Information Security Protocols Clause Samples

Information Security Protocols. Aon uses a layered approach to information security. Aon will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) HIPPA Security Rule; (b) ISO 27001; (c) maintain a documented Information Security Program which includes annual risk assessment and management procedures; (d) maintain the principle of least privilege; (e) classify and handle all Customer data as confidential and apply the necessary security and controls to support HIPAA/HITECH Act compliance; (f) maintain commercially customary physical security and access controls for its data center(s); (g) maintain commercially customary network security controls including firewall and intrusion prevention solutions; (h) maintain commercially customary redundancy at the demark, network and system layers; (i) maintain commercially customary monitoring solutions to continually manage health and capacity of the IT infrastructure components; (j) provide data encryption in a commercially customary manner of all data transmissions; (k) require a minimum of 128-bit SSL encryption for application access and use; (l) maintain and update anti-virus program; (m) require individual user accounts and passwords for any access; (n) maintain strong password requirements for all Aon-managed accounts; (o) maintain generally acceptable user account management processes and procedures; (p) maintain industry accepted data protection program; (q) maintain whole disk encryption for all laptops; (r) deploy software security patches in accordance with generally accepted industry best practices; (s) maintain and periodically test (at least annually) a commercially customary disaster recovery plan that provides adequate system backup, technology replacement, and alternate (backup-site) site capabilities; (t) follow commercially customary hardening procedures for system/device builds; (u) conduct ongoing vulnerability management through the use of commercially customary tools; (v) conduct periodic (at least annually) third party vulnerability assessments; (w) follow Open Web Application Security Project (OWASP) methodologies, guidelines and techniques for application development; (x) follow commercially customary change and release management practices for hardware and software changes; (y) follow commerci...

Information Security Protocols. SCONY ENTERPRISES has a documented HIPAA program on file, as well as, general policies and procedures with respect to handling sensitive client data. With respect to information security protocols and contractor performance while on assignment with the STATE OF FLORIDA, SCONY ENTERPRISES will adopt and advise our team members to conform to such procedures and practices advised by the STATE OF FLORIDA information technology division.

Information Security Protocols. A lengthy career of providing services to government organizations logically leads PCG to having a high degree of information security protocols. As such, PCG has successfully earned PCI (Payment Card Industry) & HIPAA compliance. As a regular collaborator with major state health organizations (i.e. ▇▇▇▇ and DOH), constant vigilance and understanding of security threats are paramount to both business success and, more importantly, the protection of those people whom our clients work to keep healthy. This is accomplished through solidified processes. One of which is our security management process: The security management process is the basis upon which PCG Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic data, necessitated by the nature of the project, client, or data itself. Assigned security responsibilities allow PCG to compartmentalize security tasks, so they are executed with the highest attention to detail. A single individual is appointed to this position. This position acts as the point of contact, the subject matter expert, the instructor and the voice of security concerns. PCG’s information access management enables it to control who sees what and when. This is accomplished by use of various levels of secure passwords, tokens and built in access controls. These access controls can be as simple as having a testing environment that isn’t connected to any other computers or networks, or as complex as a multi-level, profile based, custom positive/negative item access. This way, if one analyst needs access to financial information, all analysts won’t get access – only the one who needs it. This allows for confidentiality for projects and information. This scenario also allows for a single point of exit, should any information get out into the world. PCG employees are all knowledgeable in the field of technology, with technical degrees and years of experience of working with computers with client data. Due to multiple projects with the state Department of Health, security is at the forefront of all individual’s minds, especially when there are public facing projects. PCG has earned the knowledge, experience and wherewithal to continue to stay abreast of all security compromises that may surprise other businesses. It is a part of the culture here at PCG to keep our state and private clients protected to the best of our abilities. PCG’s facility access...

Information Security Protocols. Tec-Link has a documented HIPAA program on file, as well as, general policies and procedures with respect to handling sensitive client data. With respect to information security protocols and contractor performance while on assignment with the STATE OF FLORIDA, Tec-Link will adopt and advise our team members to conform to such procedures and practices advised by the STATE OF FLORIDA information technology division.

Information Security Protocols. IT Security Protocol is one other area that we stay uncompromised on. We ensure that the policy standards set forth are strictly adhered to by all staff involved with various operations. Ranging from Mobile Device management that calls for strict norms against use of cell phones and portable storage / access devices to network security involving restriction to uncertified sites for prevention of malware, IT security is strictly deployed in all areas that deal with sensitive and confidential information. Further, the use of pop 3 mail services, updated / licensed software and file access limitation to authorized teams / managers are few other IT protocols that we follow all throughout the year. Infrastructure security involving bio-metrics-reader/ access-card enabled entry is also installed to generate log reports of entry/exit by staff and 24/7 video surveillance.  DevCare Solutions’ procedures to timely accommodate a Customer’s designation of a job as one of special trust that requires a background screening. DevCare Solutions implements an elaborate method for requirement of high potential candidates. Our recruitment methodology employs the best of, employee referrals, own talent database and partners to source the ideal profile for the role. Hence, suitable candidates are selected, without the compromise of quality. More so, we are able to attract better resources primarily due to our lower margins on the cost factor, favoring the candidate, without having to demand flexibility on the pay scale from the client’s end.

Information Security Protocols. For Informational Purposes Only. Do Not Use. A. The DFS and Participating Agency shall comply with applicable Illinois court orders and subpoenas, Illinois and federal statutes, federal regulations, and Illinois administrative rules regarding confidential records or other information obtained by the parties to this Agreement. The records and information shall be protected by the parties to this Agreement from unauthorized disclosure. Any breach notification imposed by law shall be completed by party to this Agreement primarily responsible for said breach or improper dissemination of personally identifiable information or confidential records. Any costs resulting from a breach or improper dissemination shall be borne by the responsible party to this Agreement. B. The DFS will deploy and maintain its internal Laboratory Information Management System (LIMS), as well as the websites it makes available to the Participating Agency, utilizing information technology providers that are required by the DFS to adhere to the Federal Bureau of Investigation’s current Criminal Justice Information Services (CJIS) Security Policy. C. The Participating Agency shall only utilize computer and telecommunications systems that are permanently maintained within its physically secure locations to access secure websites designated by the DFS. D. The DFS shall ensure its websites follow required CJIS Security Policy protocols relating to information security and encrypted communication. E. When the DFS makes multi-factor authentication available and Participating Agency elects to utilize it, they may access DFS websites from devices that are not permanently maintained within physically secure location. Alternatively, if the Participating Agency has already implemented multi-factor authentication on its mobile devices in accordance with Sections 5.6 and 5.13 of the CJIS Security Policy, they may utilize these devices if permission is obtained from the Illinois CJIS Systems Officer with the Illinois State Police.

Information Security Protocols. As a partner with our Customer we are entrusted with their Confidential, Proprietary information and it is expected this information will be kept secure by the Company and its employees. Information security is addressed in our Standards of Conduct, Integrity and Ethics Program and is integral to a successful relationship with our Customer. As part of our hiring process, all new employees must sign a Jacobs Non-Disclosure Agreement. This agreement stays in full force as long as they are employed by Jacobs. Likewise, if an employee plans to leave our employ, there are required to review and sign the debrief statement on the Jacobs Non-Disclosure form which states they have a continued obligation to protect this information even after they leave our employ. Another element of our Standards of Conduct, Integrity and Ethics Program is our confidential 24-hour Jacobs Integrity Hotline. Employees are encouraged to use the hotline to report possible violations of the Jacobs policies, possible breaches in the security of Confidential and/Proprietary information whether it be Jacobs or our Customers’ information. The hotline is available for employees to seek guidance if they are unsure whether the information they have a concern with should be reported. In an effort to ensure employees feel they can report incidents without recourse, the hotline allows for anonymous reporting of incidents, or an employee can put the concern confidentially in writing. In order to allow for the appropriate level of action by the company, the information provided must provide a sufficiently detailed description of the factual basis for the report. The Company’s networks and shared data systems are other key areas of concern regarding information security and are an indispensable business tool in today’s environment. They allow employees to retrieve vital information quickly, improve communication while reducing costs, collaborate with partners and provide better customer service. While computer networks have revolutionized the business process, the risks they introduce could be fatal to a company. Attacks on networks can lead to lost money, time, products, and sensitive information. Systems, networks and sensitive information can be compromised by malicious or inadvertent actions at any time. The first and most important step to securing a network is the process of developing policies. Policies define what should be protected, why it should be protected, and how it should be protecte...

Information Security Protocols. Describe Respondent’s ability to ensure its employees protect confidential information. NTT DATA strives to earn the confidence of the clients we serve. We understand that unauthorized use or disclosure of customer data can be severely detrimental to business operations. NTT DATA’s code of conduct lays out the information security principles that every employee must follow. One of these principles is the duty to protect confidential customer information. Each year, we require all of our employees review our code of conduct, which includes our information security policy. Depending on specific requirements with respect to data security, we will also have every NTT DATA employee assigned to a State agency, sign an acknowledgement of his or her obligations to protect that agency’s data and the data of the people being served. We will provide our staff with the State’s data security rules and procedures as part of our onboarding process. In general, NTT DATA employees must review applicable security rules and procedures before starting work. They must also attend agency security briefings (if applicable). Our contract manager will reinforce protection of customer data with the candidates we assign to State agencies. Should a security incident occur, our contract manager will notify the State in writing within one business day. This notification will include a description of the incident, the information affected, and NTT DATA’s recommendations for mitigation and corrective action to make certain unauthorized use does not reoccur. We understand that if the breach of security concerns confidential personal information, we will be responsible for notifying affected persons.

Information Security Protocols. Enforcing strict Information Technology (IT) security protocols is important to safeguarding confidential and protected information of our customers. Our established “Safeguarding Confidential Information” standard IT security protocols, are used to educate our employees and contractors on best practices for reducing exposure to security breaches and data loss. We ensure: • Each of our staff working onsite or offsite follows the rules and requirements set forth by our customers as stated in their employee/operational handbook or project documentation, to protect confidential information. • Each employee understands that the company’s and customer’s protected and confidential information is strictly for business use only, and failure to abide by the procedures set forth in the employee handbook will result in immediate termination from employment. • Each of our staff sign, as part of the company orientation, a Non-Disclosure and Confidentiality statement to enforce protected confidential and sensitive information. In addition to ensuring the safeguard of confidential information, our work experience with the Florida Department of Education and the Florida Department of Health has familiarized us with standards such as HIPPA and FERPA and how to best enforce these, depending on project needs.