Information Security Plan. Contractor is required to maintain an Information Security Plan sufficient to protect the sensitive and/or confidential CSU data to which they have access. Requirements for the Information Security Plan are described in Rider A.
Information Security Plan. A. Supplier acknowledges that UC is required to comply with information security standards for the protection of Protected Information as required by law, regulation and regulatory guidance, as well as UC’s internal security program for information and systems protection.
Information Security Plan. (1) Contractor acknowledges that the Department is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as the Department’s internal security program for information and systems protection.
Information Security Plan. (1) Contractor acknowledges that ETF is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as ETF’s internal security program for information and systems protection.
Information Security Plan. Domestic Communications Companies shall develop, document, implement, and maintain an information security plan to:
Information Security Plan. Contractor acknowledges that the Department is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as the Department’s internal security program for information and systems protection. Contractor shall develop, implement, and maintain a comprehensive Information Security Plan that contains administrative, technical, and physical safeguards designed to ensure the privacy, security, integrity, availability, and confidentiality of the Confidential Information. Contractor must provide evidence to the Department of one or more of the following for the plan: Certification in, or compliance with, generally accepted information risk management security control frameworks, standards or guidelines such as: ISO/IEC 27000-series; NIST800-53; CIS Critical Security Controls for Effective Cyber Defense; or HIPAA Security Rule - 45 CFR Part 160 and Subparts A and C of Part 164; and Compliance with any state or federal regulations by which the person or entity who owns or licenses such information may be regulated; or At a minimum, include the elements listed in the Information Security Plan Requirements set forth below. Upon the Department’s request, Contractor shall submit one of the following documents to the Department: Independent attestation of certification; Information Security Plan scope statement; Information Security Plan statement of applicability; or SOC 2, Type 2 audit and letter of attestation indicating Contractor’s receipt of management’s assertion of control compliance from Contractor’s subcontractors as described in Section 6 Audit Provision. The Department reserves the right to require the Contractor to provide more than one of the above documents. If Contractor is unable to produce one of the above documents, Contractor may satisfy the requirement by providing the assurances in Section 28.0(h) below. Annually, or upon a significant change in risk posture, Contractor will review its Information Security Plan and update and revise it as needed. If at any time there are any material reductions to Contractor’s Information Security Plan, Contractor will notify the Department within two weeks of the completion of the review and prior to implementation. In such instances, the Department will require an explanation of the reductions. At the Department’s request, Contractor will make modifications to its Information Security Plan or to the procedure...
Information Security Plan. Contractor agrees that it will protect CSU Protected Data according to published information security policy and standards and no less rigorously than it protects its own confidential information but in no case less than reasonable care. Contractor shall develop, implement, maintain and use appropriate administrative, technical and physical security measures, which may include but not be limited to encryption techniques, to preserve the confidentiality, integrity and availability of all such Protected Data. In addition, Contractor represents and warrants that in performing the Services, it will comply with all applicable privacy and data protection laws and regulations of the United States including, as applicable, the provisions in the Xxxxx-Xxxxx-Xxxxxx Act, 15 U.S.C. Section 6801 et seq., the Family Education Rights and Privacy Act (“FERPA”), 20 USC Section 1232(g) et seq., and of any other applicable non-U.S. jurisdiction, including the European Union Directives, and that it will use best efforts, consistent with Federal Trade Commission and other applicable guidance, to protect CSU’s Protected Information from identity theft, fraud and unauthorized use. Failure by Contractor to comply with any provision of this Section shall constitute a default subject to Paragraph 14 of the CSU General Provisions for Service Acquisitions.
Information Security Plan. The contractor shall submit, within 30 days of contract award, an Information Security Plan that describes the information security rules, procedures, and processes to ensure sensitive, confidential, or personal data are protected and secure.
Information Security Plan. Vendor is required to maintain an Information Security Plan sufficient to protect the sensitive and/or confidential CSU data to which they have access.
Information Security Plan. Contractor shall implement and maintain a written information security program (“WISP”) that contains physical, administrative and technical safeguards necessary to ensure the confidentiality, integrity and availability of District Information, including such physical, administrative and technical safeguards as are necessary to ensure that District Information disclosed between Contractor and District is not used or disclosed by Contractor, or by any of Contractor’s subcontractors, affiliates, agents or third parties, except as provided in the Agreement.
