Security Protection Notice Sample Clauses

Open Split View

Download

Share

Cite

Security Protection Notice 

Sample 1Sample 2Sample 3See All (6)

Save

Copy

Related to Security Protection Notice

• Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

• Security Procedures The Fund shall comply with data access operating standards and procedures and with user identification or other password control requirements and other security procedures as may be issued from time to time by State Street for use of the System on a remote basis and to access the Data Access Services. The Fund shall have access only to the Fund Data and authorized transactions agreed upon from time to time by State Street and, upon notice from State Street, the Fund shall discontinue remote use of the System and access to Data Access Services for any security reasons cited by State Street; provided, that, in such event, State Street shall, for a period not less than 180 days (or such other shorter period specified by the Fund) after such discontinuance, assume responsibility to provide accounting services under the terms of the Custodian Agreement.

• Security Procedure The Client acknowledges that the Security Procedure it has designated on the Selection Form was selected by the Client from Security Procedures offered by State Street. The Client agrees that the Security Procedures are reasonable and adequate for its wire transfer transactions and agrees to be bound by any payment orders, amendments and cancellations, whether or not authorized, issued in its name and accepted by State Street after being confirmed by any of the selected Security Procedures. The Client also agrees to be bound by any other valid and authorized payment order accepted by State Street. The Client shall restrict access to confidential information relating to the Security Procedure to authorized persons as communicated in writing to State Street. The Client must notify State Street immediately if it has reason to believe unauthorized persons may have obtained access to such information or of any change in the Client’s authorized personnel. State Street shall verify the authenticity of all instructions according to the Security Procedure.

• SECURITY PROCESSES If requested by an Authorized User as part the Request for Quote process, Contractor shall complete a Consensus Assessment Initiative Questionnaire (CAIQ) including on an annual basis thereafter, if requested by the Authorized User. The CAIQ is available at Cloud Security Alliance (xxxxx://xxxxxxxxxxxxxxxxxxxxx.xxx/). The CAIQ may be used to assist the Authorized User in building the necessary assessment processes when engaging with Contractors. In addition to a request for a CAIQ, Contractor shall cooperate with all reasonable Authorized User requests for a Written description of Contractor’s physical/virtual security and/or internal control processes. The Authorized User shall have the right to reject any Contractor’s RFQ response or terminate an Authorized User Agreement when such a request has been denied. For example, Federal, State and local regulations and/or laws may require that Contractors operate within the Authorized User’s regulatory environment. In order to ensure that security is adequate and free of gaps in control coverage, the Authorized User may require information from the Contractor’s Service Organization Controls (SOC) audit report.

• Security Provisions Order 1600.72A, Contractor and Industrial Security Program applies to all Contractors, subcontractors, consultants, or any other persons (not visitors) who have access to FAA facilities, sensitive unclassified information, and resources. See Security Guidelines (Attachment J-9) for more details. The Government will update the document periodically to reflect the current FAA security policy. The Government designates all eFAST labor categories as enumerated in Attachment J-3 as low risk for the Risk/Sensitivity Level. Program office CORs will review labor category designations and indicate changes to the contractually designated default Risk/Sensitivity Level Designations as appropriate for their specific contracts or task orders. This would require a submission of a “Contractor Position Risk/Sensitivity Level Designation Record” form (FAA Form 1600-77).

• SECURITY POLICIES AND NOTIFICATIONS State Security Policies and Procedures The Contractor and its personnel shall review and be familiar with all State security policies, procedures and directives currently existing or implemented during the term of the Contract, including ITS Policy NYS-P03-002 Information Security Policy (or successor policy). Security Incidents Contractor shall address any Security Incidents in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy (or successor policy), including the New York State Cyber Incident Reporting Procedures incorporated therein or in such successor policy.

• Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.

• Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

• Identity Protection Law Grantee must have and maintain a formal written information security program that provides safeguards to protect Confidential Information from loss, theft, and disclosure to unauthorized persons, as required by the Oregon Consumer Information Protection Act, ORS 646A.600-646A.628. If Grantee or its agents discover or are notified of a potential or actual “Breach of Security”, as defined by ORS 646A.602(1)(a), or a failure to comply with the requirements of ORS 646A.600 – 628, (collectively, “Breach”) with respect to Confidential Information, Grantee must promptly but in any event within one calendar day (i) notify the Agency Grant Manager of such Breach and (ii) if the applicable Confidential Information was in the possession of Grantee or its agents at the time of such Breach, Grantee must (a) investigate and remedy the technical causes and technical effects of the Breach and (b) provide Agency with a written root cause analysis of the Breach and the specific steps Grantee will take to prevent the recurrence of the Breach or to ensure the potential Breach will not recur. For the avoidance of doubt, if Agency determines notice required of any such Breach to any individual(s) or entity(ies), Agency will have sole control over the timing, content, and method of such notice, subject to Grantee’s obligations under applicable law.

• Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.