Additional Security Controls. Vendor will store and process Student Data in accordance with the industry best practices, which at a minimum shall be in accordance with the standards set forth in this Agreement, as may be amended in writing by the authorized representatives of the parties and with the approval of the Board’s General Counsel. This includes appropriate administrative, physical, and technical safeguards to secure Student Data from unauthorized access, disclosure, and use. All data must be secured in transit using secure FTP services or https/TLS 1.0+. Proposer is required to specify any personally identifiable information (PII) collected or used by their Products. In addition, Vendor must maintain industry recognized security practices to establish secure application(s), network, and infrastructure architectures. Industry certifications, such as International Organization for Standardization (ISO), SysTrust, Cloud Security Alliance (CSA) STAR Certification, or WebTrust security for SaaS environments are recommended. Such safeguards shall be no less rigorous than accepted industry practices, including specifically the NIST 800-53r4 moderate level, International Organization for Standardization’s standards ISO/IEC 27001:2005 (Information Security Management Systems – Requirements), and ISO-IEC 27002:2005 (Code of Practice for International Security Management). Vendor shall ensure that the manner in which Student Data is collected, accessed, used, stored, processed, disposed of and disclosed complies with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. Vendor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Vendor will also have a written incident response plan, to include prompt notification of the Board in the event of a security or privacy incident, as well as best practices for responding to a breach of Student Data security practices. Vendor agrees to share its incident response plan upon request. Vendor shall assure that all data that is transmitted between the Board’s access points and the ultimate server, by Vendor or its recipients, will use Board-approved encryption of no less rigor than NIST-validated DES standards.
Appears in 2 contracts
Samples: Research Evaluation Services Agreement, Product and Services Agreement
Additional Security Controls. Vendor will store and process Student Data in accordance with the industry best practices, which at a minimum shall be in accordance with the standards set forth in this AgreementContract, as may be amended in writing by the authorized representatives of the parties and with the approval of the Board’s General Counsel. This includes appropriate administrative, physical, and technical safeguards to secure Student Data from unauthorized access, disclosure, and use. All data Student Data must be secured in transit using secure FTP services or https/TLS 1.0+. Proposer Vendor is required to specify any personally identifiable information (PII) collected or used by their Productsused. In addition, Vendor must maintain industry recognized security practices to establish secure application(s), network, and infrastructure architectures. Industry certifications, such as International Organization for Standardization (ISO), SysTrust, Cloud Security Alliance (CSA) STAR Certification, or WebTrust security for SaaS environments are recommended. Such safeguards shall be no less rigorous than accepted industry practices, including specifically the NIST 800-53r4 moderate level, International Organization for Standardization’s standards ISO/IEC 27001:2005 (Information Security Management Systems – Requirements), and ISO-IEC 27002:2005 (Code of Practice for International Security Management). Vendor shall ensure that the manner in which Student Data is collected, accessed, used, stored, processed, disposed of and disclosed complies with applicable data protection and privacy laws, as well as the terms and conditions of this AgreementContract. Vendor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Vendor will also have a written incident response plan, to include prompt notification of the Board in the event of a security or privacy incident, as well as best practices for responding to a breach of Student Data security practices. Vendor agrees to share its incident response plan upon request. Vendor shall assure that all data Student Data that is transmitted between the Board’s access points and the ultimate server, by Vendor or its recipients, will use Board-Board- approved encryption of no less rigor than NIST-validated DES standards.
Appears in 1 contract
Samples: Athletic Trainer Provider Agreement
Additional Security Controls. Vendor will store and process Student Data in accordance with the industry best practices, which at a minimum shall be in accordance with the standards set forth in this AgreementContract, as may be amended in writing by the authorized representatives of the parties and with the approval of the Board’s General Counsel. This includes appropriate administrative, physical, and technical safeguards to secure Student Data from unauthorized access, disclosure, and use. All data must be secured in transit using secure FTP services or https/TLS 1.0+. Proposer Vendor is required to specify any personally identifiable information (PII) collected or used by their Products. In addition, Vendor must maintain industry recognized security practices to establish secure application(s), network, and infrastructure architectures. Industry certifications, such as International Organization for Standardization (ISO), SysTrust, Cloud Security Alliance (CSA) STAR Certification, or WebTrust security for SaaS environments are recommended. Such safeguards shall be no less rigorous than accepted industry practices, including specifically the NIST 800-53r4 moderate level, International Organization for Standardization’s standards ISO/IEC 27001:2005 (Information Security Management Systems – Requirements), and ISO-IEC 27002:2005 (Code of Practice for International Security Management). Vendor shall ensure that the manner in which Student Data is collected, accessed, used, stored, processed, disposed of and disclosed complies with applicable data protection and privacy laws, as well as the terms and conditions of this AgreementContract. Vendor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Vendor will also have a written incident response plan, to include prompt notification of the Board in the event of a security or privacy incident, as well as best practices for responding to a breach of Student Data security practices. Vendor agrees to share its incident response plan upon request. Vendor shall assure that all data that is transmitted between the Board’s access points and the ultimate server, by Vendor or its recipients, will use Board-approved encryption of no less rigor than NIST-NIST- validated DES standards.
Appears in 1 contract
Samples: Services Agreement
Additional Security Controls. Vendor will store and process Student Data in accordance with the industry best practices, which at a minimum shall be in accordance with the standards set forth in this AgreementContract, as may be amended in writing by the authorized representatives of the parties and with the approval of the Board’s General Counsel. This includes appropriate administrative, physical, and technical safeguards to secure Student Data from unauthorized access, disclosure, and use. All data must be DocuSign Envelope ID: B93E46A5-1622-4A2D-B1AC-CC045CEED495 secured in transit using secure FTP services or https/TLS 1.0+. Proposer Vendor is required to specify any personally identifiable information (PII) collected or used by their Products. In addition, Vendor must maintain industry recognized security practices to establish secure application(s), network, and infrastructure architectures. Industry certifications, such as International Organization for Standardization (ISO), SysTrust, Cloud Security Alliance (CSA) STAR Certification, or WebTrust security for SaaS environments are recommended. Such safeguards shall be no less rigorous than accepted industry practices, including specifically the NIST 800-53r4 moderate level, International Organization for Standardization’s standards ISO/IEC 27001:2005 (Information Security Management Systems – Requirements), and ISO-IEC 27002:2005 (Code of Practice for International Security Management). Vendor shall ensure that the manner in which Student Data is collected, accessed, used, stored, processed, disposed of and disclosed complies with applicable data protection and privacy laws, as well as the terms and conditions of this AgreementContract. Vendor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Vendor will also have a written incident response plan, to include prompt notification of the Board in the event of a security or privacy incident, as well as best practices for responding to a breach of Student Data security practices. Vendor agrees to share its incident response plan upon request. Vendor shall assure that all data that is transmitted between the Board’s access points and the ultimate server, by Vendor or its recipients, will use Board-approved encryption of no less rigor than NIST-NIST- validated DES standards.
Appears in 1 contract
Samples: Services Agreement