Common use of Contractor and all Clause in Contracts

Contractor and all. Contractor Parties shall develop, implement and maintain a comprehensive written information security policy for the protection of Confidential Information that meets or exceeds current industry standards and best practices as they may be amended from time to time. The safeguards contained in the written information security policy must meet or exceed the standards for the protection of Confidential Information, and information of a similar character, as set forth in all applicable federal and State law and in written policy of the Client Agency or DAS concerning the confidentiality of Confidential Information. Such data-security program shall include, but not be limited to, the following: 1. A security policy for employees related to the storage, access and transportation of data containing Confidential Information; 2. Reasonable restrictions on access to records containing Confidential Information, including access to any locked storage where such records are kept and an auditable electronic system of logging and tracking the viewing, accessing or both of Confidential Information; 3. A process for reviewing policies and security measures at least annually; 4. Creating secure access controls to Confidential Information, including but not limited to passwords; and 5. Encrypting of Confidential Information that is stored on laptops, portable devices and storage media or that is being transmitted electronically.

Contractor and all. Contractor Parties shall develop, implement and maintain a comprehensive written information security policy for the protection of Confidential Information that meets or exceeds current industry standards and best practices as they may be amended from time to time. The safeguards contained in the written information security policy must meet or exceed the standards for the protection of Confidential Information, and information of a similar character, as set forth in all applicable federal and State law and in written policy of the Client Agency or DAS concerning the confidentiality of Confidential Information. Such data-security program shall include, but not be limited to, the following: 1. A security policy for employees related to the storage, access and transportation of data containing Confidential Information; 2. Reasonable restrictions on access to records containing Confidential Information, including access to any locked storage where such records are kept and an auditable electronic system of logging and tracking the viewing, accessing or both of Confidential Information; 3. A process for reviewing policies and security measures at least annually; 4. Creating secure access controls to Confidential Information, including but not limited to passwords; and 5. Encrypting of Confidential Information that is stored on laptops, portable devices and storage media or that is being transmitted electronically.