Data Security and Integrity. All facilities, whether Vendor hosted or Third-Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service(s) availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for City Data. Such measures, when applicable due to the presence of Protected Information, include, but are not limited to, all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §00-00-000 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. Vendor shall submit to Xxxxxxxx, within fifteen (15) Calendar Days of Xxxxxxxx’x written request, copies of Vendor’s policies and procedures to maintain the confidentiality of protected health information to which Vendor has access, and if applicable, Vendor shall comply with all HIPAA requirements contained herein or attached as an exhibit. Vendor warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. Vendor shall use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to, anti-virus and anti-malware protections and intrusion detection and reporting in providing Services under this Agreement. Vendor shall ensure that any underlying or integrated software employed by the Service(s) is updated on a regular basis and does not pose a threat to the security of the Service(s). Vendor shall, and shall cause it...
Data Security and Integrity. All HRTec facilities used to store and process Participating Entity and End User Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to secure such Data from unauthorized access, destruction, use, modification, or disclosure. Such measures will be no less protective than those used to secure HRTec’s own Data of a similar type, and in no event less than reasonable in view of the type and nature of the Data involved. HRTec shall maintain the administrative, physical, technical, and procedural infrastructure associated with the provision of FedHIVE Cloud Computing Services to the Participating Entity in a manner that is, at all times during the term of this Agreement, at a level equal to or more stringent than those specified in the NASPO Master Agreement, and Participating Addendum which is incorporated herein by reference. Without limiting the foregoing, HRTec warrants that all Participating Entity Data and End User Data will be encrypted in transmission (including via web interface) and in storage at a level equivalent to or stronger than 256-bit level encryption. HRTec shall at all times use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to anti-virus and anti-malware protections and intrusion detection and reporting methods in providing Services under this Agreement. HRTec will configure the Services to filter spam while permitting communications from Third Party Internet Protocol addresses identified by the Participating Entity as legitimate. Prior to the Effective Date of this Agreement, HRTec will at its expense conduct or have conducted the following, and thereafter, HRTec will at its expense conduct or have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Compromise:
(a) A Third-Party Assessment Organization (3PAO) audit of Supplier’s security policies, procedures and controls
(b) Certification under FedRAMP and/or Cloud Security Alliance Security Trust and Assurance Registry (CSA STAR) attestation and certification
(c) A vulnerability scan, performed by a HRTec and FedRAMP approved Third Party scanner, of HRTec’s systems and facilities that are used in any way to deliver FedHIVE Cloud Computing Services under this Agreement
(d) A formal penetration test, performed by the process and qualified personnel approved by HRTec and the Participating Entity,...
Data Security and Integrity. 1. Canada shall implement regulatory, procedural or technical measures to protect PNR data against accidental, unlawful or unauthorized access, processing or loss.
2. Canada shall ensure compliance verification and the protection, security, confidentiality, and integrity of the data. Canada shall:
(a) apply encryption, authorization, and documentation procedures to the PNR data;
(b) limit access to PNR data to authorized officials;
(c) hold PNR data in a secure physical environment that is protected with access controls; and
(d) establish a mechanism that ensures that PNR data queries are conducted in a manner consistent with Article 3.
3. If an individual's PNR data is accessed or disclosed without authorization, Canada shall take measures to notify that individual, to mitigate the risk of harm, and to take remedial action.
4. Canada shall ensure that the Canadian Competent Authority promptly informs the European Commission of any significant incidents of accidental, unlawful or unauthorized access, processing or loss of PNR data.
5. Canada shall ensure that any breach of data security, in particular leading to accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, or any unlawful forms of processing, is subject to effective and dissuasive corrective measures which might include sanctions.
Data Security and Integrity. 6.1 Customer shall ensure that Market Data is protected to prevent unauthorized access. In addition, Customer shall ensure that its employees and agents observe the requirements of the Data Protection Xxx 0000 and any amendments or revisions thereto and all subordinate legislation in the performance of their obligations under this Addendum and shall comply with any request made or direction given by Xxxx or the Disseminating Party which is directly due to the requirements of such Act.
6.2 Customer shall bear all responsibility for the confidentiality and use of all mnemonics, identifications or passwords including (without limitation) Users use of the same. Customer shall notify Xxxx immediately if Customer learns of any loss, theft or unauthorized use of any mnemonics, identifications or passwords.
6.3 Customer may only receive such categories of Market Data as the applicable Disseminating Parties have approved for Customer’s receipt and use. Except as otherwise set forth in an agreement between Customer and a Disseminating Party, Customer shall receive Market Data solely for its own internal use and shall not retransmit or otherwise furnish Market Data to any third party. Customer shall not misrepresent Market Data or deface or remove any trademarks or proprietary rights notices transmitted with the Market Data. Customer shall not use Market Data for any unlawful or unauthorized purpose. Customer’s use of Market Data shall comply with all applicable laws and regulations and all applicable agreements with Disseminating Parties.
6.4 Customer shall ensure that Customer or, as applicable, Customer’s partners or officers and employees, have sole control or physical possession of, and sole access to Market Data through, Market Data Equipment. For the purposes of this Addendum, “Market Data Equipment” shall mean any display device, computer, software, wires, transmission facility or other equipment by which Customer receives, displays or otherwise uses Market Data. Customer understands that this Section 6 requires Customer to carefully locate and protect Market Data Equipment so that to the extent reasonably possible, no person can have unauthorized access to Market Data. Customer shall abide by any requirements that Xxxx specifies in writing, either directly or through Xxxx, to regulate the location or connection of Market Data Equipment or otherwise to assure the safeguarding of access to Market Data and compliance with this Section 6. Customer shall ensure t...
Data Security and Integrity. The SI shall maintain and design the NFPS to maintain the security of NFPS Data in accordance with Section 23 (Security). The SI shall similarly design the NFPS to maintain the integrity of NFPS Data in accordance with applicable Key Performance Indicators (including those set out in Technical Specifications Section 5.14 (Performance Requirements)) and to otherwise ensure that the collection, processing, storage, management, and use of collected NFPS Data is done in a manner that complies with all Applicable Laws. Where the Technical Specifications do not establish a specific integrity requirement for components of NFPS Data, then the SI shall maintain, and shall cause the NFPS to maintain, the integrity of NFPS Data in accordance with Good Industry Practices, and throughout the data lifecycle, including collection, processing, storage and archiving of such NFPS Data.
Data Security and Integrity. 1. All facilities used by ASYSCO and its subcontractors to store and process the Data must implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to secure such Data from unauthorized access, destruction, use, modification, or disclosure. Such measures will be no less protective than those used to secure ASYSCO’s own Data of a similar type, and in no event less than reasonable in view of the type and nature of the Data involved.
2. ASYSCO shall maintain the administrative, physical, technical, and procedural infrastructure associated with the provision of the Services to the A&M System in a manner that is, at all times during the term of this Agreement, at a level equal to or more stringent than those specified in ISO, NIST FIPS, or SSAC-16/SOC2.
3. Without limiting the foregoing, ASYSCO warrants that all Data will be encrypted in transmission (including via web interface) and in storage at a level equivalent to or stronger than 128-bit level encryption or 3DES.
4. ASYSCO shall at all times use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to anti-virus and anti-malware protections and intrusion detection and reporting methods in providing Services under this Agreement.
5. Prior to the Effective Date of this Agreement, ASYSCO will at its expense conduct or have conducted the following, and thereafter, ASYSCO will at its expense conduct or have conducted the following upon request by the A&M System and immediately after any actual or reasonably suspected Data Compromise:
(a) A SSAE 16/SOC 2 audit of ASYSCO’s security policies, procedures and controls and certification under NIST FIPS 200 AND SP 800-53 or ISO 27001/27002.
(b) A vulnerability scan, performed by an A&M System-approved third-party scanner, of ASYSCO’s systems and facilities that are used in any way to deliver Services under this Agreement;
(c) A formal penetration test, performed by process and qualified personnel approved by the A&M System, of ASYSCO’s systems and facilities that are used in any way to deliver Services under this Agreement.
6. ASYSCO will provide the A&M System the reports or other documentation resulting from the above audits, certifications, scans and tests within seven (7) business days of ASYSCO’s receipt of such results.
7. Based on the results of the above audits, certifications, scans and tests, ASYSCO will, within thirty (30) calendar days o...
Data Security and Integrity. 5.1 All facilities used to store and process County and End User Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to secure such Data in accordance of the American Institute of CPAs (AICPA)’s Service Organization Control (SOC) reporting platform SOC II compliance requirements. Vendor will provide proof of a current SOC II Compliance certification.
5.2 Prior to the Effective Date of this Agreement, Vendor will at its expense conduct or have conducted the following, and thereafter, Vendor will at its expense conduct or have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Compromise:
5.2.1 A SSAE 18/SOC 2 audit of Vendor’s security policies, procedures and controls.
5.2.2 Certification under “NIST FIPS 200 AND SP 800-53”, “ISO 27001/27002”, or other acceptable standard cloud computing services certification.
5.2.3 A vulnerability scan, performed by a County-approved Third Party scanner, of Vendor’s systems and facilities that are used in any way to deliver Services under this Agreement.
5.2.4 A formal penetration test, performed by a process and qualified personnel approved by County, of Vendor’s systems and facilities that are used in any way to deliver Services under this Agreement.
5.3 Vendor will provide County the reports or other documentation resulting from the above audits, certifications, scans and tests within seven (7) business days of Vendor’s receipt of such results.
5.4 Based on the results of the above audits, certifications, scans and tests, Vendor will, within thirty (30) calendar days of receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement, and provide County with written evidence of remediation.
5.4.1 County may require, at no expense to the County, that Vendor perform additional audits and tests, the results of which will be provided to County within seven (7) business days of Vendor’s receipt of such results should the results of the annual audit not meet the terms of this Addendum.
5.5 Vendor shall protect County and End User Data against deterioration or degradation of Data quality and authenticity, including, but not limited to annual Third Party Data integrity audits. Vendor will provide County the results of the above audits, along with Vendor’s plan for addressing or resolving any shortcomings identified by such audits, wi...
Data Security and Integrity. 6.1 All facilities used to store and process End User Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to secure such Data from unauthorized access, destruction, use, modification, or disclosure. Such measures will be no less protective than those used to secure Cybersoft’s own data of a similar type and in no event less than reasonable in view of the type and nature of the data involved.
6.2 Except as required by law or as agreed upon previously in writing between parties, Cybersoft does not allow for any sharing of Data with any other party and affirms that the Data will be used for the purpose only as outlined in this Agreement.
Data Security and Integrity. 7.1 The Data Processor, considering the state of the art, the costs of implementation, the nature, scope, context, purposes, and risks involved in the Services and Processing, and the rights of Data Subjects under Data Protection Laws, will implement appropriate technical and organizational measures to protect against Security Incidents and ensure the confidentiality, security, and integrity of the Data Controller's Personal Data, including during transmission, as described in Annex 2: Technical and Organizational Measures for Confidentiality, Security, and Integrity.
7.2 The Data Processor will take reasonable steps to ensure all its personnel, agents, and Sub-Processors authorized to Process the Data Controller's Personal Data are aware of and, to the extent necessary, have been trained on the implementation and maintenance of the Data Processor's technical and organizational measures to ensure the confidentiality, security, and integrity of the Data Controller's Personal Data as described in Annex 2: Technical and Organizational Measures for Confidentiality, Security, and Integrity.
7.3 The Data Processor will appoint a Data Protection Officer to be the primary point of contact for the Data Controller for information or concerns related to the confidentiality, security, and integrity of the Data Controller's Personal Data and for assistance in fulfilling the reasonable requests of Data Subjects, including those arising from Data Protection Laws. The Data Processor will appoint a Data Protection Officer to be the primary point of contact for the Data Controller for information or concerns related to the confidentiality, security, and integrity of the Data Controller's Personal Data. The Data Processor will provide the Data Controller with the name and contact details of the Data Protection Officer.
7.4 The Data Processor will immediately inform the Data Controller in the event of a Security Incident, comply with and assist the Data Controller in complying with all Data Protection Laws implicated by the Security Incident, and explain to the Data Controller the measures it is taking to address and mitigate any damage resulting from the Security Incident and to protect the Data Controller's Personal Data. Among other things, the Data Processor will describe to the Data Controller the nature and duration of the Security Incident, the Services impacted, the approximate number of Data Subjects affected, and the likely consequences.
Data Security and Integrity. 7.1 The ITSO will own all rights, title and interest in and to all of the ITSO Data and will have sole responsibility for the legality, reliability, integrity, accuracy and quality of the ITSO Data.
7.2 The NEMO will maintain an archive of the ITSO Data for not less than seven (7) years. In the event of any loss or damage to the ITSO Data which is not attributable to the default and negligence of the ITSO, the NEMO will restore the lost or damaged ITSO Data from the latest back-up of such the ITSO Data maintained by the NEMO.
7.3 The NEMO will:
7.3.1 take all reasonable precautions to preserve the integrity of any ITSO Data which it processes and to prevent any corruption or loss of such ITSO Data;
7.3.2 comply with its obligations under any applicable data security and integrity law, and will not, by act or omission, put the ITSO in breach of, or jeopardise any registration under, any such data security and integrity law;
7.3.3 promptly and fully notify the ITSO in writing of any notices in connection with the processing of any ITSO Data, including subject access requests, and provide such information and assistance as the ITSO may reasonably require;
7.3.4 promptly and fully notify the ITSO in writing if any ITSO Data has been disclosed in breach of Clause 14 (Confidentiality);
7.3.5 if there is any corruption or loss of ITSO Data attributable to any default by the NEMO or any of its Affiliates, use reasonable efforts to restore the data at its own expense;
7.3.6 subject to Clause 12, indemnify the ITSO against any loss or damage suffered by the ITSO in relation to any breach by the NEMO of its obligations under this Clause 7; and
7.3.7 submit to a data security audit if requested by the ITSO or if any Competent Authority requests or requires an audit of the ITSO and/or any of its service providers.
7.4 The ITSO hereby grants to the NEMO an irrevocable, non-exclusive, non- terminable, royalty-free licence to publish the ITSO Data and the Preliminary PCR Result to the members of the Power Exchange for use in their trading activities at their own risk and without recourse to the ITSO under the rules of the Power Exchange more particularly set out at: [ ].
7.5 The NEMO hereby grants to the ITSO an irrevocable, non-exclusive, non- terminable, royalty-free licence to use price data of the Power Exchange for the purposes of calculating the Day Ahead Market Spread (as such term is defined in the Interconnector Access Rules) when an explicit auction is held foll...
