of all media is required where MHDO data are stored. The strength of data encryption must be a certified algorithm which is 256 bit or higher. Any encryption keys protecting the storage or transmission of MHDO Data, including the MHDO encryption key, shall only be used by individual persons specified on this MHDO DUA. Such keys shall be stored and transmitted separately from the information they protect. The Data Applicant and Data Recipient expressly agree that MHDO Data will not be accessed, tested, maintained, backed-up, transmitted, or stored outside of the United States. The Data Applicant and Data Recipient may not sell, re-package or in any way make MHDO Data available at the individual element level, unless the ultimate viewers of that data have applied to MHDO for this data, been approved for such access and signed an MHDO DUA. The Data Applicant and Data Recipient shall immediately inform the MHDO of any legal process by which third parties try to obtain access to MHDO data held by the Data Applicant or Data Recipient or any subcontractor and shall not turn over any data except as permitted by MHDO. REPORTING AND INVESTIGATIONS The Data Applicant and Data Recipient agree to report to the MHDO: all security incidents including attempted or successful unauthorized access, use, disclosure, modification or destruction of MHDO Data; interference with system operation in an information system that contains MHDO Data; and specifically, any potential or actual breach of Protected Health Information (PHI) from the MHDO Data. Data Applicant and Data Recipient shall report any such actual or suspected security incident to the MHDO Executive Director within 24 hours after it is discovered. The ...
Sample 1Sample 2Sample 3See All (4)
DATA SECURITY AND SAFEGUARDS. The Supplier shall
Sample 1Sample 2Sample 3
DATA SECURITY AND SAFEGUARDS. The [Universities] shall
Sample 1
DATA SECURITY AND SAFEGUARDS. EPG and/or its Data Processors shall implement and maintain, at all times, appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access so that all processing is in compliance with Laws and written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined or indicated by EPG, following the recommendations as laid out in ISO/IEC 27000 series (‘Information Security Management Systems (ISMS) standards’, or equivalent). Access to Personal Data shall be limited to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. EPG and/or its Data Processors shall also ensure, by technical and organizational means, that Personal Data is not processed for different purposes and that the Data is processed separately from the Data of other third-party entities. In terms of the main Agreement, this present Policy document and any applicable Descriptions of Services or other Appendices, all necessary precautions are taken to prevent loss and alteration of any data, to prevent unauthorised access to EPG’s I.T. environment, to prevent introduction of viruses to EPG’s systems, and to prevent improper access to EPG’s I.T. environment and Confidential Information.
Sample 1
DATA SECURITY AND SAFEGUARDS. The Parties agree that the Information Security Requirements Appendix (See Annex 1 part E) shall apply to the Processing of Personal Data. Further, the Supplier shall
Sample 1
DATA SECURITY AND SAFEGUARDS. 4.1. Talshir shall use appropriate safeguards and data security measures and comply with Subpart C of 45 C.F.R. Part 164 of HIPAA with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
Sample 1
AutoNDA by SimpleDocs
DATA SECURITY AND SAFEGUARDS 
Sample 1

Related to DATA SECURITY AND SAFEGUARDS

  • Security and Safety A. The Contractor warrants it is and shall remain in compliance with all applicable local, state and federal laws, regulations, codes and ordinances relating to fire, construction, building, health, food service and safety, including but not limited to the Hotel and Motel Fire Safety Act of 1990, Public Law 101-391. The Judicial Council may terminate this Agreement, pursuant to the termination for cause provision set forth herein, without penalty or prejudice if the Contractor fails to comply with the foregoing requirements.

  • Data Security and Privacy 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:

  • Security Safeguards (1) Each party acknowledges that it is solely responsible for determining and communicating to the other the appropriate technological, physical, and organizational security measures required to protect Personal Data.

  • Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.

  • Cybersecurity; Data Protection The Company’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company has implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with its business, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company is presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except where the failure to be in compliance would not, individually or in the aggregate, have a Material Adverse Effect.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Privacy and Data Security (a) The parties will keep confidential any information regarding the Company, Nationwide, the Variable Accounts, and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”) and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available other than as a result of a disclosure by the Receiving Party or its representatives, or (iii) is or becomes available to the Receiving Party on a non-confidential basis from a source (other than the Disclosing Party) which, to the best of the Receiving Party’s knowledge, is not prohibited from disclosing such information to the Receiving Party by a legal, contractual, or fiduciary obligation to the Disclosing Party, or (iv) describes the fees payable to Nationwide under this Agreement.

  • Confidentiality and Data Security (a) The Custodian agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication.

  • Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. All notifications and written reports of data security incidents and policy compliance violations should be sent to the DAC(s) indicated in the Addendum to this Agreement. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.

Time is Money Join Law Insider Premium to draft better contracts faster.