Information Security; Compliance Sample Clauses

Information Security; Compliance. 3.1 Supplier is responsible for the security of any Buyer Data to the extent it Processes such data. Supplier shall, at its sole cost and expense, implement Security Measures that are no less rigorous than, and shall only Process Buyer Data in such a manner so as to comply with: (a) a Security Framework; (b) Privacy and Security Laws; (c) MBN 9666 Standards (to the extent applicable to the Services), and (d) any other requirements of this Addendum or the Agreement. 3.2 At a minimum, Supplier’s Security Measures shall include: (a) access controls (including multi-factor authentication, where appropriate); (b) physical security; (c) encryption of Buyer Data at rest and in transit; (d) segregation of Buyer Data from Supplier’s other customers’ data; (e) privacy and security awareness training; (f) record maintenance, including, without limitation, incident and compliance recordkeeping consistent with the Security Framework; (g) Secure Development Practices with regard to applications that Process Buyer Data; and (i) incident response, vulnerability mitigation, and vendor management programs. 3.3 Remote access to Buyer Data or Buyer Systems is only allowed upon prior written approval by ▇▇▇▇▇ and must occur through access points approved by Buyer. Supplier systems used for such remote access must be protected according to the requirements of this Addendum. 3.4 If, in the course of its engagement, Supplier has access to or will Process credit, debit, or other payment card information (“PCI”), Supplier shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS. As evidence of compliance with PCI DSS, Supplier will provide a current attestation of compliance at the commencement of Services and at regular intervals thereafter. Supplier will create and maintain reasonably detailed, complete, and accurate documentation describing the systems, processes, network segments, security controls, and data flows used to receive, transmit, store, and secure PCI that it obtains in connection with the Services. Such documentation shall conform to the most current version of the PCI DSS. 3.5 Supplier shall ensure only Supplier-owned, managed, or leased end-user devices are used by Supplier to Process Buyer Data and shall promptly notify Buy...
View SourceView Similar (10)
Information Security; Compliance. Ellucian will design and maintain a control environment for the Hosting Services aligned with global information security practices and standards such as ISO 27001 and third party attestation frameworks such as SSAE 16 / SOC 1 and SOC 2.
View SourceView Similar (2)
Information Security; Compliance a. The Contractor warrants to the State that Sub-vendor shall comply with information security as follows: i. Sub-vendors shall be familiar with the requirements of the State of Tennessee Enterprise Information Security Policies, as may be updated from time to time, and can be found at the following link: ▇▇▇▇▇://▇▇▇.▇▇.▇▇▇/finance/strategic-technology- solutions/strategic-technology-solutions/sts-security-policies.html. ii. Sub-vendors shall have measures in place that ensure that all data records, including computer source and object code, are transported and stored in the United States using FIPS 140-2 validated encryption technologies. iii. Sub-vendors shall implement practices and facilities to meet or exceed the State of Tennessee’s information security requirements for access control, authentication, system maintenance, and patching. iv. Sub-vendors shall be compliant with best practices for secure application development as defined in ISO/IEC 27000 or later series and shall provide proof of compliance annually or upon State request. v. The Sub-vendor is not authorized to host any Federal Tax Information, Centers for Medicare and Medicaid Services Information or Criminal Justice Information Services Information b. Contractor warrants that it shall cooperate with the State agencies in the course of performance of the Contract so that both parties will be in compliance with State Enterprise Information Security Policies requirements and any other state and federal computer security regulations including cooperation and coordination with State of Tennessee computer security officials and other compliance officers required by its regulations. Contractor shall bear the expense of and require any staff that has access to systems or data that the State of Tennessee designates as sensitive or protected to undergo background checks that are inclusive of both criminal and financial history and shall provide proof of satisfactory results. c. The Contractor agrees to require all Sub-vendors to abide by the following: i. Current updated virus software and virus definition files that are enabled to perform real time scans shall be maintained on all Sub-vendor-supplied hardware ii. Sub-vendor shall not install or utilize remote control or file sharing software unless explicitly approved in writing by the State of Tennessee; and iii. Utilize best practice authentication methods to prevent access from unauthorized individuals and entities. iv. Sub-vendor shall not c...
View SourceView Similar (2)
Information Security; Compliance. Ellucian will design and maintain a control environment for the Cloud Software aligned with global information security practices and standards such as ISO 27001 and third party attestation frameworks such as SSAE 16 / SOC 1 and SOC 2.
View SourceView Similar (2)
Information Security; Compliance. 9.5.1 Contractor must comply with the following County Board of Supervisors approved information security policies, as applicable:
View Source
Information Security; Compliance. Contractor shall perform periodic audits and maintain relevant security based certifications and/or independent assessments to demonstrate and substantiate the Contractor's compliance with applicable laws and terms and conditions governing the Contractor services. ▇▇▇▇▇▇▇ College reserves the right to request evidence of this compliance and ▇▇▇▇▇▇▇ College agrees to maintain any such evidence as Confidential Information of the Contractor and will not disclose such information unless under legal obligation or with the explicit permission of the Contractor to do so.
View Source
Information Security; Compliance. 3.1 Licensee is responsible for the Security of any MBUSA Data to the extent it Processes such data. Licensee shall, at its sole cost and expense, implement Security that is no less rigorous than, and shall only Process MBUSA Data in such a manner so as to comply with: (a) the Security Framework; (b) Privacy and Security Laws; and (c) any other requirements of this Addendum or the Agreement. Licensee shall immediately notify MBUSA if Licensee knows that any written instruction by MBUSA would cause either or both parties to violate Privacy and Security Laws. 3.2 At a minimum, Licensee’s Security shall include: (a) access controls; (b) physical security;
View Source
Information Security; Compliance. Contractor warrants to the State that it is familiar with the requirements of the State of Tennessee Enterprise Information Security Policies, and has measures in place that ensure that all data records are transported, stored and accessed in a secure manner. All data is property of the State of Tennessee. The system or contractor must meet or exceed the State’s information security requirements for access control, authentication, storage, data destruction, system maintenance and patching and must be compliant with best practices for secure application development as defined in ISO/IEC 27000 series. The State of Tennessee Information Security policy can be found at the following link: ▇▇▇▇://▇▇▇.▇▇.▇▇▇/assets/entities/finance/oir/attachments/PUBLIC-Enterprise-Information-Security-Policies-v2.0_1.pdf Contractor warrants that it will cooperate with the State in the course of performance of the Contract so that both parties will be in compliance with State Enterprise Information Security Policies requirements and any other state and federal computer security regulations including cooperation and coordination with State computer security officials and other compliance officers required by its regulations. The State may conduct audits of Contractor’s compliance with the State’s Enterprise Information Security Policy (“The Policy”) or under this Contract, including those obligations imposed by Federal or State law, regulation or policy. The State’s or State’s designee’s right to conduct security audits is independent of any other audit or monitoring required by this Contract. The timing and frequency of such audits shall be at the State’s discretion and may but not necessarily shall, be in response to a security incident. A security audit may include the following: (i) review of access logs, screen shots and other paper or electronic documentation relating to Contractor’s compliance with the Policy. This may include review of documentation relevant to subcontractors or suppliers of security equipment and services used with respect to State data; (ii) physical inspection of controls such as door locks, file storage, communications systems, and employee identification procedures; and (iii) interviews of responsible technical and management personnel regarding security procedures. Contractor shall provide reports or additional information upon request of the State and access by the State or the State's designated staff to Contractor’s facilities and/or any location...
View Source
Information Security; Compliance 
View Source