System and Application Controls Clause Samples

System and Application Controls i. All IU Health Confidential Information must be securely stored at all times to prevent loss and unauthorized access or disclosure. Industry best practices must be used to implement secure system configurations. ii. Business Associate shall maintain an asset inventory of all devices that access, store, process or transmit IU Health Confidential Information. iii. Systems that access IU Health Confidential Information must utilize endpoint protection which includes a personal firewall and anti-malware protection. iv. Only devices provided by or under the management of Business Associate or by IU Health may be used to access IU Health Confidential Information. Public resources such as hotel PC kiosks, or other public-access terminals such as those available in malls and airports, may not be used for this purpose. v. Operating systems and application software used must be currently supported by the manufacturer. vi. Current versions of operating system and application software must be maintained, and patches applied in a timely manner for all systems and applications that receive, maintain, process or otherwise access IU Health Confidential Information. vii. A vulnerability management program must be implemented to conduct at least quarterly vulnerability scanning and to ensure prompt remediation of medium and high risk vulnerabilities. viii. IU Health Confidential Information must not be used in any non-production environment such as testing or quality assurance unless de-identification of the data has been performed. ix. IU Health Confidential Information must not be commingled with data belonging to Business Associate or other clients of Business Associate unless otherwise agreed in writing.
View Source
System and Application Controls. 6.1 All Covered Entity Confidential Information must be securely stored at all times to prevent loss and unauthorized access or disclosure. 6.2 Laptop and workstation systems that access Covered Entity Confidential Information remotely must utilize endpoint protection which includes a personal firewall and anti- malware protection. 6.3 Operating systems and application software used must be currently supported by the manufacturer. 6.4 Current versions of operating system and application software must be maintained, and patches applied in a timely manner for all systems and applications that receive, maintain, process or otherwise access Covered Entity Confidential Information. 6.5 At least quarterly vulnerability scanning will be performed. Medium and high risk vulnerabilities identified during the scanning will be promptly remediated. 6.6 Covered Entity Confidential Information must not be used in any non-production environment such as testing or quality assurance unless de-identification of the data has been performed. In the event that de-identification is not practical or feasible compensating controls must be in place protecting the data to the same level of protection as afforded to production environment. 6.7 Covered Entity Confidential Information must be logically or physically segregated from other data controlled by Supplier or other clients of Supplier in such a way that the data may be identified as Covered Entity data and access controls implemented so that only those users authorized to access the data will be permitted to do so.
View Source
System and Application Controls. 8.1 All Anthem Confidential Information must be securely stored at all times to prevent loss and unauthorized access or disclosure. 8.2 Laptop and workstation systems that access Anthem Confidential Information will have encryption at rest and anti-malware protection. 8.3 Operating systems and application software used must be currently supported by the manufacturer. 8.4 Current versions of operating system and application software must be maintained, and patches applied in a timely manner for all systems and applications that receive, maintain, process or otherwise access Anthem Confidential Information. 8.5 At least quarterly vulnerability scanning will be performed. Medium and high risk vulnerabilities identified during the scanning will be promptly remediated. 8.6 Anthem Confidential Information must not be used in any non-production environment such as testing or quality assurance unless de-identification of the data has been performed. In the event that de-identification is not practical or feasible compensating controls must be in place protecting the data to the same level of protection as afforded to production environment. CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***], HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE HARM TO THE COMPANY IF PUBLICLY DISCLOSED. 8.7 Anthem Confidential Information must be logically or physically segregated from other data controlled by Supplier or other clients of Supplier in such a way that the data may be identified as Anthem data and access controls implemented so that only those users authorized to access the data will be permitted to do so.
View Source
System and Application Controls. 7.1 All Anthem Confidential Information must be securely stored at all times to prevent loss and unauthorized access or disclosure. 7.2 Laptop and workstation systems that access Anthem Confidential Information remotely must utilize endpoint protection which includes a personal firewall and anti-malware protection. 7.3 Operating systems and application software used must be currently supported by the manufacturer. 7.4 Current versions of operating system and application software must be maintained, and patches applied in a timely manner for all systems and applications that receive, maintain, process, or otherwise access Anthem Confidential Information. 7.5 Anthem Confidential Information must not be used in any non-production environment such as testing or quality assurance unless de-identification of the data has been performed. In the event that de-identification is not practical or feasible, compensating controls must be in place protecting the data to the same level of protection as afforded to the production environment. Anthem Confidential Information must not be placed into a non-production cloud computing environment. 7.6 Anthem Confidential Information must be segmented from non-Anthem Information so that appropriate controls are in place to identify the data as Anthem’s in all instances, including backup and removable media, and to appropriately restrict access only to users authorized to view the data. Logical separation must allow data to be deleted when it is no longer required. 7.7 Logical controls, virtual machine zoning, virtualization security and segregation must be in place to help prevent attacks and exposure in multi-tenancy environments containing Anthem Confidential Information. 7.8 Supplier shall maintain an asset management system which records the movement of hardware and electronic media and any persons responsible therefore.
View Source

Related to System and Application Controls

  • Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data. b. User Access - DST shall have a process to promptly disable access to Fund Data by any DST personnel who no longer requires such access. DST will also promptly remove access of Fund personnel upon receipt of notification from Fund.

  • Joint Funded Project with the Ohio Department of Transportation In the event that the Recipient does not have contracting authority over project engineering, construction, or right-of-way, the Recipient and the OPWC hereby assign certain responsibilities to the Ohio Department of Transportation, an authorized representative of the State of Ohio. Notwithstanding Sections 4, 6(a), 6(b), 6(c), and 7 of the Project Agreement, Recipient hereby acknowledges that upon notification by the Ohio Department of Transportation, all payments for eligible project costs will be disbursed by the Grantor directly to the Ohio Department of Transportation. A Memorandum of Funds issued by the Ohio Department of Transportation shall be used to certify the estimated project costs. Upon receipt of a Memorandum of Funds from the Ohio Department of Transportation, the OPWC shall transfer funds directly to the Ohio Department of Transportation via an Intra- State Transfer Voucher. The amount or amounts transferred shall be determined by applying the Participation Percentages defined in Appendix D to those eligible project costs within the Memorandum of Funds. In the event that the Project Scope is for right-of-way only, notwithstanding Appendix D, the OPWC shall pay for 100% of the right-of-way costs not to exceed the total financial assistance provided in Appendix C.

  • Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: ▇▇▇▇://▇▇▇.▇▇▇▇▇▇-▇▇▇▇▇.▇▇▇/508.htm.

  • CERTIFICATIONS; DISCLOSURE CONTROLS AND PROCEDURES The Adviser acknowledges that, in compliance with the ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act of 2002 (the “▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act”), and the implementing regulations promulgated thereunder, the Trust and the Fund are required to make certain certifications and have adopted disclosure controls and procedures. To the extent reasonably requested by the Trust, the Adviser agrees to use its best efforts to assist the Trust and the Fund in complying with the ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act and implementing the Trust’s disclosure controls and procedures. The Adviser agrees to inform the Trust of any material development related to the Fund that the Adviser reasonably believes is relevant to the Fund’s certification obligations under the ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act.

  • Public safety compliance The Hirer shall comply with all conditions and regulations made in respect of the premises by the Local Authority, the Licensing Authority, and the hall’s Fire Risk Assessment or otherwise, particularly in connection with any event which constitutes regulated entertainment, at which alcohol is sold or provided or which is attended by children. The Hirer shall also comply with the hall’s health and safety policy. The Fire Service shall be called to any outbreak of fire, however slight, and details shall be given to the secretary of the management committee. (a) The Hirer acknowledges that they have received instruction in the following matters: • The action to be taken in event of fire. This includes calling the Fire Brigade and evacuating the hall. • The location and use of fire equipment. (Include diagram of location when handing over keys.) • Escape routes and the need to keep them clear. • Method of operation of escape door fastenings. • Appreciation of the importance of any fire doors and of closing all fire doors at the time of a fire. • Location of the first aid box. (b) In advance of any activity whether regulated entertainment or not the Hirer shall check the following items: • That all fire exits are unlocked and panic bolts in good working order. • That all escape routes are free of obstruction and can be safely used for instant free public exit. • That any fire doors are not wedged open. • That exit signs are illuminated. • That there are no obvious fire hazards on the premises. • That emergency lighting supply illuminating all exit signs and routes are turned on during the whole of the time the premises are occupied (if not operated by an automatic mains failure switching device).