Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.
System Security Review All systems processing and/or storing DHCS PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.
Aviation Security (1) Each Contracting Party reaffirms that its obligation to the other Contracting Party to protect the security of civil aviation against unlawful interference forms an integral part of this Agreement. Each Contracting Party shall in particular act in conformity with the aviation security provisions of the Convention on Offences and Certain Other Acts Committed on Board Aircraft, signed at Tokyo on 14 September 1963, the Convention for the Suppression of Unlawful Seizure of Aircraft, signed at The Hague on 16 December 1970 and the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, signed at Montreal on 23 September 1971.
Information Security Requirements In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-of-life” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan.
Application Security The ISP will require that in-house application development be governed by a documented secure software development life cycle methodology, which will include deployment rules for new applications and changes to existing applications in live production environments.
Diversity Report The Contractor shall report to each Customer, spend with certified and other minority business enterprises. These reports shall include the period covered, the name, minority code and Federal Employer Identification Number of each minority business utilized during the period, Commodities provided by the minority business enterprise, and the amount paid to each minority business on behalf of each purchasing agency ordering under the terms of this Contract.
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Zone File Access Agreement Registry Operator will enter into an agreement with any Internet user, which will allow such user to access an Internet host server or servers designated by Registry Operator and download zone file data. The agreement will be standardized, facilitated and administered by a Centralized Zone Data Access Provider, which may be ICANN or an ICANN designee (the “CZDA Provider”). Registry Operator (optionally through the CZDA Provider) will provide access to zone file data per Section 2.1.3 of this Specification and do so using the file format described in Section 2.1.4 of this Specification. Notwithstanding the foregoing, (a) the CZDA Provider may reject the request for access of any user that does not satisfy the credentialing requirements in Section 2.1.2 below; (b) Registry Operator may reject the request for access of any user that does not provide correct or legitimate credentials under Section 2.1.2 below or where Registry Operator reasonably believes will violate the terms of Section 2.1.5. below; and, (c) Registry Operator may revoke access of any user if Registry Operator has evidence to support that the user has violated the terms of Section 2.1.5 below.
ASSOCIATION SECURITY 5.01 The Hospital will deduct from each nurse covered by this Agreement an amount equal to the regular monthly Association dues designated by the Association. The deduction period for a part-time nurse may be extended where the nurse does not receive any pay in a particular month. Where a nurse has no dues deducted during the payroll period from which dues are normally deducted, that deduction shall be made in the next payroll period provided the nurse has earnings in the next payroll period. If the failure to deduct dues results from an error by the Hospital, then, as soon as the error is called to its attention by the union, the Hospital shall make the deduction in the manner agreed to by the parties. If there is no agreement, the Hospital shall make the deduction in the manner prescribed by the union.
UNION SECURITY 7.01 The Employer shall deduct monthly from the pay due to each employee who is covered by this Agreement a sum equal to the monthly Union dues of each such employee. Where an employee has no earnings during the first payroll period, the deduction shall be made in the next payroll period where the employee has earnings, within that month. The Union shall notify the employer in writing of the amount of such dues from time to time. The Employer will send to the Union its cheque for the dues so deducted in the month following the month in which the dues are deducted. When arrears or adjustments are submitted retroactively, the dues month and an explanation will accompany any such dues.
