Data Security and Confidentiality. A. NPRQI Program has contracted with Clario (formerly known as BioClinica) to host all confidential data, performance dashboard, and de-identified aggregate performance dashboards of Participant Organizations.
B. Clario’s Trial Application Platform (TAP) is a 21 CFR Part 11 and European Union General Data Protection Regulation (GDPR) compliant, cloud-based clinical trial support system utilizing industry-standard encryption technology, and employing Standard Operating Procedures governing the handling of trial-related data (e.g., PHI and Patient Safety Work Product (PSWP)) through the full program lifecycle.
C. Data is encrypted pursuant to current standards from the National Institute of Standards and Technology (256-Bit encryption) while in transit (when files are uploaded or downloaded) over HTTPS. Data is encrypted at rest (in Amazon Web Services RDS databases) utilizing 256-Bit encryption as well. (NIST: xxxxx://xxxx.xxxx.xxx/publications/detail/sp/800-175b/rev-1/final).
D. User authentication is managed through Active Directory Federation Services (ADFS), Virtual Private Tunnels between servers, and leverages Single Sign-On (SSO) and Active Directory (AD) services.
E. TAP’s architecture is designed to ensure that only authorized users may trigger operations (e.g., create, edit, delete records, etc.) within the system. TAP’s security posture includes full system monitoring to detect potential user and system anomalies, with business continuity and disaster recovery capabilities that span a geographically dispersed cloud network to minimize the risk of catastrophic failure.
Data Security and Confidentiality. Grantees shall have staff complete CDPH required confidentiality and data security training, and maintain on file associated confidentiality agreements for each staff person with access to confidential public health records and data.
Data Security and Confidentiality. (1) Exhibit A - Data Security Requirements, outlines Vendor responsibility for data/document destruction.
Data Security and Confidentiality. (1) Contractor agrees to abide by the provisions of the FBI Criminal Justice Information Services (CJIS) Security Policy that applies to Electronic Fingerprinting, specifically regarding criminal history background checks on Contractor’s employees and Contractors, as well as the prohibition on dissemination of any confidential information received by the Contractor.
(2) Exhibit A - Data Security Requirements, outlines Vendor responsibility for data/document destruction.
Data Security and Confidentiality. The Contractor will use at least the same degree of care as required by the Payment Card Industry (PCI), not inconsistent with standards and practices codified as ISO 27001 and 27002, to prevent disclosing to third parties the Confidential Information of State of Florida Eligible Users as it employs to avoid unauthorized disclosure, publication or dissemination of its own Confidential Information of like character, but in no event less than reasonable care.
7.3.1 The Contractor shall maintain and secure adequate back-up files of all system and software documentation utilized to process data submissions. The Contractor shall develop data security procedures to ensure only authorized access to data submissions and databases by personnel for contracted activities. The Contractor shall develop data security procedures to ensure no unauthorized access to data submissions and databases by other individuals other than authorized by the Contract or designated representatives of the State. All data security procedures at a minimum must be in accordance with PCI standards including at rest and secure transmission encryption.
7.3.2 The Contractor will only divulge to a third party, including any regulatory agency or Subcontractor, any Confidential Information obtained by the Contractor or its agents, distributors, resellers, Subcontractors, officers, or employees as it deems necessary in the course of performing Contract work. The Contractor will make the State Data available only to individuals and entities who are assigned by the Contractor to perform the Services and only to the extent necessary for those individuals and entities to perform the specific responsibilities assigned to them in connection with the Contractor’s provision of the Services. All employees, Subcontractors, or agents performing work under the Contract must comply with applicable provisions in Sections 7 and 8 of these Special Contract Conditions and specifically the section below titled “Payment Card Industry/Data Security Standard Certifications and Requirements”. The Contractor must maintain policies and procedures on who has access to secure data, how access is controlled, and the daily operation and management of systems consistent with PCard data management and security standards.
7.3.3 Payment Card Industry / Data Security Standard (“DSS”) Certifications and Requirements
7.3.3.1 The Contractor shall maintain PCI DSS accreditation and provide Attestation of Compliance (AOC) or proof ther...
Data Security and Confidentiality. Grantees shall comply with recommendations set forth in CDC’s “Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs.” xxxx://xxx.xxx.xxx/nchhstp/programintegration/docs/PCSIDataSecurityGuideline s.pdf. Grantees shall have staff complete CDPH required confidentiality and data security training, and maintain on file associated confidentiality agreements for each staff person with access to STD data.
Data Security and Confidentiality. An LEA may provide education records to the DOR for the performance of transition services but will do so only after the LEA has received the prior written consent of the parent or adult student with educational rights. The DOR shall: (i) keep all personally identifiable information contained in education records confidential; (ii) use education records solely for the purpose of performing this agreement; (iii) disclose education records solely to those employees with a need to know for the purpose of performing this agreement; and (iv) immediately return or confidentially destroy all education records per National Institute of Science and Technology (NIST) Special Publication (SP) 800-88 when no longer needed for the purposes for which it was disclosed. The DOR may provide consumer information to an LEA for the performance of transition services but will do so only after the DOR has received the prior written consent of the consumer. If the consumer is under the age of 18 and is not an emancipated minor, requires the written consent of the parent or guardian. The LEA shall: (i) keep all personally identifiable information contained in consumer records confidential; (ii) use consumer records solely for the purpose of performing this agreement; (iii) disclose consumer records solely to those employees with a need to know for the purpose of performing this agreement; and (iv) immediately destroy all consumer records when no longer needed for the purposes for which it was disclosed. Appropriate steps will be taken to protect confidential information of persons with disabilities, including:
1. Storage administration should include the strict control and accessibility of all storage media.
2. All storage media should be inventoried on an annual basis, or sooner as dictated by clients, regulatory, or other contractual agreements.
3. Wherever possible, physical backup and transfer should be avoided or eliminated in favor of electronic transfer of encrypted backup files.
4. All data files and databases containing personally identifiable information (PII) data will be encrypted using currently approved NIST algorithms when being electronically transferred across an internal network. That list can be found here: xxxxx://xxxx.xxxx.xxx/Projects/Cryptographic-Standards-and-Guidelines. All data files and databases containing PII data will be encrypted using currently approved NIST algorithms and Federal Information Processing Standard (FIPS) 140-2 mode or FIPS 140-2 a...
Data Security and Confidentiality. 2.1 IROL warrants and represents to CFD that the site is and throughout the term of this agreement will be a secure website with an SSL certification issued by Comodo, an independent Internet security certification company. Site hosting is provided through Microsoft’s Azure (xxxxx.xxxxxxxxx.xxx) on a dedicated IP address.
2.2 IROL and its shareholders and employees, have no association, formally or informally, with any SPs.
2.3 Through the security measures in place for the site, the reports that are filed and maintained through the site will be available only to CFD the SP that filed the report and the owners of the property to which the report relates.
2.4 Except as provided for herein, the reports filed through the website are not accessible by IROL or any of its employees, nor are they accessible by any third parties not expressly authorized by the submitting SP, PO or CFD. With CFD’S express written consent, IROL will access reports submitted for the purposed of Initial Reviews, and/or the collection of data needed to support requested analytics. Reports submitted to CFD may be subject to state or federal Freedom of Information Acts (FOIA) requests; however, it is the sole responsibility of the CFD to determine if the requested documents are subject to disclosure pursuant to said acts.
Data Security and Confidentiality. The Vendor and its employees must comply with all Department security procedures while working on this Agreement. The Vendor shall provide immediate notice to the Department-OIT Application Services Manager and the Department – Transportation Technology Office (TTO) Information Security Manager (ISM) in the event it becomes aware of any security breach, any unauthorized transmission of State Data as described below or of any allegation or suspected violation of the Department security procedures. Except as required by law or legal process and after notice to the Department, the Vendor shall not divulge to third parties any confidential information obtained by the Vendor or its agents, distributors, resellers, Subvendors, officers, or employees in the course of performing Agreement work, including, but not limited to, Chapter 60GG-2, F.A.C., security procedures, business operations information, or commercial proprietary information in the possession of the state and/or the Department.
Data Security and Confidentiality. The City of Pleasanton takes your privacy and data security seriously. No personal data is accessed or used by the city beyond the minimum required for device management and operational purposes. All data handling follows established privacy laws and city policies designed to protect your information.
