Security of Vendor Facilities All Vendor and Vendor Staff facilities in which Citizens Confidential Information is located or housed shall be maintained in a reasonably secure manner. Within such facilities, all printed materials containing Citizens Confidential Information should be kept locked in a secure office, file cabinet, or desk (except when materials are being used).
Security of Data a. Each of the parties shall:
Facility Security Clearance (FSC) The Contractor shall maintain or exceed their FSC and submit updates, if applicable
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
No Restriction on Existing Examination and Investigative Authority That this Agreement shall in no way preclude any State Mortgage Regulator from exercising its examination or investigative authority authorized under the laws of the corresponding Participating State in the instance a determination is made wherein Respondent is found not to be adhering to the requirements of the Agreement, other than inadvertent and isolated errors that are promptly corrected by Respondent, or involving any unrelated matter not subject to the terms of this Agreement. The Parties agree that the failure of Respondent to comply with any term or condition of this Agreement with respect to a particular State shall be treated as a violation of an Order of the State and may be enforced as such. Moreover, Respondent acknowledges and agrees that this Agreement is only binding on the State Mortgage Regulators and not any other Local, State or Federal Agency, Department or Office.
Security of State Information To the extent Contractor shall have access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Master Agreement the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Priority of agreements and errors discrepancies
Credit Union Lien and Security Interest To the extent you owe the Credit Union money as a borrower, guarantor, indorser or otherwise, the Credit Union has a lien on any or all of the funds in any account in which you have an ownership interest at the Credit Union, regardless of the source of the funds. The Credit Union may apply these funds in any order to pay off your indebtedness without further notice to you. If the Credit Union chooses not to enforce its lien, the Credit Union does not waive its right to enforce the lien at a later time. In addition, you grant the Credit Union a consensual security interest in your accounts and agree the Credit Union may use the funds from your accounts to pay any debt or amount owed the Credit Union, except obligations secured by your dwelling, unless prohibited by applicable law. All accounts are nonassignable and nontransferable to third parties.
Security Documents The due and punctual payment of the principal of, interest, Additional Amounts and premium, if any, on the Notes and any Note Guarantee when and as the same shall be due and payable, whether on an interest payment date, at maturity, by acceleration, repurchase, redemption or otherwise, and interest on the overdue principal of and interest and Additional Amounts (to the extent permitted by law), if any, on the Notes and any Note Guarantee and performance of all other obligations of the Issuer and any Guarantor to the Holders of Notes, the Trustee and the Security Agent under this Indenture, the Notes and any Note Guarantee, according to the terms hereunder or thereunder, are secured as provided in the Collateral Documents and the Intercreditor Agreement. Each Holder of Notes, by its acceptance thereof, consents and agrees to the terms of the Collateral Documents and the Intercreditor Agreement and any additional intercreditor agreement (including, without limitation, the provisions providing for foreclosure and release of Collateral and authorizing the Security Agent to enter into any Collateral Document on its behalf) as the same may be in effect or may be amended from time to time in accordance with its terms and authorizes and directs the Security Agent to enter into the Collateral Documents and the Intercreditor Agreement and any additional intercreditor agreement and to perform its obligations and exercise its rights thereunder in accordance therewith. The Issuer will deliver to the Trustee copies of all documents delivered to the Security Agent pursuant to the Collateral Documents, and the Issuer and the Parent will, and the Parent will cause each of its Restricted Subsidiaries to, do or cause to be done all such acts and things as may be required, or which the Security Agent from time to time may reasonably request, to assure and confirm to the Trustee that the Security Agent holds, for the benefit of the Trustee and the Holders, duly created, enforceable and perfected Liens as contemplated hereby and by the Collateral Documents and the Intercreditor Agreement, so as to render the same available for the security and benefit of this Indenture and of the Notes and any Note Guarantee secured hereby, according to the intent and purposes herein expressed. The Issuer and any Guarantor will each take, and will cause their respective Restricted Subsidiaries to take (including as may be requested by the Trustee) any and all actions reasonably required to cause the Collateral Documents and the Intercreditor Agreement to create and maintain, as security for the Obligations of the Issuer and any Guarantor hereunder, in respect of the Collateral, valid and enforceable perfected Liens in and on such Collateral ranking in right and priority of payment as set forth in the Intercreditor Agreement and subject to no other Liens other than as permitted by the terms of this Indenture and the Intercreditor Agreement.
Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
