Cyber Security Insurance for loss to the Owner due to data security and privacy breach, including costs of investigating a potential or actual breach of confidential or private information. (Indicate applicable limits of coverage or other conditions in the fill point below.) « »
Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.
User Security You agree to take every precaution to ensure the safety, security and integrity of your account and transactions when using Mobile Banking. You agree not to leave your Device unattended while logged into Mobile Banking and to log off immediately at the completion of each access by you. You agree not to provide your username, password or other access information to any unauthorized person. If you permit other persons to use your Device, login information, or other means to access Mobile Banking, you are responsible for any transactions they authorize and we will not be liable for any damages resulting to you. You agree not to use any personally identifiable information when creating shortcuts to your Account. We make no representation that any content or use of Mobile Banking is available for use in locations outside of the United States. Accessing Mobile Banking from locations outside of the United States is at your own risk.
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
Server Security Servers containing unencrypted PHI COUNTY discloses to 4 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY 5 must have sufficient administrative, physical, and technical controls in place to protect that data, based 6 upon a risk assessment/system security review.
Contractor and Employee Security Precautions The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.
NIST Cybersecurity Framework The U.S. Department of Commerce National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1.
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.
Network Security The AWS Network will be electronically accessible to employees, contractors and any other person as necessary to provide the Services. AWS will maintain access controls and policies to manage what access is allowed to the AWS Network from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. AWS will maintain corrective action and incident response plans to respond to potential security threats.
