Mobile Devices Mobile devices which are issued by and belonging to the Contractor for purposes of processing Personal Data should have access control measures and remote wipe capability turned on. Procedures should be in place to report and wipe data off lost mobile devices immediately after detection of loss.
CONTRACTOR PORTABLE DEVICES Contractor shall not place Data on any portable Device unless Device is located and remains within Contractor’s CONUS Data Center. For Authorized Users subject to ITS policies, the Data, and/or the portable device containing the Data, shall be destroyed in accordance with applicable ITS destruction policies (ITS Policy S13-003 Sanitization/Secure Disposal and S14-003 Information Security Controls or successor) when the Contractor is no longer contractually required to store the Data. TRANSFERRING OF DATA General Except as required for reliability, performance, security, or availability of the services, the Contractor will not transfer Data unless directed to do so in writing by the Authorized User. All Data shall remain in CONUS. At the request of the Authorized User, the Contractor will provide the services required to transfer Data from existing Databases to physical storage devices, to facilitate movement of large volumes of Data. The Authorized User may require several Cloud providers to share or transfer Data for a period of time. This will be provided for in the Authorized User Agreement or shall be assumed to be limited to a six month duration. Transfer of Data at End of Contract and/or Authorized User Agreement Term At the end of the Contract and/or Authorized User Agreement term, Contractor may be required to facilitate transfer of Data to a new Contractor. This transfer must be carried out as specified by the Authorized User in the Authorized User Agreement. Transfer of Data; Charges Contractor cannot charge for the transfer of Data unless the charges are provided for in response to an Authorized User RFQ. Transfer of Data; Contract Breach or Termination Notwithstanding Section 3.6.3, in the case of Contract breach or termination for cause of the Contract, all expenses for the transfer of Data shall be the responsibility of the Contractor.
Devices BNY Mellon will restrict the transfer of Customer Data from its network to mass storage devices. BNY Mellon will use a mobile device management system or equivalent tool when mobile computing is used to provide the services. Applications on such authenticated devices will be housed within an encrypted container and BNY Mellon will maintain the ability to remote wipe the contents of the container.
Removable media devices All electronic files that contain County PHI or PI data must be encrypted when stored on any removable media or portable device (i.e. USB thumb drives, floppies, CD/DVD, smartphones, backup tapes etc.). Encryption must be a FIPS 140-2 certified algorithm which is 128bit or higher, such as AES.
Network Interface Device 2.7.1 The NID is defined as any means of interconnection of the End User’s customer premises wiring to BellSouth’s distribution plant, such as a cross-connect device used for that purpose. The NID is a single line termination device or that portion of a multiple line termination device required to terminate a single line or circuit at the premises. The NID features two independent xxxxxxxx or divisions that separate the service provider’s network from the End User’s premises wiring. Each chamber or division contains the appropriate connection points or posts to which the service provider and the End User each make their connections. The NID provides a protective ground connection and is capable of terminating cables such as twisted pair cable.
Safety Devices All Products provided under the Contract shall be equipped with required safety devices to comply with all applicable codes, laws, and regulations that are in effect at the time of delivery.
Intercept Devices 26.1.1.1 Local and federal law enforcement agencies periodically request information or assistance from local telephone service providers. When either Party receives a request associated with an End User of the other Party, it shall refer such request to the Party that serves such End User, unless the request directs the receiving Party to attach a pen register, trap-and-trace or form of intercept on the Party's facilities, in which case that Party shall comply with any valid request.
Electronic Devices No electronic devices that may hinder job performance or safety (especially cell phones), may be carried on employees’ person, or be used by employees during working hours.
MEDICAL DEVICES This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drives not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier.
Protective Devices Protective devices, wearing apparel, and other equipment necessary to protect employees from injury shall be provided by the County in accordance with practices now prevailing or as such practices may be improved from time to time by the County.
