Security of Data a. Each of the parties shall:
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
Security of Access Code You may use one (1) or more access codes with your electronic fund transfers. The access codes issued to you are for your security purposes. Any access codes issued to you are confidential and should not be disclosed to third parties or recorded on or with the card. You are responsible for safekeeping your access codes. You agree not to disclose or otherwise make your access codes available to anyone not authorized to sign on your accounts. If you authorize anyone to use your access codes, that authority shall continue until you specifically revoke such authority by notifying the Credit Union. You understand that any joint owner you authorize to use an access code may withdraw or transfer funds from any of your accounts. If you fail to maintain the security of these access codes and the Credit Union suffers a loss, we may terminate your EFT services immediately.
Physical Security of Media Transfer Agent shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is stored by Transfer Agent (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on Transfer Agent encryption policies.
Security of State Information To the extent Contractor shall have access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Master Agreement the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
Creation, Perfection and Priority of Security Interests The representations and warranties regarding creation, perfection and priority of security interests in the Purchased Property, which are attached to this Agreement as Appendix B, are true and correct to the extent that they are applicable.
Perfection and Protection of Security Interest Borrower shall, at its expense, take all actions requested by FINOVA at any time to perfect, maintain, protect and enforce FINOVA's first priority security interest and other rights in the Collateral and the priority thereof from time to time, including, without limitation, (i) executing and filing financing or continuation statements and amendments thereof and executing and delivering such documents and titles in connection with motor vehicles as FINOVA shall require, all in form and substance satisfactory to FINOVA, (ii) maintaining a perpetual inventory and complete and accurate stock records, (iii) delivering to FINOVA warehouse receipts covering any portion of the Collateral located in warehouses and for which warehouse receipts are issued, and transferring Inventory to warehouses designated by FINOVA, (iv) placing notations on Borrower's books of account to disclose FINOVA's security interest therein and (v) delivering to FINOVA all letters of credit on which Borrower is named beneficiary. FINOVA may file, without Borrower's signature, one or more financing statements disclosing FINOVA's security interest under this Agreement. Borrower agrees that a carbon, photographic, photostatic or other reproduction of this Agreement or of a financing statement is sufficient as a financing statement. If any Collateral is at any time in the possession or control of any warehouseman, bailee or any of Borrower's agents or processors, Borrower shall notify such Person of FINOVA's security interest in such Collateral and, upon FINOVA's request, instruct them to hold all such Collateral for FINOVA's account subject to FINOVA's instructions. From time to time, Borrower shall, upon FINOVA's request, execute and deliver confirmatory written instruments pledging the Collateral to FINOVA, but Borrower's failure to do so shall not affect or limit FINOVA's security interest or other rights in and to the Collateral. Until the Obligations have been fully satisfied and FINOVA's obligation to make further advances hereunder has terminated, FINOVA's security interest in the Collateral shall continue in full force and effect.
Perfection and Priority of Liens Receipt by the Administrative Agent of the following:
Priority of Security Interest Borrower represents, warrants, and covenants that the security interest granted herein is and shall at all times continue to be a first priority perfected security interest in the Collateral (subject only to Permitted Liens that are permitted pursuant to the terms of this Agreement to have superior priority to Bank’s Lien under this Agreement). If Borrower shall acquire a commercial tort claim, Borrower shall promptly notify Bank in a writing signed by Borrower of the general details thereof and grant to Bank in such writing a security interest therein and in the proceeds thereof, all upon the terms of this Agreement, with such writing to be in form and substance reasonably satisfactory to Bank.
