Information Security Policies Clause Samples

POPULAR SAMPLE Copied 3 times
Information Security Policies. The Data Recipient must have in place and adhere to internal information security and privacy policies that address the roles and responsibilities of the Data Recipient's personnel, including both technical and non-technical personnel, who have direct or indirect access to the Data. These internal security and privacy policies must, at a minimum, include: security policy; organization of information security; asset management; human resources security; physical and environment security; communications and operations management; access control; information systems procurement, development and maintenance; information security incident management; business continuity management; and compliance.
View SourceView Similar (4)
Information Security Policies. And Guidelines For Access To Computers, Networks and Information By Non-Employee Personnel. 6.2.3.1 Information security policies and guidelines are designed to protect the integrity, confidentiality and availability of computer, networks and information resources. This summary provides a convenient reference for individuals who are not employees of the Party that provides the computer, network or information, but have authorized access to that Party’s systems, networks or information. Questions should be referred to AT&T or SBC-AMERITECH, respectively, as the providers of the computer, network or information in question. 6.2.3.2 It is each Party’s responsibility to notify its employees, contractors and vendors who will have access to the other Party’s network, on the proper security responsibilities identified within this Article. Adherence to these policies is a requirement for continued access to the other Party’s systems, networks or information. Exceptions to the policies must be requested in writing and approved by the other Party’s information security organization.
View SourceView Similar (7)
Information Security Policies. 14.1 Vendor has documented and published a set of information security policies that are aligned to industry best practices and standards for information security and reviewed periodically. Those policies address the following: (a) mobile device management; (b) workplace surveillance; (c) acceptable use; (d) asset management and classification; (e) access controls; (f) encryption and key management; (g) network security; (h) application security; (i) back ups; (j) system security; (k) physical and environmental security; (l) operational security; and (m) system acquisition, development and maintenance.
View SourceView Similar (4)
Information Security Policies. Sumo Logic will implement, maintain, and adhere to its internal information security and privacy policies that address the roles and responsibilities of Sumo Logic ’s personnel, including both technical and non-technical personnel, who have direct or indirect access to Your Data in connection with providing the Services. All Sumo Logic personnel with access to Your Data will receive annual training on Sumo Logic ’s ISMP.
View SourceView Similar (6)
Information Security Policies. 1.3.1. The Company shall have a defined and documented information security management system including an information security policy and procedures in place, which shall be approved by Company’s management. They shall be published within Company´s organization and communicated to relevant Company personnel. 1.3.2. The Company shall periodically review Company’s security policies and procedures and update them if required to ensure their compliance with this Appendix.
View SourceView Similar (5)
Information Security Policies. With respect to any information systems you use to store or process PII, you are responsible for ensuring that the owner(s) and operator(s) of such information systems implement and maintain policies and procedures that address the following areas: 1. Information security; 2. Data governance and classification; 3. Access controls and identity management; 4. Asset management; 5. Business continuity and disaster recovery planning and resources; 6. Capacity and performance planning; 7. Systems operations and availability concerns; 8. Systems and network security; 9. Systems and application development, quality assurance and change management; 10. Physical security and environmental controls; 11. Customer data privacy; 12. Encryption at rest and in transit; 13. Cryptographic controls;
View SourceView Similar (4)
Information Security Policies. As part of the ISMS, Box will implement, maintain, and adhere to its internal information security and privacy policies that address the roles and responsibilities of Box Personnel, including both technical and non-technical Box Personnel, who have direct or indirect access to Content in connection with providing the Box Service. Box’s information security policies provide for continual assessment and re-assessment of the risks to the security of the Box Service, including: (a) identification of internal and external threats that could result in a Security Breach (as defined below); (b) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of Content; and (c) assessment of the sufficiency of the policies, procedures and information systems of Box, and other arrangements in place, to control risks. Additionally, Box’s information security policies address appropriate protection against such risks. Box’s information security policies shall, at a minimum, include: 5.1 organization of information security 5.2 asset management 5.3 human resources security 5.4 physical and environment security 5.5 communications and operations management 5.6 access control
View SourceView Similar (4)
Information Security Policies. A. Contractor must have, and upon request by the DOE shall promptly provide the DOE with copies of its, information security policies that cover the following elements: 1. Data classification and privacy 2. Security training and awareness 3. Systems administration, patching and configuration 4. Application development and code review 5. Incident response
View SourceView Similar (3)
Information Security Policies. Administrator will implement, maintain and periodically review (no less frequently than annually) written policies and procedures that address the following areas: (a) information security, including administrative, technical and physical safeguards for Non-Public Personal Information protection; (b) data governance and classification; (c) access controls and identity management; (d) asset management; (e) business continuity and disaster recovery planning and resources; (f) capacity and performance planning; (g) systems operations and availability concerns; (h) systems and network security; (i) systems and application development, quality assurance and change management; (j) physical security and environmental controls; (k) customer data privacy; (l) patch management; (m) maintenance, monitoring and analysis of security audit logs; (n) vendor and third party service provider management; and (o) incident response, including clearly defined roles, decision making authority, prompt notice to be provided to affected individuals and/or regulatory authorities in the event of a cyber security incident as required by applicable law, and a logging and monitoring framework to allow the isolation of an incident.
View SourceView Similar (3)
Information Security Policies. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter
View SourceView Similar (3)