REQUIRED SECURITY OPERATIONAL PROCEDURES FOR E-DISCLOSURE EXERCISES Sample Clauses

REQUIRED SECURITY OPERATIONAL PROCEDURES FOR E-DISCLOSURE EXERCISES. The Supplier shall have appropriate policies, processes and procedures in place to ensure the operational security of their infrastructure as follows. Vulnerability management (patch management) The Supplier shall ensure that any exploitable vulnerability is managed. To that end the Supplier shall have a defined policy and supporting process to identify vulnerabilities, and prioritise and mitigate those vulnerabilities. The Supplier’s policy shall specify specific patch application periods and a process for auditing compliance. As a minimum, critical vulnerabilities shall be patched within 14 days, important vulnerabilities within 30 days and other vulnerabilities within 60 days. Where the Supplier knows that a vulnerability is being actively exploited then mitigatory action (e.g. patch applied) shall be taken immediately. Where a Supplier is unable to deploy a patch within the above minimum timescales then the Supplier shall take alternative mitigatory action within the same timescales including for example, but not limited to, disabling or reducing access to the vulnerable service. Secure configuration The Supplier shall ensure that all IT systems, software and services are appropriately configured to reduce the level of inherent vulnerability. In particular the Supplier shall ensure that applications, services, processes and ports not required are disabled by default. The Supplier shall ensure that default passwords are changed immediately, especially for any administrative functions. The Supplier shall keep configuration control of applications installed and technology that it uses. All changes and new versions of applications shall be recorded and managed (including a formal approval and documentation process) by the Supplier. The Supplier shall ensure that devices, systems and services have the capability to detect, isolate and respond to malicious software. Physical security The Supplier shall ensure that appropriately secure accommodation and appropriate policies and practices governing its use are in place to protect personnel, hardware, programs, networks and data from loss, damage or compromise. For services processing SECRET and TOP SECRET information, the Supplier’s accommodation from where the e-Disclosure service will be hosted must be in accordance with the requirements specified in: xxxxx://xxx.xxx.xx/government/publications/security-requirements-for-list-x-contractors Protective monitoring and intrusion detection The Supplier shall collec...
Sample 1
AutoNDA by SimpleDocs

Related to REQUIRED SECURITY OPERATIONAL PROCEDURES FOR E-DISCLOSURE EXERCISES

  • Relationship Disclosure Form The purpose of this form is to document any relationships between a bidder to an Orange County solicitation and the Mayor or any other member of Orange County, Florida. This form shall be completed and submitted with the applicable bid to an Orange County solicitation. No contract award shall be made unless these forms have been completed and submitted with the bid. Any questions concerning these forms shall be addressed to the contracting agent identified in this solicitation. Also, a listing of the most frequently asked questions concerning these forms is attached to each for your information.

  • PROCEDURES FOR SUPPLEMENTAL PAYMENT CALCULATIONS All calculations required by this Article VI, including but not limited to: (i) the calculation of the Applicant’s Stipulated Supplemental Payment Amount; (ii) the determination of both the Annual Limit and the Aggregate Limit; (iii) the effect, if any, of the Aggregate Limit upon the actual amount of Supplemental Payments eligible to be paid to the District by the Applicant; and (iv) the carry forward and accumulation of any of the Applicant’s Stipulated Supplemental Payment Amounts unpaid by the Applicant due to the Aggregate Limit in previous years, shall be calculated by the Third Party selected pursuant to Section 4.3.

  • Additional Procedures Applicable to High Value Accounts 1. If a Preexisting Individual Account is a High Value Account as of December 31, 2013, the Reporting [FATCA Partner] Financial Institution must complete the enhanced review procedures described in paragraph D of this section with respect to such account by December 31, 2014. If based on this review, such account is identified as a U.S. Reportable Account, the Reporting [FATCA Partner] Financial Institution must report the required information about such account with respect to 2013 and 2014 in the first report on the Account. For all subsequent years, information about the account should be reported on an annual basis.

  • Disclosure Statement for Xxxx IRAs 1. Am I Eligible to Contribute to a Xxxx XXX? Anyone with compensation income whose Modified Adjusted Gross Income (AGI) does not exceed the limits described below is eligible to contribute to a Xxxx XXX. (For convenience, all future references to compensation are deemed to mean “earned income” in the case of a self- employed individual.) Employers may also contribute to Xxxx IRAs established for the benefit of their employees. You may also establish a Xxxx XXX to receive rollover contributions or transfers from another Xxxx XXX or, in some cases, from a Traditional IRA. A Qualified Rollover Contribution can be made to a Xxxx XXX and is a distribution from an IRA that meets the requirements of section 408(d)(3), a rollover from a designated Xxxx account described in section 402A, or a rollover from an eligible retirement plan as described in section 402(c)(8)(B).

  • Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.

  • WHO WILL REVIEW THE INFORMATION DISCLOSED ON THE RELATIONSHIP DISCLOSURE FORM AND ANY UPDATES? The information disclosed on this form and any updates will be a public record as defined by Chapter 119, Florida Statutes, and may therefore be inspected by any interested person. Also, the information will be made available to the Mayor and the BCC members. This form and any updates will accompany the information for the applicant’s project or item. However, for development-related items, if an applicant discloses the existence of one or more of the relationships described above and the matter would normally receive final consideration by the Concurrency Review Committee or the Development Review Committee, the matter will be directed to the BCC for final consideration and action following committee review.

  • Overpayment Policies and Procedures Within 90 days after the Effective Date, Xxxxx shall develop and implement written policies and procedures regarding the identification, quantification and repayment of Overpayments received from any Federal health care program.

  • Contractor Requirements and Procedures For Business Participation Opportunities For New York State Certified Minority- and

  • PROCEDURES AND/OR CRITERIA FOR COURSE ARTICULATION a. Complete the ROP Careers with Children course at Freedom High School with a grade of “B” or better.

  • Contractor Requirements and Procedures For Business Participation Opportunities For NYS Certified Minority- and Women-Owned Business Enterprises and Equal Employment Opportunities for Minority Group Members and Women

Time is Money Join Law Insider Premium to draft better contracts faster.