INFORMATION SECURITY TRAINING Sample Clauses
The Information Security Training clause requires that individuals who have access to sensitive or confidential information receive appropriate training on how to protect that information. Typically, this means employees, contractors, or third parties must complete regular training sessions covering topics such as password management, recognizing phishing attempts, and proper data handling procedures. By mandating such training, the clause helps ensure that all relevant personnel are aware of security best practices, thereby reducing the risk of data breaches and ensuring compliance with organizational or legal information security standards.
INFORMATION SECURITY TRAINING. In addition to any training covered under paragraph (e) of HHSAR 352.239-72, the contractor shall comply with the below training:
a. Mandatory Training
1. All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information as defined at HHSAR 304.1300(a)(4), shall complete the NIH Computer Security Awareness Training course at ▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH- specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement.
2. The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request.
b. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about “NIH Information Security Awareness and Training Policy," at: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇/InfoSecurity/Policy/Documents/Final- InfoSecAwarenessTrainPol.doc. The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request.
INFORMATION SECURITY TRAINING. In addition to any training covered under paragraph (e) of HHSAR 352.239-72, the contractor shall comply with the below training:
INFORMATION SECURITY TRAINING. The contractor shall comply with the below training:
1. Mandatory Training
a. All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information, shall complete the NIH Computer Security Awareness Training course at ▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement.
b. The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request.
2. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about “NIH Information Security Awareness and Training Policy” at: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇/InfoSecurity/Policy/Documents/Final- InfoSecAwarenessTrainPol.doc. The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request.
INFORMATION SECURITY TRAINING. 6.1 The Supplier shall ensure that all employees, subcontractors, and third-party users involved in operating or processing ALCON Data are adequately trained and informed about applicable laws (including data protection laws), information security threats and their implications, and their respective responsibilities and obligations. They shall be equipped with appropriate tools to support the organization’s security policies during their duties.
6.2 When transmitting or transferring ALCON Data and/or Personal Data, the Supplier shall ensure that its personnel use the company’s or organization’s official email accounts and prohibit the use of personal email accounts for transmitting ALCON Data.
6.3 If any Supplier Personnel receives the following, the Supplier shall ensure that they comply with any applicable ALCON information security policies and participate in ALCON training (at no cost to ALCON):
(i) Identification badges (or other access mechanisms) issued by ALCON to allow entry into ALCON premises;
(ii) Personalized ALCON network access accounts (e.g., ALCON5-2-1 account);
(iii) ALCON laptops;
(iv) ALCON email accounts; and/or
(v) Any other type of access to the ALCON Environment. If the identity or role of any Supplier Personnel or subcontractor personnel changes in a manner that may affect their ability to access the ALCON Environment, the Supplier shall notify ALCON without undue delay. Such changes may include, but are not limited to, termination of employment, changes in job scope, or cessation of subcontractor engagement.
INFORMATION SECURITY TRAINING