Security Requirements of Information Systems Sample Clauses

Security Requirements of Information Systems a. Correct processing in applications
AutoNDA by SimpleDocs
Security Requirements of Information Systems. Correct processing in applications Contractor shall validate data input to applications to ensure the data is correct and appropriate, and incorporate validation checks to detect any corruption of information through processing errors or deliberate acts; Contractor has identified the requirements for ensuring authenticity and protecting message integrity in applications, and identified and implemented appropriate controls; and Contractor has validated the data output from an application to ensure that the processing of stored information is correct and appropriate to the circumstances.

Related to Security Requirements of Information Systems

  • Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.

  • Availability of Information To make DHCS PI and PII available to the DHCS and/or 15 COUNTY for purposes of oversight, inspection, amendment, and response to requests for records, 16 injunctions, judgments, and orders for production of DHCS PI and PII. If CONTRACTOR receives 17 DHCS PII, upon request by COUNTY and/or DHCS, CONTRACTOR shall provide COUNTY and/or 18 DHCS with a list of all employees, contractors and agents who have access to DHCS PII, including 19 employees, contractors and agents of its subcontractors and agents.

  • Collection and Use of Information (a) Licensee acknowledges that Licensor may, directly or indirectly through the services of Third Parties, collect and store information regarding use of the Software and about equipment on which the Software is installed or through which it otherwise is accessed and used, through:

  • Use and Protection of Information Recipient agrees to protect such Information of the Discloser provided to Recipient from whatever source from distribution, disclosure or dissemination to anyone except employees of Recipient with a need to know such Information solely in conjunction with Recipient’s analysis of the Information and for no other purpose except as authorized herein or as otherwise authorized in writing by the Discloser. Recipient will not make any copies of the Information inspected by it.

  • Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.

  • Supply of Information The Republic agrees to deliver or cause to be delivered to each Stock Exchange copies of such documents as may be reasonably required for the purpose of obtaining such listing.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Freedom of Information and Protection of Privacy Act ‌ The Supplier acknowledges that the City is subject to the Freedom of Information and Protection of Privacy Act (British Columbia), which imposes significant obligations on the City’s contractors to protect all personal information acquired from the City in the course of providing any service to the City.

  • Freedom of Information and Transparency The Supplier acknowledges that the Authority and Other Contracting Bodies are subject to the requirements of the FOIA and the Environmental Information Regulations and shall assist and co-operate with the Authority and the Other Contracting Bodies to enable the Authority and Other Contracting Bodies to comply with their Information disclosure obligations in relation to this Framework Agreement and any Call Off Agreements. The Supplier shall: transfer to the Authority and/or the relevant Other Contracting Bodies, as applicable, all Requests for Information that it receives as soon as practicable and in any event within two (2) Working Days of receiving a Request for Information; and provide all necessary assistance reasonably requested by the Authority and/or the Other Contracting Body to enable the Authority and/or the Other Contracting Body to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. The Authority shall be responsible for determining in absolute its discretion and notwithstanding any other provision in this Framework Agreement or any other agreement whether the Commercially Sensitive Information and/or any other Information is exempt from disclosure in accordance with the provisions of the FOIA or the Environmental Information Regulations. In no event shall the Supplier respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Supplier acknowledges that (notwithstanding the provisions of this Clause FW-40.) the Authority may, acting in accordance with the Ministry of Justice’s Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (“the Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Supplier or the Services: in certain circumstances without consulting the Supplier; or following consultation with the Supplier and having taken its views into account; provided always that where Clause FW-40.5.1 applies the Authority shall, in accordance with any recommendations of the Code, take reasonable steps, where appropriate, to give the Supplier advanced notice, or failing that, to draw the disclosure to the Supplier’s attention after any such disclosure. The Supplier acknowledges that the description of information as Commercially Sensitive Information as notified to the Authority prior to the Commencement Date is of an indicative nature only and that the Authority and Other Contracting Body may be obliged to disclose the Commercially Sensitive Information in accordance with this Clause FW-40.. Subject to any information which is exempt from disclosure under the FOIA and notwithstanding any other term of this Framework Agreement or the Call Off Agreement, the Supplier agrees that the contents of the Framework Agreement and the Call Off Agreement are not Confidential Information and the Supplier hereby gives his consent for the Authority to publish this Framework Agreement and for the Contracting Body to publish the Call Off Agreement in their entirety including from time to time agreed changes to this Framework Agreement and/or the Call Off Agreement, to the general public.

  • Furnishing of Information; Public Information (a) Until the earliest of the time that (i) no Purchaser owns Securities or (ii) the Warrants have expired, the Company covenants to maintain the registration of the Common Stock under Section 12(b) or 12(g) of the Exchange Act and to timely file (or obtain extensions in respect thereof and file within the applicable grace period) all reports required to be filed by the Company after the date hereof pursuant to the Exchange Act even if the Company is not then subject to the reporting requirements of the Exchange Act.

Time is Money Join Law Insider Premium to draft better contracts faster.