Critical Security and Privacy Controls Sample Clauses

Critical Security and Privacy Controls. The critical controls the WBE must implement before WBE is able to submit any transactions to the FFE production system: a. Email/Web Browser Protections – Including but not limited to assurance that transfer protocols are secure and limits the threat of communications being intercepted. b. Malware Protection – Including but not limited to protections against known threat vectors within the system’s environment to mitigate damage/security breaches. c. Patch Management – Including but not limited to ensuring every client and server is up to date with the latest security patches throughout the environment. d. Vulnerability Management – Including but not limited to identifying, classifying, remediating, and mitigating vulnerabilities on a continual basis by conducting periodic vulnerability scans to identify weaknesses within an environment. e. Inventory of Software/Hardware – Including but not limited to maintaining an Inventory of hardware/software within the environment helps to identify vulnerable aspects left open to threat vectors without performing vulnerability scans and to have specific knowledge of what is within the system’s environment. f. Account Management- Including but not limited to the determination of who/what has access to the system’s environment and data and also maintain access controls to the system.
AutoNDA by SimpleDocs
Critical Security and Privacy Controls. The critical controls the Web-broker must implement before Web-broker is able to submit any transactions to the FFE production system for individual market enrollments through the FFEs or SBE-FPs and/or assist Qualified Employers and Qualified Employees in purchasing and enrolling in coverage through an FF-SHOP or SBE-FP SHOP:
Critical Security and Privacy Controls. The critical controls the Non-Exchange Entity must evaluate on an annual basis are:

Related to Critical Security and Privacy Controls

  • Security Controls Annually, upon Fund’s reasonable request, Transfer Agent shall provide Fund’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent’s Security Policy and an opportunity to discuss Transfer Agent’s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent’s information technology management team. Transfer Agent shall review its Security Policy annually.

  • Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.

  • Plan Document Controls The rights granted under this Agreement are in all respects subject to the provisions set forth in the Plan to the same extent and with the same effect as if set forth fully in this Agreement. If the terms of this Agreement conflict with the terms of the Plan document, the Plan document will control.

  • Data Privacy Consent In order to administer the Plan and this Agreement and to implement or structure future equity grants, the Company, its subsidiaries and affiliates and certain agents thereof (together, the “Relevant Companies”) may process any and all personal or professional data, including but not limited to Social Security or other identification number, home address and telephone number, date of birth and other information that is necessary or desirable for the administration of the Plan and/or this Agreement (the “Relevant Information”). By entering into this Agreement, the Grantee (i) authorizes the Company to collect, process, register and transfer to the Relevant Companies all Relevant Information; (ii) waives any privacy rights the Grantee may have with respect to the Relevant Information; (iii) authorizes the Relevant Companies to store and transmit such information in electronic form; and (iv) authorizes the transfer of the Relevant Information to any jurisdiction in which the Relevant Companies consider appropriate. The Grantee shall have access to, and the right to change, the Relevant Information. Relevant Information will only be used in accordance with applicable law.

  • Indenture Controls If and to the extent that any provision of the Notes limits, qualifies or conflicts with a provision of this Indenture, such provision of this Indenture shall control.

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Review Systems; Personnel It will maintain business process management and/or other systems necessary to ensure that it can perform each Test and, on execution of this Agreement, will load each Test into these systems. The Asset Representations Reviewer will ensure that these systems allow for each Review Receivable and the related Review Materials to be individually tracked and stored as contemplated by this Agreement. The Asset Representations Reviewer will maintain adequate staff that is properly trained to conduct Reviews as required by this Agreement.

  • Foreign Asset/Account Reporting; Exchange Controls Participant’s country may have certain foreign asset and/or account reporting requirements and/or exchange controls which may affect Participant’s ability to acquire or hold shares of Stock under the Plan or cash received from participating in the Plan (including from any dividends received or sale proceeds arising from the sale of shares of Stock) in a brokerage or bank account outside Participant’s country. Participant may be required to report such accounts, assets or transactions to the tax or other authorities in his or her country. Participant also may be required to repatriate sale proceeds or other funds received as a result of Participant’s participation in the Plan to his or her country through a designated bank or broker and/or within a certain time after receipt. Participant acknowledges that it is his or her responsibility to be compliant with such regulations, and Participant should consult his or her personal legal advisor for any details.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!