{"component": "clause", "props": {"groups": [{"samples": [{"hash": "8jb6agCzRnM", "uri": "/contracts/8jb6agCzRnM#information-systems-security", "label": "Terms and Conditions of Purchase", "score": 30.8571937319, "published": true}, {"hash": "bnlNZ8EUHe4", "uri": "/contracts/bnlNZ8EUHe4#information-systems-security", "label": "Terms and Conditions of Purchase", "score": 22.8918548939, "published": true}, {"hash": "eFOXHGBVidK", "uri": "/contracts/eFOXHGBVidK#information-systems-security", "label": "Terms and Conditions of Purchase", "score": 22.8904859685, "published": true}], "snippet_links": [{"key": "the-individual", "type": "clause", "offset": [3, 17]}, {"key": "operationally-critical-support", "type": "definition", "offset": [40, 70]}, {"key": "to-provide", "type": "definition", "offset": [159, 169]}, {"key": "adequate-security", "type": "clause", "offset": [170, 187]}, {"key": "information-systems", "type": "definition", "offset": [214, 233]}, {"key": "such-security", "type": "definition", "offset": [246, 259]}, {"key": "supplier-must", "type": "clause", "offset": [261, 274]}, {"key": "information-security", "type": "clause", "offset": [285, 305]}, {"key": "security-requirements", "type": "clause", "offset": [349, 370]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [374, 420]}, {"key": "controlled-unclassified-information", "type": "clause", "offset": [474, 509]}, {"key": "safeguarding-covered-defense-information-and-cyber-incident-reporting", "type": "clause", "offset": [588, 657]}, {"key": "federal-acquisition-regulation", "type": "clause", "offset": [670, 700]}, {"key": "applicable-to", "type": "clause", "offset": [738, 751]}, {"key": "purchase-orders", "type": "clause", "offset": [752, 767]}, {"key": "simplified-acquisition-threshold", "type": "definition", "offset": [784, 816]}], "size": 8, "snippet": "If the individual purchase order is for operationally critical support or for which performance will involve covered defense information, Supplier is required to provide adequate security on all covered contractor information systems. To provide such security, Supplier must implement information security protections, including compliance with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, \u201cProtecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.\u201d See DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DEC 2019). Federal Acquisition Regulation (FAR) Clauses GOVERNMENT (SEP 2006) (Applicable to purchase orders that exceed the simplified acquisition threshold ($150,000)).", "hash": "0744cf02335be57c2affc86c0f80df40", "id": 1}, {"samples": [{"hash": "21OWhHzQKmx", "uri": "/contracts/21OWhHzQKmx#information-systems-security", "label": "Service Agreement", "score": 34.2528600418, "published": true}, {"hash": "e1CYcIzZA91", "uri": "/contracts/e1CYcIzZA91#information-systems-security", "label": "Service Agreement", "score": 27.7624914442, "published": true}, {"hash": "8dY7hM4PBqv", "uri": "/contracts/8dY7hM4PBqv#information-systems-security", "label": "Secnumcloud Service Agreement", "score": 27.372347707, "published": true}], "snippet_links": [{"key": "technical-and", "type": "clause", "offset": [8, 21]}, {"key": "technical-means", "type": "definition", "offset": [26, 41]}, {"key": "information-system", "type": "clause", "offset": [69, 87]}, {"key": "confidentiality-of-data", "type": "clause", "offset": [161, 184]}, {"key": "the-related-services", "type": "definition", "offset": [214, 234]}, {"key": "by-the-client", "type": "clause", "offset": [345, 358]}, {"key": "the-framework", "type": "clause", "offset": [362, 375]}, {"key": "the-agreement", "type": "clause", "offset": [379, 392]}, {"key": "subject-to", "type": "definition", "offset": [397, 407]}, {"key": "service-agreement", "type": "clause", "offset": [413, 430]}], "size": 3, "snippet": "All the technical and non-technical means of protection, allowing an Information System to withstand events likely to compromise the availability, integrity and confidentiality of data processed or transmitted and the related services that these systems offer or make accessible. 3DS OUTSCALE Service(s) or Service(s): The IaaS services ordered by the CLIENT in the framework of the Agreement and subject to this Service Agreement in application thereof.", "hash": "bed8e453c5d5c0c2653ed5f924126b9d", "id": 2}, {"samples": [{"hash": "lAdIBjdlmsz", "uri": "/contracts/lAdIBjdlmsz#information-systems-security", "label": "Cooperation Agreement", "score": 17.4297667101, "published": true}, {"hash": "kQhdjZ10vxt", "uri": "/contracts/kQhdjZ10vxt#information-systems-security", "label": "Cooperation Agreement", "score": 17.0, "published": true}, {"hash": "f7HLAKBFn75", "uri": "/contracts/f7HLAKBFn75#information-systems-security", "label": "Cooperation Agreement", "score": 17.0, "published": true}], "snippet_links": [{"key": "security-policy", "type": "definition", "offset": [39, 54]}, {"key": "basis-of", "type": "clause", "offset": [81, 89]}, {"key": "information-and-communication-technology", "type": "definition", "offset": [115, 155]}, {"key": "to-ensure", "type": "clause", "offset": [156, 165]}, {"key": "availability-of", "type": "clause", "offset": [197, 212]}, {"key": "based-on", "type": "clause", "offset": [265, 273]}, {"key": "the-criteria", "type": "clause", "offset": [274, 286]}, {"key": "the-financial-year", "type": "definition", "offset": [326, 344]}, {"key": "international-standards", "type": "clause", "offset": [358, 381]}, {"key": "british-standard", "type": "definition", "offset": [401, 417]}, {"key": "code-of-practise", "type": "clause", "offset": [424, 440]}, {"key": "information-security-management", "type": "clause", "offset": [445, 476]}, {"key": "application-of", "type": "clause", "offset": [522, 536]}, {"key": "by-the-commission", "type": "clause", "offset": [565, 582]}, {"key": "security-measures", "type": "definition", "offset": [588, 605]}, {"key": "administrative-structure", "type": "clause", "offset": [630, 654]}, {"key": "management-and-control-systems", "type": "clause", "offset": [751, 781]}], "size": 3, "snippet": "A comprehensive information technology security policy shall be developed on the basis of an approved strategy for information and communication technology to ensure confidentiality, integrity and availability of all data:\n(a) Information systems security shall be based on the criteria laid down in the version applicable in the financial year concerned of International Standards Organisation 17799/British Standard 7799: Code of practise for Information Security Management (BS ISO/IEC 17799) and any guidelines on the application of these standards established by the Commission.\n(b) Security measures shall be adapted to the administrative structure, staffing and technological environments of each individual structure, authority or body of the management and control systems. The financial and technological effort shall be in proportion to the actual risks incurred.", "hash": "0777f0807b3bffe1c976c37240f99cef", "id": 3}, {"samples": [{"hash": "fcvbWUwu5vu", "uri": "/contracts/fcvbWUwu5vu#information-systems-security", "label": "Integrated Facilities Management Services Agreement", "score": 31.340862423, "published": true}, {"hash": "1wr7Vj46nIE", "uri": "/contracts/1wr7Vj46nIE#information-systems-security", "label": "Integrated Facilities Management Services Agreement (Amgen Inc)", "score": 22.5989048597, "published": true}, {"hash": "ku8cGrRiVZn", "uri": "/contracts/ku8cGrRiVZn#information-systems-security", "label": "Integrated Facilities Management Services Agreement (Amgen Inc)", "score": 21.0, "published": true}], "snippet_links": [{"key": "in-the-event", "type": "clause", "offset": [0, 12]}, {"key": "agreement-or", "type": "definition", "offset": [18, 30]}, {"key": "an-order", "type": "clause", "offset": [31, 39]}, {"key": "access-to-company", "type": "clause", "offset": [60, 77]}, {"key": "electronic-information-systems", "type": "clause", "offset": [80, 110]}, {"key": "by-provider", "type": "clause", "offset": [119, 130]}, {"key": "provider-shall", "type": "clause", "offset": [132, 146]}, {"key": "at-all-times", "type": "definition", "offset": [147, 159]}, {"key": "and-tools", "type": "clause", "offset": [191, 200]}, {"key": "without-limitation", "type": "clause", "offset": [273, 291]}, {"key": "to-determine", "type": "definition", "offset": [309, 321]}, {"key": "report-to", "type": "definition", "offset": [338, 347]}, {"key": "security-breaches", "type": "definition", "offset": [365, 382]}, {"key": "to-ensure", "type": "clause", "offset": [398, 407]}, {"key": "return-or-destruction", "type": "clause", "offset": [412, 433]}, {"key": "availability-of-information", "type": "clause", "offset": [566, 593]}, {"key": "access-methods", "type": "definition", "offset": [720, 734]}, {"key": "authorization-process", "type": "definition", "offset": [744, 765]}, {"key": "for-users", "type": "clause", "offset": [766, 775]}, {"key": "a-list", "type": "definition", "offset": [825, 831]}, {"key": "authorized-users", "type": "clause", "offset": [835, 851]}], "size": 3, "snippet": "In the event this Agreement or an Order provides for remote access to Company\u2019s electronic information systems (\u201cCIS\u201d) by Provider, Provider shall at all times protect CIS through procedures and tools deemed satisfactory to Company. Such procedures and tools shall include without limitation:\n(i) A mechanism to determine and immediately report to Company possible security breaches;\n(ii) Controls to ensure the return or destruction, at Company\u2019s direction, of information transmitted through CIS;\n(iii) A process for maintaining the confidentiality, integrity and availability of information transmitted through CIS; and\n(iv) Methods for controlling access to CIS, which shall include without limitation (i) permitted access methods; (ii) an authorization process for users\u2019 access and privileges; and (iii) maintenance of a list of authorized users.", "hash": "43b7bc28ea2e52118098bfc60b01abb6", "id": 4}, {"samples": [{"hash": "3Iu6SSI8flO", "uri": "/contracts/3Iu6SSI8flO#information-systems-security", "label": "Remote Working Policy", "score": 33.3781713177, "published": true}, {"hash": "9W6m60pylt8", "uri": "/contracts/9W6m60pylt8#information-systems-security", "label": "Remote Working Policy", "score": 25.8008213552, "published": true}], "snippet_links": [{"key": "employees-working", "type": "clause", "offset": [0, 17]}, {"key": "school-district", "type": "clause", "offset": [39, 54]}, {"key": "work-sites", "type": "clause", "offset": [70, 80]}, {"key": "use-district", "type": "definition", "offset": [88, 100]}, {"key": "other-devices", "type": "clause", "offset": [124, 137]}, {"key": "approved-by", "type": "definition", "offset": [153, 164]}, {"key": "the-technology", "type": "clause", "offset": [165, 179]}, {"key": "not-recommended", "type": "clause", "offset": [198, 213]}, {"key": "mobile-computing-devices", "type": "definition", "offset": [250, 274]}, {"key": "computer-software", "type": "definition", "offset": [290, 307]}, {"key": "remote-working", "type": "clause", "offset": [309, 323]}, {"key": "endpoint-protection", "type": "clause", "offset": [470, 489]}, {"key": "software-package", "type": "definition", "offset": [490, 506]}, {"key": "the-network", "type": "clause", "offset": [531, 542]}], "size": 3, "snippet": "Employees working for the Lake Preston School District at alternative work sites should use District provided computers and other devices that have been approved by the Technology Department. It is not recommended for Remote workers to use their own mobile computing devices, computers, or computer software. Remote Working networks should all be password secured and systems that access Lake Preston networks remotely must have an anti-malware (anti-virus) package, an endpoint protection software package installed that protects the network from advanced threats, and multi-factor authentication steps that have been approved by the Technology Department.", "hash": "69ff29f8fbbb2b11f412ef5cdf0dcc95", "id": 5}, {"samples": [{"hash": "gbeJYlliHUE", "uri": "/contracts/gbeJYlliHUE#information-systems-security", "label": "Master Purchase and Sale Agreement", "score": 31.340862423, "published": true}, {"hash": "l7jxX8LlGni", "uri": "/contracts/l7jxX8LlGni#information-systems-security", "label": "Master Purchase and Sale Agreement (Anda Networks Inc)", "score": 21.0, "published": true}], "snippet_links": [{"key": "access-to", "type": "definition", "offset": [24, 33]}, {"key": "information-systems", "type": "definition", "offset": [43, 62]}, {"key": "seller-will", "type": "clause", "offset": [64, 75]}, {"key": "security-of", "type": "clause", "offset": [90, 101]}, {"key": "set-out", "type": "definition", "offset": [135, 142]}, {"key": "exhibit-o", "type": "clause", "offset": [146, 155]}, {"key": "in-this-agreement", "type": "clause", "offset": [186, 203]}], "size": 2, "snippet": "If Nortel grants Seller access to Nortel\u2019s information systems, Seller will safeguard the security of Nortel\u2019s information systems, as set out in Exhibit O, attached to and incorporated in this Agreement.", "hash": "8454355b9ace75b288fcfb865e8f3d05", "id": 6}, {"samples": [{"hash": "9uHsbMqvVJU", "uri": "/contracts/9uHsbMqvVJU#information-systems-security", "label": "Sourcewell Stretch Agreement", "score": 32.3608012345, "published": true}], "snippet_links": [{"key": "information-security-program", "type": "definition", "offset": [20, 48]}, {"key": "security-monitoring", "type": "clause", "offset": [164, 183]}, {"key": "security-infrastructure", "type": "clause", "offset": [189, 212]}, {"key": "according-to", "type": "definition", "offset": [231, 243]}, {"key": "industry-standards", "type": "definition", "offset": [244, 262]}, {"key": "virus-protection", "type": "definition", "offset": [267, 283]}, {"key": "in-order-to", "type": "clause", "offset": [333, 344]}, {"key": "unauthorized-access", "type": "clause", "offset": [353, 372]}, {"key": "to-maintain", "type": "clause", "offset": [427, 438]}, {"key": "wireless-networks", "type": "definition", "offset": [485, 502]}], "size": 2, "snippet": "A major goal of our Information Security Program is to defend against security intrusion through a combination of layered prevention technologies and comprehensive security monitoring. Our security infrastructure has been designed according to industry standards for virus protection, firewalls and intrusion\u2010prevention technologies in order to prevent unauthorized access or compromises of CDW\u2019s network, systems and servers. To maintain this level of security, CDW: \u2022 Isolates guest wireless networks and unauthenticated connectivity from CDW internaltraffic", "hash": "2ca88235fbf24881913c0d4f8e8ace87", "id": 7}, {"samples": [{"hash": "fuKfYM4Hf8W", "uri": "/contracts/fuKfYM4Hf8W#information-systems-security", "label": "Contract for Enterprise Data Warehouse and Data Analytics and Reporting Module Services", "score": 25.4503764545, "published": true}], "snippet_links": [{"key": "the-supplier-shall", "type": "clause", "offset": [0, 18]}, {"key": "the-information-system", "type": "clause", "offset": [31, 53]}, {"key": "under-this-contract", "type": "clause", "offset": [63, 82]}, {"key": "comply-with", "type": "clause", "offset": [89, 100]}, {"key": "applicable-state-and-federal-laws", "type": "definition", "offset": [105, 138]}, {"key": "and-amendments", "type": "clause", "offset": [139, 153]}, {"key": "regulations-and-policies", "type": "clause", "offset": [155, 179]}, {"key": "relating-to", "type": "definition", "offset": [180, 191]}, {"key": "system-security", "type": "definition", "offset": [205, 220]}, {"key": "safeguarding-of-information", "type": "clause", "offset": [268, 295]}, {"key": "title-xix", "type": "definition", "offset": [311, 320]}, {"key": "social-security-act", "type": "clause", "offset": [328, 347]}, {"key": "national-institute", "type": "definition", "offset": [353, 371]}, {"key": "security-and-privacy-controls", "type": "clause", "offset": [419, 448]}, {"key": "hipaa-security-rule", "type": "definition", "offset": [464, 483]}, {"key": "cfr-part", "type": "clause", "offset": [488, 496]}, {"key": "part-164", "type": "clause", "offset": [525, 533]}, {"key": "health-insurance-portability-and-accountability-act", "type": "definition", "offset": [557, 608]}, {"key": "privacy-act-of", "type": "definition", "offset": [614, 628]}, {"key": "federal-information-security-management-act", "type": "clause", "offset": [638, 681]}, {"key": "health-information-technology", "type": "definition", "offset": [703, 732]}, {"key": "act-of-2009", "type": "definition", "offset": [766, 777]}, {"key": "processing-standards", "type": "clause", "offset": [813, 833]}, {"key": "publication-140", "type": "clause", "offset": [842, 857]}], "size": 1, "snippet": "The Supplier shall ensure that the information system provided under this Contract shall comply with all applicable state and Federal laws and amendments, regulations and policies relating to Medicaid and system security, confidentiality, integrity, availability, and safeguarding of information, including:\ni. Title XIX of the Social Security Act;\nii. National Institute of Standard and Technology, NIST SP 800-53 for security and privacy controls guidance;\niii. HIPAA Security Rule, 45 CFR Part 160 and Subparts A and C of Part 164, established under the Health Insurance Portability and Accountability Act;\niv. Privacy Act of 1974;\nv. Federal Information Security Management Act (FISMA) of 2002;\nvi. Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH);\nvii. Federal Information Processing Standards (FIPS), Publication 140-2.", "hash": "cb3a2bcbe934fdde1d698f649144454f", "id": 8}, {"samples": [{"hash": "kc0CdH2JA3e", "uri": "/contracts/kc0CdH2JA3e#information-systems-security", "label": "Master Services Agreement", "score": 32.1393643847, "published": true}], "snippet_links": [{"key": "the-installation", "type": "clause", "offset": [26, 42]}, {"key": "and-monitoring", "type": "clause", "offset": [99, 113]}, {"key": "security-and-backup", "type": "clause", "offset": [117, 136]}, {"key": "recovery-processes", "type": "clause", "offset": [137, 155]}, {"key": "security-systems", "type": "clause", "offset": [175, 191]}, {"key": "recovery-support", "type": "definition", "offset": [205, 221]}, {"key": "development-and-testing", "type": "clause", "offset": [238, 261]}, {"key": "consulting-services", "type": "definition", "offset": [268, 287]}, {"key": "emerging-technologies", "type": "clause", "offset": [331, 352]}, {"key": "the-county", "type": "definition", "offset": [375, 385]}, {"key": "security-posture", "type": "clause", "offset": [388, 404]}, {"key": "data-network", "type": "definition", "offset": [420, 432]}, {"key": "monitoring-services", "type": "clause", "offset": [518, 537]}, {"key": "network-traffic", "type": "clause", "offset": [573, 588]}, {"key": "and-security", "type": "clause", "offset": [603, 615]}, {"key": "to-ensure", "type": "clause", "offset": [616, 625]}, {"key": "security-of-the", "type": "clause", "offset": [644, 659]}, {"key": "related-components", "type": "definition", "offset": [690, 708]}, {"key": "virtual-servers", "type": "clause", "offset": [738, 753]}, {"key": "other-devices", "type": "clause", "offset": [808, 821]}, {"key": "county-network", "type": "definition", "offset": [840, 854]}], "size": 1, "snippet": "1.8.1 Generally, includes the installation, configuration, administration, operation, maintenance, and monitoring of security and backup/recovery processes as well as network security systems\n1.8.2 Backup/recovery support with procedural development and testing\n1.8.3 Consulting services through the identification and analysis of emerging technologies to improve or enhance the County's security posture to protect its data network, systems, workstations, and servers from internal and external attacks\n1.8.4 Network monitoring services including:\n1.8.4.1 Surveillance of network traffic, performance, and security to ensure the integrity and security of the County\u2019s networks and all its related components (human element, physical and virtual servers, domain controllers, desktops, laptops, printers, and other devices which utilize the County network)", "hash": "a65dd0a5ed5fec460e23c8370946edbc", "id": 9}, {"samples": [{"hash": "kggXC5T0EOt", "uri": "/contracts/kggXC5T0EOt#information-systems-security", "label": "Shared Services Agreement", "score": 32.0677492436, "published": true}], "snippet_links": [{"key": "the-board-and-the", "type": "clause", "offset": [0, 17]}, {"key": "provide-information", "type": "clause", "offset": [40, 59]}, {"key": "security-services", "type": "definition", "offset": [68, 85]}, {"key": "the-parties-will", "type": "clause", "offset": [87, 103]}, {"key": "with-respect-to", "type": "clause", "offset": [129, 144]}, {"key": "consistent-with", "type": "clause", "offset": [170, 185]}, {"key": "state-and-federal-laws-and-regulations", "type": "clause", "offset": [190, 228]}, {"key": "not-limited", "type": "clause", "offset": [273, 284]}, {"key": "video-recording", "type": "clause", "offset": [308, 323]}, {"key": "will-work", "type": "clause", "offset": [386, 395]}, {"key": "county-sheriff", "type": "definition", "offset": [414, 428]}, {"key": "law-enforcement-agencies", "type": "definition", "offset": [448, 472]}], "size": 1, "snippet": "The Board and the Recorder will jointly provide information systems security services. The Parties will cooperate and coordinate with respect to these security services, consistent with all State and Federal laws and regulations governing election security, including, but not limited to, threat monitoring, video recording, and cyber-attack prevention. Both the Recorder and the Board will work with the Maricopa County Sheriff\u2019s Office and other law enforcement agencies as warranted under this section.", "hash": "6d1f88431f34566fb2f2b3f679628034", "id": 10}], "next_curs": "CmUSX2oVc35sYXdpbnNpZGVyY29udHJhY3RzckELEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiVpbmZvcm1hdGlvbi1zeXN0ZW1zLXNlY3VyaXR5IzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"title": "Information Systems Security", "children": [["software-on-the-information-systems-must-be", "Software on the Information Systems must be"], ["i-understand", "I understand"]], "parents": [["information-and-communication", "Information and Communication"], ["security", "Security"], ["covenants-of-provider", "Covenants of Provider"], ["survival", "Survival"], ["other-transfer", "Other Transfer"]], "size": 32, "id": "information-systems-security", "related": [["information-systems", "Information Systems", "Information Systems"], ["information-services-traffic", "Information Services Traffic", "Information Services Traffic"], ["information-services", "Information Services", "Information Services"], ["security-systems", "Security Systems", "Security Systems"], ["access-to-information-systems", "Access to Information Systems", "Access to Information Systems"]], "related_snippets": [], "updated": "2025-07-07T12:37:50+00:00", "also_ask": [], "drafting_tip": null, "explanation": "The Information Systems Security clause establishes requirements and standards for protecting the confidentiality, integrity, and availability of information systems used in the course of a contract or business relationship. It typically mandates that parties implement appropriate technical and organizational measures, such as access controls, encryption, and regular security assessments, to safeguard data against unauthorized access or cyber threats. This clause serves to minimize the risk of data breaches and ensure compliance with relevant security regulations, thereby protecting both parties from potential financial and reputational harm."}, "json": true, "cursor": ""}}