SECURITY AND PRIVACY SAFEGUARDS Sample Clauses

SECURITY AND PRIVACY SAFEGUARDS. General Security Requirements DHS-USCIS and ED will comply with all Federal requirements relating to information security, information systems security, and privacy, including the Federal Information Security Management Act of 2002 (FISMA), the E-Government Act of 2002, the Privacy Act of 1974, OMB memoranda related to privacy, and National Institute of Standards and Technology (NIST) directives in the Special Publications (SP) 800 series (e.g., NIST SP 800-53, and NIST SP 800-37). Specific security requirements include, but are not limited to, the following: • Data must be protected at the Moderate system certification criticality level according to Federal Information Processing Standards (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information Systems. • DHS-USCIS and ED’s CPS have completed the security authorization process (formerly called certification and accreditation) within the last three years, using the required NIST guidance, and have an Authorization to Operate (ATO) with the appropriate signatures. • Electronic files are encrypted using the FIPS 140-2 standard and, to the extent possible, are interoperable with ED’s personal identity verification logical access control card (PIV LAC) for Government Employees and support contractors authorized to have an HSPD-12 card (HSPD-12= Homeland Security Presidential Directive #12). FISMA requirements apply to all Federal contractors, organizations, or entities that possess or use Federal information, or that operate, use, or have access to Federal information systems on behalf of an agency. DHS-USCIS and ED agree that they are responsible for oversight and compliance of their own contractors and agents. DHS- USCIS and ED each reserve the right to conduct onsite inspections of any contractor or agent who has access to matched data in order to monitor compliance with FISMA regulations during the lifetime of this agreement. ED and DHS-USCIS will also comply with the personally identifiable information (PII) breach reporting and security requirements as required by OMB M-06-19, “Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments,” and XXX X-00-00, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” ED and DHS-USCIS also agree to notify each other as soon as possible, but no later than one hour, after the discovery of a susp...
Sample 1See All (4)
AutoNDA by SimpleDocs
SECURITY AND PRIVACY SAFEGUARDS. ED and DoD will comply with all Federal requirements relating to information security, information systems security, and privacy, including the Federal Information Security Modernization Act of 2014 (FISMA), the E-Government Act of 2002, OMB memoranda related to privacy, and National Institute of Standards and Technology (NIST) directives in the Special Publications (SP) 800 series (e.g., NIST SP 800-53, Rev. 4, and NIST SP 800-37, Rev. 1). Specific security requirements include, but are not limited to, the following:
Sample 1Sample 2
SECURITY AND PRIVACY SAFEGUARDS. 2.1 All eHealth Ontario Products and Services: eHealth Ontario’s security program is based on two standards from the International Organization for Standardization (ISO), as recommended by the Government of Canada: • ISO/IEC 27002:2005, – Code of Practice for Information Security Management, and • ISO/IEC 27001:2005, – Information Security Management Systems – Requirements. and is in compliance with the Personal Health Information Protection Act and the Freedom of Information and Protection of Privacy Act. Security of information and protection of privacy within, and by use of, eHealth Ontario’s products and services is achieved by collaboration of all parties who are partners in providing or using these services. For its part, eHealth Ontario has implemented the following safeguards:
Sample 1
SECURITY AND PRIVACY SAFEGUARDS. 1. SSS and ED will comply with all Federal requirements relating to information security, information systems security, and privacy, including the Federal Information Security Management Act of 2002, as amended by the Federal Information Security Modernization Act of 2014 (FISMA), section 208 of the E-Government Act of 2002, the Privacy Act, OMB Memorandum 08-05, “Implementation of Trusted Internet Connections (TIC)” and all subsequent related memoranda, OMB memoranda related to privacy, and National Institute of Standards and Technology (NIST) directives in the Special Publications (SP) 800 series (e.g., NIST SP 800-53, Rev. 4, and NIST SP 800-37, Rev. 1). Specific security requirements include, but are not limited to, the following:
Sample 1
SECURITY AND PRIVACY SAFEGUARDS eHealth Ontario warrants that it has implemented and will maintain strong administrative, physical and technical safeguards, consistent with industry best practices as applicable to health care systems in Ontario, to protect the Personal Health Information being transferred, processed or stored from theft, loss, unauthorised use, modification, disclosure, destruction and/or damage and will ensure its Representatives comply with its privacy and security requirements. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, staff training and confidentiality agreements. Additional information can be found at xxxx://xxx.xxxxxxxxxxxxxx.xx.xx/about.
Sample 1
SECURITY AND PRIVACY SAFEGUARDS eHealth Ontario has implemented strong administrative, physical and technical safeguards, consistent with industry best practices, to protect the information being transferred, processed or stored from theft, loss, unauthorised use, modification, disclosure, destruction and/or damage. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, staff training and confidentiality agreements.
Sample 1
SECURITY AND PRIVACY SAFEGUARDS 
Sample 1
AutoNDA by SimpleDocs

Related to SECURITY AND PRIVACY SAFEGUARDS

  • Security and Privacy 3. Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference, are located at xxxxx://xxxx.xxxxxxxxxxx.xxx/articles/Genesys Cloud-security-compliance/.

  • Data Security and Privacy 12.1 SERVICE PROVIDER acknowledges the importance of Data Security and agrees to adhere to the Terms and Conditions of the Data Security Policy of IIMC.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:

  • DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and members of its Group may presently have and, following the Effective Time, may gain access to or possession of confidential or proprietary information of, or personal information relating to, Third Parties (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or members of such Party’s Group, on the other hand, prior to the Effective Time; or (ii) that, as between the two Parties, was originally collected by the other Party or members of such Party’s Group and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause the members of its Group and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary information of, or personal information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or members of the other Party’s Group, on the one hand, and such Third Parties, on the other hand.

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Network Security and Privacy Liability Insurance During the term of this Contract, Supplier will maintain coverage for network security and privacy liability. The coverage may be endorsed on another form of liability coverage or written on a standalone policy. The insurance must cover claims which may arise from failure of Supplier’s security resulting in, but not limited to, computer attacks, unauthorized access, disclosure of not public data – including but not limited to, confidential or private information, transmission of a computer virus, or denial of service. Minimum limits: $2,000,000 per occurrence $2,000,000 annual aggregate Failure of Supplier to maintain the required insurance will constitute a material breach entitling Sourcewell to immediately terminate this Contract for default.

  • Security and Safety A. The Contractor warrants it is and shall remain in compliance with all applicable local, state and federal laws, regulations, codes and ordinances relating to fire, construction, building, health, food service and safety, including but not limited to the Hotel and Motel Fire Safety Act of 1990, Public Law 101-391. The Judicial Council may terminate this Agreement, pursuant to the termination for cause provision set forth herein, without penalty or prejudice if the Contractor fails to comply with the foregoing requirements.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

Time is Money Join Law Insider Premium to draft better contracts faster.