Data Security Program Sample Clauses

Data Security Program. (a) The Supplier will maintain and comply with a comprehensive Security Program that conforms to (a) VITA Rules, including all VITA Rules comprising the then-current Commonwealth security procedures, including those found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/resources/vita-rules/ or successor URL(s), and (b) the Federal Information Security Management Act (or FISMA), 44 U.S.C. § 3541, et seq., and any other applicable Laws, and (c) Exhibit 2.1
Sample 1Sample 2Sample 3
AutoNDA by SimpleDocs
Data Security Program. Company will maintain a comprehensive written information security program that includes technical, physical, and administrative/organizational safeguards designed to (i) ensure the security and confidentiality of Ministerio de Hacienda Data and Personal Data, (H) protect against any anticipated threats or hazards to the security and integrity of Ministerio de Hacienda Data and of Personal Data, (Hi) protect against any actual or suspected unauthorized processing, loss, or acquisition of any Ministerio de Hacienda Data and any Personal Data, and (iv) ensure the proper disposal of Ministerio de Hacienda Data and Personal Data. Company will ensure that such program satisfies all of the requirements set forth in this Exhibit B and that Company complies with all such requirements, as well as any other written information security policies, procedures, and guidelines that are applicable to the Services. As used in this Exhibit B, the terms "systems", "information systems", and the like, include all information technology systems and all other Technology. Capitalized terms used but not defined in this Exhibit B will have the meanings set forth in the MSA.
Sample 1Sample 2
Data Security Program. Service Provider shall maintain a documented security program that has reasonable administrative, technical, and physical safeguards that are commensurate with the laws and industry standards relevant to Service Provider’s business activities and protects AbbVie Data according to its sensitivity. The minimum standards for Service Provider’s security controls that shall apply to the Services are set forth in Schedule A (AbbVie Third Party Security Controls). This information is confidential to AbbVie.
Sample 1Sample 2
Data Security Program. ACS shall at all times maintain in effect a comprehensive data security program that includes reasonable and appropriate technical, organizational and physical security measures designed to protect against the destruction, loss, unauthorized access and/or alteration of data, including Symetra Data, in ACS’ possession, and which shall be: (a) no less rigorous than those measures maintained (or required to be maintained) by Symetra as of the Restatement Date (or required or implemented by Symetra in the future); (b) no less rigorous than those measures maintained by ACS for its own information of a similar nature; (c) no less rigorous than those measures that generally are implemented by providers of outsourcing services; and (d) compliant with all Symetra policies and procedures with which Symetra advises ACS it is required to comply (provided that ACS’ compliance with any such Symetra policies and procedures that are implemented and/or modified following the Restatement Date shall be effected through the Change Management Procedures), including those relating to the privacy, security, preservation and retention of data. The content and implementation of such data security program and associated technical, organizational and security measures shall be fully documented by ACS in the Service Delivery Reference Manual. From time to time, but not less frequently than annually, ACS proactively shall provide to Symetra information regarding industry-leading security best practices and ACS’ recommendations for implementing any of such practices. If Symetra wants to implement any of such practices, the Parties shall do so in accordance with the Change Management Procedures.
Sample 1Sample 2
Data Security Program. Company will maintain a comprehensive written information security program that includes technical, physical, and administrative/organizational safeguards designed to (i) ensure the security and confidentiality of Republic Data and Personal Data, (ii) protect against any anticipated threats or hazards to the security and integrity of Republic Data and of Personal Data, (iii) protect against any actual or suspected unauthorized processing, loss, or acquisition of any Republic Data and any Personal Data, and (iv) ensure the proper disposal of Republic Data and Personal Data. Company will ensure that such program satisfies all of the requirements set forth in this Exhibit B and that Company complies with all such requirements, as well as any other written information security policies, procedures, and guidelines that are applicable to the Services. As used in this Exhibit B, the terms "systems", "information systems", and the like, include all information technology systems and all other Technology. Capitalized terms used but not defined in this Exhibit B will have the meanings set forth in the MSA.
Sample 1
Data Security Program. The Center shall implement maintain and comply with komplexní programy, praktiky a postupy pro zabezpečení informací a sítí, které upravují provádění Studie (souhrnně „Program zabezpečení údajů“), které: (i) splňují současné nejlepší standardy v oboru; a (ii) jsou v souladu se všemi Platnými zákony o ochraně osobních údajů a zabezpečení údajů. Centrum písemně zdokumentuje svůj Program zabezpečení údajů a na vyžádání CRO nebo Zadavatele zpřístupní tyto dokumenty CRO nebo Zadavateli ke kontrole. Centrum bude udržovat svůj Program zabezpečení údajů aktuální. comprehensive information and network security programs, practices and procedures that govern the conduct of the Study (collectively, “Data Security Program”) that: (i) meets current best industry standards; and (ii) complies with all Applicable Privacy and Data Security Laws. The Center shall document its Data Security Program in written form and shall make those documents available to CRO or Sponsor for review upon CRO’s or Sponsor’s request. The Center shall keep its Data Security Program current and up- to-date.
Sample 1
Data Security Program. Vendor shall maintain in effect at all times a comprehensive data security program that includes reasonable and appropriate administrative, technical and physical security measures designed to detect, prevent and mitigate the risk of identity theft and protect against the destruction, loss, unauthorized access, disclosure, use and/or alteration of data (whether or not encrypted), including but not limited to Confidential Information, Customer Data, and Data, in Vendor's possession or under Vendor's control, and which shall be no less rigorous than those measures that are required to be maintained by Vendor to comply with applicable Laws and Regulations, including but not limited to, the current State of Washington Office of the Chief Information Officer (OCIO) IT Security Standards (OCIO 141.10) relating to Securing Information Technology Assets Standards, and shall ensure that all such safeguards, including the manner in which Confidential Information, Customer Data, and Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Contract. At WSDOT’s request, Vendor will provide the data security program to WSDOT for its review, and WSDOT shall have the right to provide feedback and comment on Vendor's data security program. If Vendor recommends certain security features that WSDOT does not approve, the matter will be escalated to the WSDOT and Vendor Contracting Officers for final resolution.
Sample 1
AutoNDA by SimpleDocs
Data Security Program. Provider shall maintain through the Term of the Agreement a comprehensive written data security program (“Data Security Program”) that satisfies the requirements under this Section 3. Without limiting the generality of Section 3.3, Provider’s Data Security Program must, at a minimum, comply with the most recently published version of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (IG3), and provide for: (a) protection of business facilities, paper files, servers, computing equipment, including all mobile devices and other equipment with information storage capability, and backup systems containing any Company Personal Data; (b) network, application (including databases) and platform security; (c) business systems segmentation designed to optimize security; (d) secure transmission and storage of Company Personal Data (whether by strong encryption or other equally protective measures); (e) authentication and access control mechanisms (including strong password management practices); and (f) personnel security and integrity requirements. Provider shall provide annual training to personnel and subcontractors on how to comply with the Provider’s Data Security Program. Provider shall regularly test and monitor the effectiveness of its Data Security Program and shall evaluate and adjust its Data Security Program in light of the results of such testing and monitoring. Provider shall notify Company of: (i) any material changes to its Data Security Program, and (ii) any other changes that may have a material effect on its Data Security Program.
Sample 1

Related to Data Security Program

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Security Procedures The Fund shall comply with data access operating standards and procedures and with user identification or other password control requirements and other security procedures as may be issued from time to time by State Street for use of the System on a remote basis and to access the Data Access Services. The Fund shall have access only to the Fund Data and authorized transactions agreed upon from time to time by State Street and, upon notice from State Street, the Fund shall discontinue remote use of the System and access to Data Access Services for any security reasons cited by State Street; provided, that, in such event, State Street shall, for a period not less than 180 days (or such other shorter period specified by the Fund) after such discontinuance, assume responsibility to provide accounting services under the terms of the Custodian Agreement.

  • Security Procedure The Client acknowledges that the Security Procedure it has designated on the Selection Form was selected by the Client from Security Procedures offered by State Street. The Client agrees that the Security Procedures are reasonable and adequate for its wire transfer transactions and agrees to be bound by any payment orders, amendments and cancellations, whether or not authorized, issued in its name and accepted by State Street after being confirmed by any of the selected Security Procedures. The Client also agrees to be bound by any other valid and authorized payment order accepted by State Street. The Client shall restrict access to confidential information relating to the Security Procedure to authorized persons as communicated in writing to State Street. The Client must notify State Street immediately if it has reason to believe unauthorized persons may have obtained access to such information or of any change in the Client’s authorized personnel. State Street shall verify the authenticity of all instructions according to the Security Procedure.

  • Privacy and Data Security (a) The parties will keep confidential any information regarding the Trust, the Variable Accounts, and Contract Owners received in connection with providing services and meeting their respective obligations hereunder, except: (a) as necessary to provide the services or otherwise meet their respective obligations under this Agreement; (b) as necessary to comply with applicable law; and (c) information regarding the Trust or Variable Accounts which is otherwise publicly available. The parties will maintain internal safekeeping procedures to safeguard and protect the confidentiality of the data transmitted to another party or its designees or agents in accordance with Section 248.11 of Regulation S-P (17 CFR 248.1–248.30) (“Reg S-P”) and any other applicable federal or state privacy laws and regulations, including without limitation 201 CFR 17.00 et seq. and applicable security breach notification regulations (collectively “Privacy Laws”). Each party shall use such data solely to effect the services contemplated herein, and none of the parties will directly, or indirectly through an affiliate, disclose any non-public personal information protected under Privacy Laws (“Non-public Personal Information”) received from another party to any person that is not an affiliate, designee, service provider, or agent of the receiving party and provided that any such information disclosed to an affiliate, designee, service provider, or agent will be under the same or substantially similar contractual limitations on use and non-disclosure and will comply with all legal requirements. The Company will not use information, including Non-public Personal Information, directly or indirectly provided to it by Nationwide or its designees or agents pursuant to this Agreement for the purpose of marketing to Contract Owners or any other similar purpose, except as may be agreed by the parties hereto. Except for confidential information consisting of Non-public Personal Information, which will be governed in all respects in accordance with the immediately preceding sentence, confidential information does not include information which (i) was publicly known and/or was in the possession of the party receiving confidential information (“Receiving Party”) from other sources prior to the Receiving Party’s receipt of confidential information from the party disclosing confidential information (“Disclosing Party”), or (ii) is or becomes publicly available other than as a result of a disclosure by the Receiving Party or its representatives, or (iii) is or becomes available to the Receiving Party on a non-confidential basis from a source (other than the Disclosing Party) which, to the best of the Receiving Party’s knowledge, is not prohibited from disclosing such information to the Receiving Party by a legal, contractual, or fiduciary obligation to the Disclosing Party, or (iv) describes the fees payable to Nationwide under this Agreement.

  • FORM AND SECURITY PROCEDURES Proper Instructions may be in writing signed by the authorized individual or individuals or may be in a tested communication or in a communication utilizing access codes effected between electro-mechanical or electronic devices or may be by such other means and utilizing such intermediary systems and utilities as may be agreed to from time to time by the Custodian and the individual or organization giving the instruction, provided that the Fund has followed any security procedures agreed to from time to time by the applicable Fund and the Custodian including, but not limited to, the security procedures selected by the Fund by reference to the form of Funds Transfer Addendum hereto, the terms of which are part of this Agreement. The Custodian may agree to accept oral instructions, and in such case oral instructions will be considered Proper Instructions. The Fund shall cause all oral instructions to be confirmed in writing, but the Fund’s failure to do so shall not affect the Custodian’s authority to rely on the oral instructions.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • DTC DIRECT REGISTRATION SYSTEM AND PROFILE MODIFICATION SYSTEM (a) Notwithstanding the provisions of Section 2.4 of the Deposit Agreement, the parties acknowledge that DTC’s Direct Registration System (“DRS”) and Profile Modification System (“Profile”) apply to the American Depositary Shares upon acceptance thereof to DRS by DTC. DRS is the system administered by DTC that facilitates interchange between registered holding of uncertificated securities and holding of security entitlements in those securities through DTC and a DTC participant. Profile is a required feature of DRS that allows a DTC participant, claiming to act on behalf of an Owner of American Depositary Shares, to direct the Depositary to register a transfer of those American Depositary Shares to DTC or its nominee and to deliver those American Depositary Shares to the DTC account of that DTC participant without receipt by the Depositary of prior authorization from the Owner to register that transfer.

  • Security System The site and the Work area may be protected by limited access security systems. An initial access code number will be issued to the Contractor by the County. Thereafter, all costs for changing the access code due to changes in personnel or required substitution of contracts shall be paid by the Contractor and may be deducted from payments due or to become due to the Contractor. Furthermore, any alarms originating from the Contractor’s operations shall also be paid by the Contractor and may be deducted from payments due or to become due to the Contractor.

Time is Money Join Law Insider Premium to draft better contracts faster.