Data Protection & Information Security Sample Clauses

Data Protection & Information Security. 11.1 The data that the Contractor will handle under this Framework Agreement will be classed as Official or Official-Sensitive and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: 11.2 The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data. 11.3 The Contractor will employ effective administration and record control processes in order to underpin service delivery whilst also ensuring data is protected in compliance with the requirements of Data Protection Laws. 11.4 The Contractor will ensure procedures and processes are in place to ensure security of client data, enabling them to work with Framework Public Bodies with high Information Technology (IT) security requirements to deliver services, ensuring continuity and protection against cyber-attacks. This must include commercial grade full disk encryption for all data and secure email for data in transit. 11.5 Contractors as a minimum must have: • Processes in place ensuring security of client data including processes for assessing future risks; • Acceptable Destruction policies and processes for deleting data; • Procedures in place for Disaster Recovery Testing, including the dates, duration and frequency; • Methods for the back-up of delivering services should an incident occur including manpower and access to equipment; Appropriate commercial licenses for software in place; • Methods in place to mitigate against cyber-attack and crime using online technologies including processes relating to Boundary Firewalls and Internet Gateways, Secure Configuration, Access Control, Malware Protection and Patch Management Information on the Scottish Government Cyber Resilience Strategy can be found by following this link: A Cyber Resilience Strategy for Scotland
AutoNDA by SimpleDocs
Data Protection & Information Security. (where applicable) 1.9.1 The data that the Contractor will handle under this Framework Agreement will be classed as ‘Official’ or ‘Official – Sensitive’ and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: 1.9.2 The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data. 1.9.3 The Contractor will ensure procedures and processes are in place to ensure security of client data, enabling them to work with Framework Public Bodies with high Information Technology (IT) security requirements to deliver services, ensuring continuity and protection against cyber- attacks. This must include commercial grade full disk encryption for all data and secure e-mail for data in transit. 1.9.4 Contractors as a minimum must have:  Processes in place ensuring security of client data including processes for assessing future risks;  Acceptable Destruction policies and processes for deleting data;  Procedures in place for Disaster Recovery Testing, including the dates, duration and frequency;  Methods for the back-up of delivering services should an incident occur including manpower and access to equipment;  Appropriate commercial licenses for software in place;  Methods in place to mitigate against cyber-attack and crime using online technologies including processes relating to Boundary Firewalls and Internet Gateways, Secure Configuration, Access Control, Malware Protection and Patch Management 1.9.5 Information on the Scottish Government Cyber Resilience Strategy can be found by following this link: A Cyber Resilience Strategy for Scotland 1.9.6 For further information please see the UK Governments Cyber Essentials Scheme and consider the information included within the scheme.
Data Protection & Information Security. 152. The data that the Contractor will handle under this Framework Agreement will be classed as Official or Official-Sensitive and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: 153. The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data.
Data Protection & Information Security. (where applicable) 1.9.1 The data that the Contractor will handle under this Framework Agreement will be classed as ‘Official’ or ‘Official – Sensitive’ and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: xxxxx://xxx.xxx.xx/government/publications/government-security-classifications 1.9.2 The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data. 1.9.3 The Contractor will ensure procedures and processes are in place to ensure security of client data, enabling them to work with Framework Public Bodies with high Information Technology (IT) security requirements to deliver services, ensuring continuity and protection against cyber- attacks. This must include commercial grade full disk encryption for all data and secure e-mail for data in transit. 1.9.4 Contractors as a minimum must have: 1.9.5 Information on the Scottish Government Cyber Resilience Strategy can be found by following this link: A Cyber Resilience Strategy for Scotland 1.9.6 For further information please see the UK Governments Cyber Essentials Scheme and consider the information included within the scheme.
Data Protection & Information Security a) In respect of this Contract, each party shall comply with the Data Protection Act 1998 ("xxx 0000 Xxx"). In particular, where a party is acting as the data processor of the other party ("Data Controller"), the processing party agrees to comply with the obligations placed on the Data Controller by the seventh data protection principle ("the Seventh Principle") set out in the 1998 Act, namely: i) To maintain technical and organisational security measures sufficient to comply at least with the obligations imposed on the Data Controller by the Seventh Principle; ii) only to process personal data (as defined in the 0000 Xxx) for and on behalf of the Data Controller, in accordance with the instructions of the Data Controller and for purposes of fulfilling the processing party's obligations to the Data Controller and to ensure the Data Controller's compliance with the 1998 Act; and iii) to allow the Data Controller to audit the processing party's compliance with the requirements of this Clause 8 on reasonable notice and/or to provide the Data Controller with evidence of its compliance with the obligations set out in this Clause 8 b) The parties agree to use all reasonable efforts to assist each other to comply with the 1998 Act. For the avoidance of doubt, this includes each party providing the other party with reasonable assistance in complying with subject access requests served under section 7 of the 1998 Act and consulting with the other party, as appropriate, prior to the disclosure of any personal data (as defined in the 0000 Xxx) created in connection with this Contract in relation to such requests. c) The Service Provider where necessary to access systems and data maintained by the Purchaser within its networks or facilities shall comply with access control, acceptable usage and information security policies as may be issued by the Purchaser. d) The Service Provider shall take the necessary steps to ensure that all the staff, officers, representatives or advisers used in provision of the obligations of this contract receive sufficient training and awareness of their duties relevant to Principle 7 of the Data Protection Act e) The Service Provider shall report any breaches, weaknesses or near misses in relation to this Claus 8 relevant to the obligations set out in this contract to The Purchaser within a reasonable time and shall inform The Purchaser of the steps to be taken to remedy remediation findings so as to reasonably prevent such reoccurrence. f...
Data Protection & Information Security. 13.1 The data that the Contractor will handle under this Framework Agreement will be classed as Official and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: 13.2 The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data. 13.3 The Contractor will employ effective administration and record control processes in order to underpin service delivery whilst also ensuring data is protected in compliance with the requirements of the Data Protection Xxx 0000. xxxxx://xxx.xxx.xx/data-protection/the-data-protection-act 13.4 The Contractor will ensure procedures and processes are in place to ensure security of client data, enabling them to work with Framework Public Bodies with high Information Technology (IT) security requirements to deliver services, ensuring continuity and protection against cyber-attacks. The Contractor as a minimum must have: 13.5 Information on the Scottish Government Cyber Resilience Strategy can be found by following this link: A Cyber Resilience Stragegy for Scotland 13.6 For further information please see the UK Governments Cyber Essentials Scheme and consider the information included within the scheme. 13.7 Any Sub-Contractors in relation to the Framework must comply with the clauses in this section. It is the responsibility of the Contractor to inform the Authority how their Sub- Contractors meet their obligations under clause 13.3 and 13.4.
Data Protection & Information Security. ‌ 2.1 Applicable Data Protection Laws pertaining to this Agreement are the UK GDPR (The Data Protection Act 2018) where Customer’s country of operation is the UK; The General Data Protection Regulation ((EU) 2016/679) where Customer’s country of operation is inside the EU; plus, any other data protection laws applicable in Customer’s country of operation if Your country of operation is outside the UK or EU region. 2.2 For the purposes of EvaluAgent’s performance of this Agreement, We may process any content, files, documents, information, or Personal Data provided by or on behalf of Customer or any User (“Customer Data”). 2.3 Details of Personal Data processed by EvaluAgent under this Agreement are set out in Schedule 1. 2.4 Customer shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of Customer Data. 2.5 By entering into this Agreement, Customer consents to (and shall procure all required consents, from its personnel, representatives, agents, suppliers, contractors, partners and customers in respect of) all actions taken by XxxxxXxxxx in connection with the processing of Customer Data. 2.6 EvaluAgent and Customer shall comply with their respective obligations under Applicable Data Protection Laws and shall not perform their respective obligations under this Agreement so as to cause the other to breach its obligations under Applicable Data Protection Laws. 2.7 In this Agreement, the terms controller, processor, data subject, Personal Data, Personal Data breach, process and processing shall have the meaning given in the Applicable Data Protection Laws and that, in respect of Personal Data, Customer is the data controller, and EvaluAgent is the data processor. 2.8 Without prejudice to the generality of Clauses 2.1 through 2.7, Customer will ensure that it has all necessary consents and notices in place to enable lawful transfer of Customer Data to EvaluAgent (and to enable lawful collection of Customer Data by EvaluAgent on behalf of Customer) for the duration and purposes of this Agreement. 2.9 Without prejudice to the generality of Clauses 2.1 through 2.7, EvaluAgent shall: 2.9.1 process Customer Data only on the instructions of Customer and to the extent necessary to fulfil its obligations under this Agreement, unless EvaluAgent is required by Applicable Data Protection Laws to otherwise process that Customer Data; 2.9.2 ensure that it has in place appropriate technical and organisational measures to protect aga...
AutoNDA by SimpleDocs
Data Protection & Information Security. 13.1 The data that the Contractor will handle under this Framework Agreement will be classed as Official and should be treated with care, taking into account relevant legislation, at all times. Further information on Government Security Classifications and Framework Agreements can be found at: Scottish Procurement Policy Note 3/2014 - Implementing the new Government Information Security Classifications policy 13.2 The Contractor will ensure the confidentiality of the data stored and/or communicated as part of this Framework Agreement, including both electronic and paper-based data. 13.3 The Contractor will employ effective administration and record control processes in order to underpin service delivery whilst also ensuring data is protected in compliance with the requirements of the Data Protection Xxx 0000. xxxxx://xxx.xxx.xx/data-protection/the-data-protection-act 13.4 The Contractor will ensure procedures and processes are in place to ensure security of client data, enabling them to work with Framework Public Bodies with high Information Technology (IT) security requirements to deliver services, ensuring continuity and protection against cyber-attacks. The Contractor as a minimum must have: 13.5 Information on the Scottish Government Cyber Resilience Strategy can be found by following this link: A Cyber Resilience Stragegy for Scotland 13.6 For further information please see the UK Governments Cyber Essentials Scheme and consider the information included within the scheme. 13.7 Any Sub-Contractors in relation to the Framework must comply with the clauses in this section. It is the responsibility of the Contractor to inform the Authority how their Sub- Contractors meet their obligations under clause 13.3 and 13.4.

Related to Data Protection & Information Security

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Confidential Information Protections 4.1 At all times during and after the Employee’s employment, the Employee will hold in confidence and will not disclose, use, lecture upon, or publish any of Company’s Confidential Information (defined below), except as may be required in connection with the Employee’s work for Company, or as expressly authorized by the Board. The Employee will obtain the written approval of the Board before publishing or submitting for publication any material (written, oral, or otherwise) that relates to the Employee’s work at Company and/or incorporates any Confidential Information. The Employee hereby assigns to Company any rights the Employee may have or acquire in any and all Confidential Information and recognize that all Confidential Information shall be the sole and exclusive property of Company and its assigns.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.

  • Privacy and Data Protection 8.1 The Receiving Party undertakes to comply with South Africa’s general privacy protection in terms Section 14 of the Xxxx of Rights in connection with this Bid and shall procure that its personnel shall observe the provisions of such Act [as applicable] or any amendments and re-enactments thereof and any regulations made pursuant thereto. 8.2 The Receiving Party warrants that it and its Agents have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of data relating to the Bid and against accidental loss or destruction of, or damage to such data held or processed by them.

  • Security of Confidential Information Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.

  • Confidentiality and Data Protection We are a data controller for the information you provide to us including individual, identification and financial details, policy history and special category data (such as medical or criminal history). Details of our legal basis for processing your information, along with details of any third party recipient whom it may be necessary to share your personal data with in order to fulfil the contract, retention period for data held, security of your data, your rights under the UK General Data Protection Regulations (UK GDPR) including the right to complain can be found in our full ‘Privacy Notice’ attached to these terms of business and/or on our website at xxx.xxxxxxxxxxxxxxxx.xx.xx.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • KYC Information (i) Upon the reasonable request of the Lender made at least 1 day prior to the Closing Date, the Borrower shall have provided to the Lender the documentation and other information so requested in connection with applicable “know your customer” and anti-money-laundering rules and regulations, including the PATRIOT Act, in each case at least five days prior to the Closing Date. (ii) [reserved].

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!