Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied.
Information Security Audits. During the term of this Agreement, and for one (1) year following termination:
Information Security Audits. During the term of this Agreement, and for one (1) year following termination Lender may provide prior written notice to Servicer or the intent to review the summary of the information security program, at Servicer’s Headquarters, upon reasonable notice of not less than 30 days.
Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program. Reserved. (Payment Card Industry (“PCI”) Requirements) Protected Health Information. Contractor, all subcontractors, all agents and employees of Contractor, and any subcontractor shall comply with all federal and state laws regarding the transmission, storage and protection of all private health information disclosed to Contractor by City in the performance of this Agreement. Contractor agrees that any failure of Contactor to comply with the requirements of federal and/or state and/or local privacy laws shall be a material breach of the Contract. In the event that the City pays a regulatory fine, and/or is assessed civil penalties or damages through private rights of action, based on an impermissible use or disclosure of protected health information given to Contractor or its subcontractors or agents by City, Contractor shall indemnify City for the amount of such fine or penalties or damages, including costs of notification. In such an event, in addition to any other remedies available to it under equity or law, the City may terminate the Agreement.
Information Security Audits. Contractor must contract with an independent third-party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program. If services include collecting electronic payments on behalf of the City (including credit card payments), the Office of the Treasurer and Tax Collector requires the following language. Any deviation from the above requirements shall be approved in writing by the City and County of San Francisco Office of the Treasurer and Tax Collector. If the services do not include collecting electronic payments on behalf of the City then delete the body text and replace with “Reserved. (Payment Card Industry (“PCI”) Requirements.)” Payment Card Industry (“PCI”) Requirements. Contractors providing services and products that handle, transmit or store cardholder data, are subject to the following requirements: Applications shall be compliant with the Payment Application Data Security Standard (PA-DSS) and validated by a Payment Application Qualified Security Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must then be listed on the PCI Councils list of PA-DSS approved and validated payment applications. Gateway providers shall have appropriate Payment Card Industry Data Security Standards (PCI DSS) certification as service providers (xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxx.xxxxx). Compliance with the PCI DSS shall be achieved through a third-party audit process. The Contractor shall comply with Visa Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP) programs. For any Contractor that processes PIN Debit Cards, payment card devices supplied by Contractor shall be validated against the PCI Council PIN Transaction Security (PTS) program. For items 13.4.1 to 13.4.3 above, Contractor shall provide a letter from their qualified security assessor (QSA) affirming their compliance and current PCI or PTS compliance certificate. Contractor shall be responsible for furnishing City with an updated PCI compliance certific...
Information Security Audits. Provider shall procure no less than annual security audits of the Facilities by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards no later than December, 2008. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 7.1.8. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities in Safeguards or otherwise in any Facilities; and (b) if so, the nature of each vulnerability discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities.
Information Security Audits. If Contractor will be hosting data on behalf of the City, Contractor must contract with an independent third-party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied. XxxXxxxx And Signature
Information Security Audits. Provider shall procure no less than annual security audits of their data centers by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards as the same may be amended, modified, supplemented, or superseded from time to time. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 8.8 (Cardholder Information) hereto. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities, inadequacies, or insufficiencies in or breaches of Safeguards or otherwise in any Facilities; and (b) if so, the nature of each such vulnerability, inadequacy, insufficiency or breach discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability inadequacy, insufficiency or breach at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities inadequacies, insufficiencies or breaches.
