Information Security Framework Sample Clauses

Information Security Framework. Supplier shall follow a leading, industry recognized cyber security framework, e.g., National Institute of Standards and Technology (NIST), or International Organization for Standardization (ISO) 27001. Each year, Supplier shall complete UL Solutions’ supplier cybersecurity assessment questionnaire. If Supplier fails to satisfy UL Solutions’ supplier security assessment in UL Solutions’ sole opinion, UL Solutions may terminate any relevant SOW by giving Supplier fifteen (15) days’ prior written notice.
Sample 1Sample 2
AutoNDA by SimpleDocs
Information Security Framework. The Operator must define, document, and assign ownership to oversee development, adoption, enforcement and compliance with Information Security requirements, policies, standards, and procedures. The Operator must ensure that the assigned role is of a sufficiently high-level classification in the organization that can be allowed to execute the responsibilities in an effective and independent manner.
Sample 1
Information Security Framework a) Security Accountability. Jamf will assign one or more security officers who will be responsible for coordinating and monitoring all information security functions, policies and procedures.
Sample 1
Information Security Framework. Buyer strongly encourages and highly recommends Vendor (a) obtain within 2 years from the Effective Date, and maintain thereafter, a Health Information Trust Alliance (“HITRUST”) certification; or, (b) promptly adopt and follow an alternative leading, industry recognized cyber security framework, e.g., National Institute of Standards and Technology (NIST), or International Organization for Standardization (ISO) 27001. Each year, Supplier shall either provide a HITRUST certification that covers the scope of services being provided to Buyer or complete Buyer’s vendor security assessment questionnaire. If Vendor fails to obtain or maintain a HITRUST certification or is unable to satisfy Buyer’s vendor security assessment in Buyer’s sole opinion, Buyer may terminate any PA or SOW by giving Vendor fifteen (15) days’ prior written notice.
Sample 1
Information Security Framework. Buyer highly recommends Supplier shall adopt and follow an industry recognized cybersecurity framework such as Health Information Trust Alliance (“HITRUST”) framework; or, National Institute of Standards and Technology (NIST), or International Organization for Standardization (ISO) 27001. Each year, Supplier shall complete Buyer’s vendor security assessment questionnaire and provide supporting documentary evidence. In the event, that there are security findings identified because of the Buyer’s security assessment, Supplier shall agree to remediate the security findings within the Buyer’s defined remediation timeframes. If Supplier fails to complete Xxxxx’s vendor security assessment questionnaire and/or vendor security assessment remediation efforts in Xxxxx’s sole opinion, Buyer may terminate any PA or SOW by giving Supplier fifteen (15) days’ prior written notice.
Sample 1
Information Security Framework 
Sample 1Sample 2Sample 3

Related to Information Security Framework

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Security and Data Privacy Each party will comply with applicable data privacy laws governing the protection of personal data in relation to their respective obligations under this Agreement. Where Siemens acts as Customer’s processor of personal data provided by Customer, the Data Privacy Terms available at xxxxx://xxx.xxxxxxx.xxx/dpt/sw, including the technical and organizational measures described therein, apply to the use of the relevant Learning Services and are incorporated herein by reference.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

Time is Money Join Law Insider Premium to draft better contracts faster.