Information Security Programs Clause Samples

The Information Security Programs clause requires parties to implement and maintain comprehensive measures to protect sensitive data from unauthorized access, disclosure, or breaches. Typically, this involves establishing policies, procedures, and technical safeguards such as encryption, access controls, and regular security assessments to ensure the confidentiality, integrity, and availability of information. The core function of this clause is to mitigate the risk of data breaches and ensure compliance with relevant data protection laws, thereby safeguarding both parties' sensitive information throughout the duration of their relationship.
POPULAR SAMPLE Copied 1 times
Information Security Programs. Each party will maintain a written information security program that contains administrative, technical and physical safeguards to protect against anticipated threats or hazards to the security, confidentiality or integrity of, the unauthorized or accidental destruction, loss, alteration or use of, and the unauthorized access to or acquisition of, Application Data to which such party has access. Each such information security program will be consistent with the requirements of applicable laws and regulations.
View SourceView Similar (2)
Information Security Programs. 5.1 The Company maintains a risk-based information security program to implement appropriate technical and organizational security measures which are detailed at ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇/privacy- center/information-security-policy, as amended, updated or replaced from time to time (the “Security Policy”). 5.2 Customer is solely responsible for taking appropriate risk-based steps to ensure the security of its account, and the Personal Data of its End-Users within the Customer’s control. You are responsible for independently determining whether the data security provided by Company adequately meets your obligations under Applicable Data Protection Laws. Customer is responsible to use the security features and functions provided by Company or finding an alternative for the Customer websites. Customer is responsible for ensuring all content that the Customer places within the Company network is free from vulnerabilities that could result in a compromise of the Company systems or the Personal Data of your End-Users. Company is not responsible for backing up your Personal Data or the Personal Data of your End-Users. You are also responsible for your secure use of the services, including protecting the security of your Personal Data in transit to and from the including to securely backup or encrypt any such Personal Data. For more information on your responsibility for account and network security see the Terms of Service.
View Source

Related to Information Security Programs

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Personal Information security breach a) Each Party shall notify the other party in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal information and to restore the integrity of the affected personal information as quickly as is possible. The Parties shall also be required to provide each other with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal information. b) The Parties shall provide on-going updates on the progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Parties must notify the South African Police Service; and/or the State Security Agency and the Information Regulator and the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Parties undertake to co‑operate in any investigations relating to security which is carried out by or on behalf of the other including providing any information or material in its possession or control and implementing new security measures.

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.