Maintain an Information Security Policy Sample Clauses

Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule.
Sample 1Sample 2Sample 3See All (24)
AutoNDA by SimpleDocs
Maintain an Information Security Policy. MUIS has a written program instructing its employees on how to protect Trust Data and otherwise meet the specifications set forth herein. ● XXXX has identified its Chief Information Security Officer to be in charge of its program, and shall ensure that this individual is available to the Trusts to respond to any questions and to work with the Trusts in the event of a breach of the security or confidentiality of Trust Data. MUIS regularly monitors this written program to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Trust Data. Where necessary, MUIS will update its security policies as necessary to limit risks and will provide summaries to the Trusts upon request. Specifically, XXXX agrees to: o Establish processes and procedures for identifying internal and external risks, responding to security violations, unusual or suspicious events, and similar incidents, to limit damage or unauthorized access to Trust Data, and to permit identification and prosecution of violators, and, as necessary, improve the effectiveness of safeguards to limit such risks, including employee training, ensuring ongoing employee compliance with its written program, and the development of measures for detecting and preventing security system failures. o Implement appropriate measures to dispose of any Trust Data that will protect against unauthorized access or use of that information, including but not limited to securely wiping electronic media and physical destruction of information stored on paper.
Sample 1Sample 2Sample 3See All (8)
Maintain an Information Security Policy. Partner's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: ● Maintaining security policies and procedures, ● Secure development, operation and maintenance of software and systems, ● Security alert handling, ● Security incident response and escalation procedures, ● User account administration, ● Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005.
Sample 1Sample 2Sample 3See All (6)
Maintain an Information Security Policy. CLIENT understands and agrees that they must implement and follow a security policy. These measures include: ● Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. ● Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. ● The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
Sample 1
Maintain an Information Security Policy a. Maintaining a security policy that includes information security.
Sample 1
Maintain an Information Security Policy. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
Sample 1
Maintain an Information Security Policy. The Parties ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant Parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: • Maintaining security policies and procedures; • Secure development, operation and maintenance of software and systems; • Security alert handling; • Security incident response and escalation procedures; • User account administration; • Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005. Secure Networks and Systems The Parties have installed and maintain firewall configurations to protect Personal Data that controls all traffic allowed between Recipient's (internal) network and untrusted (external) networks, as well as traffic into and out of more sensitive areas within its internal network. This includes current documentation, change control and regular reviews. Recipient does not use vendor-supplied defaults for system passwords and other security parameters on any systems and has developed configuration standards for all system components consistent with industry-accepted system hardening standards.
Sample 1
AutoNDA by SimpleDocs

Related to Maintain an Information Security Policy

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • File Security and Retention; Confidentiality A. USBFS and its agents will provide reasonable security provisions to ensure that unauthorized third parties do not have access to the Trust’s data bases, files, and other information provided by the Trust to USBFS for use with the Electronic Services, the names of End Users or End User transaction or account data (collectively, “Trust Files”). USBFS’s security provisions with respect to the Electronic Services, the Trust’s web site(s) and the Trust Files will be no less protected than USBFS’s security provisions with respect to its own proprietary information. USBFS agrees that any and all Trust Files maintained by USBFS for the Trust hereunder shall be available for inspection by the Trust’s regulatory authorities during regular business hours, upon reasonable prior written notice to USBFS, and will be maintained and retained in accordance with applicable requirements of the 1940 Act. USBFS will take such actions as are necessary to protect the intellectual property contained within the Trust’s web site(s) or any software, written materials, or pictorial materials describing or creating the Trust’s web site(s), including all interface designs or specifications. USBFS will take such actions as are reasonably necessary to protect all rights to the source code and interface of the Trust’s web site(s). In addition, USBFS will not use, or permit the use of, names of End Users for the purpose of soliciting any business, product, or service whatsoever except where the communication is necessary and appropriate for USBFS’s delivery of the Electronic Services.

  • Security and Confidentiality Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.

  • CONFIDENTIALITY/SAFEGUARDING OF INFORMATION The CONTRACTOR shall not use or disclose any information concerning the AGENCY, or information that may be classified as confidential, for any purpose not directly connected with the administration of this contract, except with prior written consent of the AGENCY, or as may be required by law.

  • Integrity and Confidentiality Escrow Agent will be required to (i) hold and maintain the Deposits in a secure, locked, and environmentally safe facility, which is accessible only to authorized representatives of Escrow Agent, (ii) protect the integrity and confidentiality of the Deposits using commercially reasonable measures and (iii) keep and safeguard each Deposit for one (1) year. ICANN and Registry Operator will be provided the right to inspect Escrow Agent’s applicable records upon reasonable prior notice and during normal business hours. Registry Operator and ICANN will be provided with the right to designate a third-­‐party auditor to audit Escrow Agent’s compliance with the technical specifications and maintenance requirements of this Specification 2 from time to time. If Escrow Agent receives a subpoena or any other order from a court or other judicial tribunal pertaining to the disclosure or release of the Deposits, Escrow Agent will promptly notify the Registry Operator and ICANN unless prohibited by law. After notifying the Registry Operator and ICANN, Escrow Agent shall allow sufficient time for Registry Operator or ICANN to challenge any such order, which shall be the responsibility of Registry Operator or ICANN; provided, however, that Escrow Agent does not waive its rights to present its position with respect to any such order. Escrow Agent will cooperate with the Registry Operator or ICANN to support efforts to quash or limit any subpoena, at such party’s expense. Any party requesting additional assistance shall pay Escrow Agent’s standard charges or as quoted upon submission of a detailed request.

Time is Money Join Law Insider Premium to draft better contracts faster.