Security Assessment. If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate the Agreement in accordance with Section 8 above.
Security Assessment a. The State requires any entity or third-party Supplier hosting Oklahoma Customer Data to submit to a State Certification and Accreditation Review process to assess initial security risk. Supplier submitted to the review and met the State’s minimum security standards at time the Contract was executed. Failure to maintain the State’s minimum security standards during the term of the Contract, including renewals, constitutes a material breach.
Security Assessment. 1. The State requires any entity or third-party Supplier Hosting Oklahoma Customer Data to submit to a State Certification and Accreditation Review process to assess initial security risk. Supplier submitted to the review and met the State’s minimum security standards at time the Contract was executed. Failure to maintain the State’s minimum security standards during the term of the contract, including renewals, constitutes a material breach. Upon request, the Supplier shall provide updated data security information in connection with a potential renewal. If information provided in the security risk assessment changes, Supplier shall promptly notify the State and include in such notification the updated information; provided, however, Supplier shall make no change that results in lessened data protection or increased data security risk. Failure to provide the notice required by this section or maintain the level of security required in the Contract constitutes a material breach by Supplier and may result in a whole or partial termination of the Contract.
Security Assessment. NIST Special Publication 800-37, Revision 1, encourages agencies to accept each other's security assessments in order to reuse information system resources and/or to accept each other's assessed security posture in order to share information. NIST 800-37 further encourages that this type of reciprocity is best achieved when agencies are transparent and make available sufficient evidence regarding the security state of an information system so that an authorizing official from another organization can use that evidence to make credible, risk-based decisions regarding the operation and use of that system or the information it processes, stores, or transmits. Consistent with that guidance, the Parties agree to make available to each other upon request system security evidence for the purpose of making risk-based decisions. Requests for this information may be made by either Party at any time throughout the duration or any renewal of this CMA.
Security Assessment. If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under this PO/agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to this PO/ agreement; and (iii) timely complete a security questionnaire from Accenture on a periodic basis upon Accenture’s request. Security issues identified by Accenture will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, Accenture may terminate this PO/ agreement in accordance with Section12 above.
Security Assessment. The State requires any entity or third-party vendor hosting Oklahoma Customer Data to submit to a State Certification and Accreditation Review process to assess initial security risk. Vendor submitted to the review and met the State’s minimum security standards at time the Contract was executed. Failure to maintain the State’s minimum security standards during the term of the Contract, including renewals, constitutes a material breach. To the extent Vendor requests a different sub-contractor than the third-party hosting vendor already approved by the State, the different sub-contractor is subject to the State’s approval. Vendor agrees not to migrate State’s data or otherwise utilize a different third-party hosting vendor in connection with key business functions that are Vendor’s obligations under the Contract until the State approves the third-party hosting vendor’s State Certification and Accreditation Review, which approval shall not be unreasonably withheld or delayed. In the event the third-party hosting vendor does not meet the State’s requirements under the State Certification and Accreditation Review, Vendor acknowledges and agrees it may not utilize such third-party vendor in connection with key business functions that are Vendor’s obligations under the Contract, until such third party meets such requirements. Security Incident Notification and Responsibilities: Vendor shall inform Customer of any Security Incident or Data Breach Vendor may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Contract. If a Security Incident involves Customer Data, Vendor will coordinate with Customer prior to making any such communication. Vendor shall report a Security Incident to the Customer identified contact set forth herein within five (5) days of discovery of the Security Incident or within a shorter notice period required by applicable law or regulation (i.e. HIPAA requires notice to be provided within 24 hours). Vendor shall: (i) maintain processes and procedures to identify, respond to and analyze Security Incidents; (ii) make summary information regarding such procedures available to Customer at Customer’s request, (iii) mitigate, to the extent practicable, harmful effects of Security Incidents that are known to Vendor; and (iv) documents all Security Incidents and their out...
Security Assessment. If IT One reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then IT One will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit IT One, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from IT One on a periodic basis upon IT One’s request. Security issues identified by IT One will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, IT One may terminate the Agreement in accordance with Section 8 above.
Security Assessment. If Accenture reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then Accenture will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit Accenture, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and
Security Assessment. Remediation In accordance with Attachment 17-C 30 days after final due date $9,500 monthly x x x x x x
Security Assessment. If Company or a Service Provider faits to comply with the Security Report obligations set forth above in Section 10.1 (Security Report), then, at any time, Ministerio de Hacienda will have a right to perform a security assessment (as set forth in this Section 10.2) on Company or such Service Provider. During any period of time in which Ministerio de Hacienda has the right to perform a security assessment on Company or a Service Provider, upon five (5) days' advanced written notice (except in emergency situations, where as much notice as reasonably practicable will be given), Company will permit, or will cause the Service Provider to permit, Ministerio de Hacienda or its designated Representative to review and access Company's or the Service Provider's (as applicable) books, records, third-party audit and examination reports, systems, facilities, controls, processes, procedures, and information regarding: (i) the use, processing, storage, treatment, and security of data, including Ministerio de Hacienda Data and Personal Data; (ii) the management of employees and Service Providers, including with respect to the foregoing obligations in Section 3 (Personnel Screening); and (iii) in the event of a Data Breach Incident (as defined in Section 12 (Data Breach) below), to locate the source and scope of the breach and provide Ministerio de Hacienda with any material information related to Ministerio de Hacienda, its Affiliates, Users, Ministerio de Hacienda Data, or Personal Data, with respect to such Data Breach incident (any such review and access, a "Security Assessment"). Any such Security Assessment will be conducted during normal business hours and in a manner designed to cause minimal disruption to Company's or the Service Provider's (as applicable) ordinary business activities. For purposes of this provision, an emergency situation will include any situation posing imminent risk of harm or damage (as determined by Ministerio de Hacienda) to Ministerio de Hacienda's or its Affiliates' respective systems or data, including the Bitcoin Digital Platform, Ministerio de Hacienda Data, or Personal Data, or any situation that could expose Ministerio de Hacienda or its Affiliates to legal, financial, or business liability, or cause Ministerio de Hacienda or its Affiliates to violate any Applicable Law.
