Security Standards. The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.
Security Standards. To the extent Contractor has access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre- employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security Standards. To the extent Contractor has access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication;
Security Standards. 9.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s:
Security Standards. To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include, but not be limited to, encryption at rest and multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security Standards. 4.1. We are currently ISO27001 certified, and we undertake to maintain this certification for the Licence Term. ISO27001 certification demands best in class controls across:
Security Standards. 3.1.1 TCP shall implement reasonable security procedures consistent with industry standards to protect Client Data from unauthorized access, including without limitation (i) industry- standard encryption of data at rest within TCP’s data centers; (ii) web application firewalls; (iii) virus detection and anti-virus software; (iv) authentication techniques, such as user names and passwords, or authorization formats, which limit access to particular TCP personnel; and (v) additional security controls consistent with SOC 2 Type II reporting standards.
Security Standards a. Partner shall implement and maintain commercially reasonable and appropriate physical, technical and organizational security measures to protect Personal Data against accidental or unlawful destruction; accidental loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed; all other unlawful forms of Processing; including (as appropriate): (i) the pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
Security Standards. “Security Standards” shall mean the Security Standards at 45 CFR parts 160, 162 and 164, as amended by the HITECH Act and HIPAA Regulations and Guidance.
Security Standards. BUSINESS ASSOCIATE shall take appropriate security measures (i) to protect the confidentiality, integrity and availability of UNIVERSITY's Electronic PHI information that it creates receives, maintains, or transmits on behalf of the UNIVERSITY and (ii) to prevent any use or disclosure of UNIVERSITY's PHI other than as provided by the Agreement and this BA AGREEMENT. Appropriate security measures include the implementation of the administrative, physical and technical safeguards specified in Subpart C of 45 CFR Part 164 of the HIPAA Security Rule.
