Systems Security Clause Samples

Systems Security. (a) If PACTIV, Company, their Affiliates or their respective Personnel receive access to any of PACTIV’s, Company’s, or their respective Affiliates’, as applicable, Systems in connection with the Services, the accessing Party or its Personnel, as the case may be, shall comply with all of such other Party’s and its Affiliates’ reasonable Security Regulations known to such accessing Party or its Personnel or made known to such accessing Party or its Personnel in writing, and will not tamper with, compromise or circumvent any security, Security Regulations or audit measures employed by such other Party or its relevant Affiliate. (b) Each Party shall, and shall cause its Affiliates to, as required by applicable Law, (i) ensure that only those of its Personnel who are specifically authorized to have access to the Systems of the other Party or its Affiliates gain such access and (ii) prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including by notifying its Personnel regarding the restrictions set forth in this Agreement and establishing appropriate policies designed to effectively enforce such restrictions. (c) Each Party shall, and shall cause their respective Affiliates to, access and use only those Systems of the other Party and its Affiliates, and only such data and information within such Systems, to which they have been granted the right to access and use. Any Party and its Affiliates shall have the right to deny the Personnel of the other Party or its Affiliates access to such first Party’s or its Affiliates’ Systems, after prior written notice and consultation with the other Party, in the event the Party reasonably believes that such Personnel pose a security concern.

Systems Security. ‌ Insurer shall maintain policies, procedures, and practices related to system security and integrity that are in line with national industry standards and best practices. At least annually, Insurer shall review and update its policies, procedures, and practices for the following areas: a. Access Control; b. Incident Response; c. Data Loss Prevention; d. Disaster Recovery; e. Telework and remote access; and f. Information and Data security. Insurer shall provide ninety (90) Calendar Days’ prior notice of any planned, significant system changes, including changes or upgrades to claims processing, customer service, enrollment, or operating systems or any other systems that may materially impact services provided under this Contract. Insurer shall notify FHKC within three (3) Business Days of identification of any issues impacting Insurer’s claims processing related to this Contract. Insurer’s mail gateways shall be capable of sending and receiving encrypted emails for all services related to this Contract. Insurer’s use of an email gateway using a Transport Layer Security 1.2 connection satisfies this requirement. Insurer shall send only encrypted emails when such email contains PHI or PII. Insurer shall obtain a National Institute of Standards and Technology (NIST) compliant information security risk assessment conducted by an independent third party at least every three (3) years or be HITRUST certified. Insurer must obtain the first assessment within the first Contract Year unless Insurer completed such an assessment within two (2) years prior to the Contract Effective Date. An independent assessment following the NIST SP 800-30 guidance, or its successor, satisfies this requirement.

Systems Security a) Vendor must document and maintain adequate: b) Vendor must perform maintenance access to production servers over a protected, dedicated network between Vendor’s corporate offices and the production systems. Vendor must not perform maintenance access to production servers over the Internet.

Systems Security. (a) If any Citi Party or Banco de Chile Party, or its Personnel or authorized third party, will be given passwords and/or access codes or any other form or mechanism (collectively, “Passwords”) to limit or control access to any Banco de Chile Party’s or Citi Party’s, as applicable, computer systems or software (“Systems”) in connection with the performance of the Services, the accessing Party or its Personnel, as the case may be, shall comply with (i) the processes and procedures set forth in Schedule 5.4, and (ii) all of such other Party’s system security policies, procedures and requirements (as amended from time to time, the “Security Regulations”), and will not tamper with, compromise or circumvent any security or audit measures employed by such other Party. Such Passwords are Confidential Information as provided in Section 5.4(e), and may only be used by such receiving Party and its Authorized Users. Each of Citi and Banco de Chile represents that any user of the Banco de Chile Services or the Citi Services, as the case may be, gaining access by means of such Passwords has been expressly authorized by Citi and Banco de Chile, as the case may be, to use them. Where a Password has been provided to a Party’s employee, agent or customer, such Party shall cause such employee, agent or customer to cease all use of such Password if such employment, agency or customer relationship with such Party terminates for any reason, and in addition such Party shall give the other Party immediate notice of the need to de-activate such Password. Each Party acknowledges and agrees that the other Party may rely on any communications or instructions made online by a person using a Password as if coming from the person authorized to use such Password acting on behalf of such Party, and that any such communications or instructions, including any use or misuse of Passwords by anyone, will be binding on such Party and, if applicable, the person or entity to whom the Password was issued. (b) Each Party shall use commercially reasonable efforts to ensure that only those of its Personnel who are specifically authorized to have access to the Systems of the other Party gain such access, and to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its Personnel regarding the restrictions set forth in this Agreement and establishing appropriate policies designed to effectively enforce such restrictions. (c) If, at any t...

Systems Security. (a) If any Service Provider, or its personnel, will be given access to any Service Recipient’s computer systems or software (“Systems”) in connection with the performance of the Transition Services, Tricadia shall, or shall cause its Affiliates to, use reasonable best efforts to cause any third-party service provider, and their respective personnel, to comply with all of such Service Recipient’s written system security policies, procedures and requirements (as amended from time to time, the “Security Regulations”), and will not tamper with, compromise or circumvent any security or audit measures employed by such Service Recipient. (b) Tricadia shall, and shall cause its Affiliates and third-party service providers to, use its reasonable commercial efforts (i) to ensure that only those of its personnel who are specifically authorized to have access to the Systems of a Service Recipient gain such access and use such access only to the extent needed to provide a Transition Service, and (ii) to prevent unauthorized access, use, destruction, alteration or loss of information contained therein. Tricadia shall, and shall cause its personnel, its Affiliates and third-party service providers to, access and use only those Systems, and only such data and information within such Systems to which a Service Recipient has granted it the right to access and use. Tricadia and any other Service Provider will notify TAMCO and/or a Service Recipient immediately upon becoming aware of any violations by any of its personnel of this Section 4.03(b). (c) A Service Recipient shall have the right to deny the personnel of a Service Provider access to its Systems, after prior written notice, in the event the Service Recipient reasonably believes that such personnel pose a security concern. (d) All user identification numbers and passwords of a Service Recipient disclosed to a Service Provider, and any information obtained from the use of the Systems, shall be deemed confidential information of TAMCO subject to Section 5.01. (e) Tricadia will, and will cause its Affiliates to and will use reasonable best efforts to cause any third-party service provider to, cooperate with TAMCO and each other Service Recipient in investigating any apparent unauthorized access of TAMCO’s or such other Service Recipient’s Systems or any apparent unauthorized release by a Service Provider or such Service Provider’s personnel of information of TAMCO or its Affiliates that is deemed to be confidential unde...

Systems Security. When Buyer is given access to Seller’s computer system(s), facilities, networks (including voice or data networks) or software (“Systems”) in connection with the Transition Services or Migration Plan, Buyer shall comply with all lawful security regulations reasonably required by Seller from time to time “Security Regulations”), including without limitation the requirements set forth on Annex B hereto, and will not tamper with, compromise or circumvent any security or audit measures employed by Seller. Buyer’s Related Parties may be required to execute a separate system access agreement for individuals who are to have access to Seller’s Systems. Buyer shall ensure that only those users who are specifically authorized to gain access to Seller’s Systems as necessary to utilize the Transition Services or assist with the Migration gain such access and that such users do not engage in unauthorized destruction, alteration or loss of information contained therein. If at any time a Party determines that any personnel of Buyer has sought to circumvent or has circumvented Seller’s Security Regulations or other security or audit measures or that an unauthorized person has accessed or may access Seller’s Systems or a person has engaged in activities that may lead to the unauthorized access, destruction or alteration or loss of data, information or software, to the extent within Buyer’s control, Buyer or Seller, as appropriate, shall immediately terminate any such person’s access to Seller’s Systems and immediately notify Seller. In addition, a material failure to comply with the Security Regulations shall be a breach of this Agreement; in which case, Seller shall notify Buyer and both Parties shall work together to rectify said breach. If the breach is not rectified within ten (10) days of its occurrence, the Service Coordinators of both Parties shall be advised in writing of the breach and work together to rectify said breach. If the breach has not been rectified within ten (10) days from such notice to the Service Coordinators, Seller shall be entitled to immediately terminate the Transition Services to which the breach relates until such time as the breach is remedied.

Systems Security. ‌ Insurer shall maintain policies, procedures and practices related to system security and integrity that are in line with national industry standards and best practices. Insurer shall regularly, no less frequently than annually, review and update its policies, procedures and practices for the following areas: a. Telework and remote access; b. External data loss risk management; c. Internal data loss risk management; and d. Information and data security. Insurer shall provide ninety (90) Calendar Days’ prior notice of any planned, significant system changes, including changes or upgrades to claims processing, customer service, enrollment or operating systems or any other systems that may materially impact services provided under this Contract. Insurer shall notify FHKC within three (3) Business Days of identification of any issues impacting Insurer’s claims processing related to this Contract. Insurer’s mail gateways shall be capable of, and Insurer shall send, encrypted emails to FHKC when PHI or PII is involved. Insurer shall also ensure its mail gateways are capable of receiving FHKC’s encrypted emails. Insurer’s use of an email gateway using a Transport Layer Security connection satisfies this requirement. Insurer shall obtain a National Institute of Standards and Technology (NIST) compliant information security risk assessment conducted by an independent third party at least every three (3) years with the first assessment obtained within the first Contract Year unless such an assessment was completed within two (2) years prior to the Contract Effective Date. An independent assessment following the NIST SP800-30 guidance, or its successor, satisfies this requirement. 6-1 Security Incidents‌ Insurer shall report all security incidents to FHKC in accordance with Attachment B. Insurer shall be liable for financial consequences in the amount of five hundred dollars ($500) per Calendar Day for failure to provide all necessary information to FHKC in the format and timeframe required. Financial consequences apply to each Calendar Day beyond the due date until provided to FHKC in the required format, inclusive of the day provided to FHKC.

Systems Security. (a) If either Party or its personnel will be given access to any of the other Party’s computer systems or software (“Systems”) in connection with the performance of the Transition Services, the accessing Party or its personnel, as the case may be, shall comply with all of such other Party’s system security policies, procedures and requirements (as amended from time to time, the “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other Party. (b) Each Party shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other Party gain such access, and to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel regarding the restrictions set forth in this Agreement and establishing appropriate policies designed to effectively enforce such restrictions. (c) If, at any time, either Party determines that the other Party or its personnel has sought to circumvent, or has circumvented, its Security Regulations, that any unauthorized personnel of the other Party has accessed its Systems or that the other Party or any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software, such Party shall immediately terminate any such personnel’s access to the Systems and immediately notify the other Party. (d) Each Party and its personnel shall access and use only those Systems, and only such data and information with such Systems, to which it has been granted the right to access and use. Any Party shall have the right to deny the personnel of the other Party access to such Party’s Systems, after prior written notice, in the event such Party reasonably believes that such personnel pose a security concern.

Systems Security. ▇▇▇▇▇▇▇▇ ▇▇▇▇, Director Division of Compliance and Assessments Office of Information Security Office of Systems Suite 3383 Perimeter East Building ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ Baltimore, MD ▇▇▇▇▇-▇▇▇▇ Telephone: (▇▇▇) ▇▇▇-▇▇▇▇ Email: ▇▇▇▇▇▇▇▇.▇▇▇▇@▇▇▇.▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇▇, Government Information Specialist Office of Privacy and Disclosure Office of the General Counsel ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, ▇-▇▇▇ ▇▇▇▇ ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇-▇▇▇▇ Telephone: (▇▇▇) ▇▇▇-▇▇▇▇ Email: ▇▇▇▇▇▇.▇▇▇▇▇@▇▇▇.▇▇▇ ▇▇▇▇ ▇▇▇▇ Office of Data Exchange and International Agreements Office of Data Exchange, Policy Publications, and International Negotiations ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, ▇-▇-▇-F Annex Building Baltimore, MD ▇▇▇▇▇-▇▇▇▇ Telephone: (▇▇▇) ▇▇▇-▇▇▇▇ Email: ▇▇▇▇.▇▇▇▇@▇▇▇.▇▇▇