DATA SECURITY AND SAFEGUARDS Sample Clauses

DATA SECURITY AND SAFEGUARDS. The Data Applicant and Data Recipient agree to establish, comply with, and update appropriate administrative, technical, and physical safeguards to protect the confidentiality of MHDO Data and to prevent unauthorized use, access to, or disclosure of the MHDO Data other than as provided for by this Agreement. MHDO Data shall be stored and accessed only in areas that are physically safe from access by unauthorized persons at all times. The MHDO Data shall be protected electronically to prevent unauthorized access by computer, remote access, or any other means. The Data Applicant and Data Recipient agree that all MHDO Data and work product derived therefrom that has not been approved by MHDO for publication will be encrypted at rest and in transit. Block level encryption of all media is required where MHDO data are stored. The strength of data encryption must be a certified algorithm which is 256 bit or higher. Any encryption keys protecting the storage or transmission of MHDO Data, including the MHDO encryption key, shall only be used by individual persons specified on this MHDO DUA. Such keys shall be stored and transmitted separately from the information they protect. The Data Applicant and Data Recipient expressly agree that MHDO Data will not be accessed, tested, maintained, backed-up, transmitted, or stored outside of the United States. The Data Applicant and Data Recipient may not sell, re-package or in any way make MHDO Data available at the individual element level, unless the ultimate viewers of that data have applied to MHDO for this data, been approved for such access and signed an MHDO DUA. The Data Applicant and Data Recipient shall immediately inform the MHDO of any legal process by which third parties try to obtain access to MHDO data held by the Data Applicant or Data Recipient or any subcontractor and shall not turn over any data except as permitted by MHDO. The Data Applicant and Data Recipient agree to report to the MHDO: all security incidents including attempted or successful unauthorized access, use, disclosure, modification or destruction of MHDO Data; interference with system operation in an information system that contains MHDO Data; and specifically, any potential or actual breach of Protected Health Information (PHI) from the MHDO Data. Data Applicant and Data Recipient shall report any such actual or suspected security incident to the MHDO Executive Director within 24 hours after it is discovered. The Data Applicant and Data Recip...

DATA SECURITY AND SAFEGUARDS. The Supplier shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Sanoma’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent, such as SSAE-16(2)); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes (e.g. for the Supplier’s other customers’ purposes); (vi) ensure that the Personal Data is Processed separately from the data of other Supplier’s customers; and (vii) take all necessary precautions in performing the Services to prevent: loss and alteration of any data, unauthorized access to Sanoma’s IT environment, introduction of viruses to Sanoma’s systems, improper access to Sanoma’s IT environment and confidential information of Sanoma.

DATA SECURITY AND SAFEGUARDS. 4.1. Talshir shall use appropriate safeguards and data security measures and comply with Subpart C of 45 C.F.R. Part 164 of HIPAA with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA. 4.2. Talshir shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Subcontractor’s operations, comply with applicable requirements of this BAA, the Privacy Rule, the Security Rule and the Breach Notification Rule to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. 4.3. Those measures shall include (as a minimum): a) Implementation of security-related policies and procedures, standards and practices designated for the protection of PHI; b) Minimalization of PHI processing; c) Use of encryption and pseudonymization where needed and possible; d) Implementation of data protection measures by default and by design; e) The use of proper firewalls and antivirus systems; f) Managing organizational passwords policy which enforces complexity requirements; g) Managing strict access authorization policy which ensures that any access to PHI by Talshir employees shall be strictly limited to employees which are in need for that data, for the provision of the Services; h) Keeping backup and recovery capabilities; i) The use of other state of the art technological and organizational controls mitigating data protection risks or any data breach or loss.

DATA SECURITY AND SAFEGUARDS. EPG and/or its Data Processors shall implement and maintain, at all times, appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access so that all processing is in compliance with Laws and written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined or indicated by EPG, following the recommendations as laid out in ISO/IEC 27000 series (‘Information Security Management Systems (ISMS) standards’, or equivalent). Access to Personal Data shall be limited to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. EPG and/or its Data Processors shall also ensure, by technical and organizational means, that Personal Data is not processed for different purposes and that the Data is processed separately from the Data of other third-party entities. In terms of the main Agreement, this present Policy document and any applicable Descriptions of Services or other Appendices, all necessary precautions are taken to prevent loss and alteration of any data, to prevent unauthorised access to EPG’s I.T. environment, to prevent introduction of viruses to EPG’s systems, and to prevent improper access to EPG’s I.T. environment and Confidential Information.

DATA SECURITY AND SAFEGUARDS. The [Universities] shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Publisher’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; and (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes.

DATA SECURITY AND SAFEGUARDS