Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule.
Maintain an Information Security Policy. MUIS has a written program instructing its employees on how to protect Trust Data and otherwise meet the specifications set forth herein. ● XXXX has identified its Chief Information Security Officer to be in charge of its program, and shall ensure that this individual is available to the Trusts to respond to any questions and to work with the Trusts in the event of a breach of the security or confidentiality of Trust Data. MUIS regularly monitors this written program to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Trust Data. Where necessary, MUIS will update its security policies as necessary to limit risks and will provide summaries to the Trusts upon request. Specifically, XXXX agrees to: o Establish processes and procedures for identifying internal and external risks, responding to security violations, unusual or suspicious events, and similar incidents, to limit damage or unauthorized access to Trust Data, and to permit identification and prosecution of violators, and, as necessary, improve the effectiveness of safeguards to limit such risks, including employee training, ensuring ongoing employee compliance with its written program, and the development of measures for detecting and preventing security system failures. o Implement appropriate measures to dispose of any Trust Data that will protect against unauthorized access or use of that information, including but not limited to securely wiping electronic media and physical destruction of information stored on paper.
Maintain an Information Security Policy. Partner's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: ● Maintaining security policies and procedures, ● Secure development, operation and maintenance of software and systems, ● Security alert handling, ● Security incident response and escalation procedures, ● User account administration, ● Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005.
Maintain an Information Security Policy. CLIENT understands and agrees that they must implement and follow a security policy. These measures include: ● Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. ● Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. ● The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
Maintain an Information Security Policy a. Maintaining a security policy that includes information security.
Maintain an Information Security Policy. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
Maintain an Information Security Policy. The Parties ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant Parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: • Maintaining security policies and procedures; • Secure development, operation and maintenance of software and systems; • Security alert handling; • Security incident response and escalation procedures; • User account administration; • Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005. Secure Networks and Systems The Parties have installed and maintain firewall configurations to protect Personal Data that controls all traffic allowed between Recipient's (internal) network and untrusted (external) networks, as well as traffic into and out of more sensitive areas within its internal network. This includes current documentation, change control and regular reviews. Recipient does not use vendor-supplied defaults for system passwords and other security parameters on any systems and has developed configuration standards for all system components consistent with industry-accepted system hardening standards.
