Data Security Procedures Sample Clauses
Data Security Procedures. Subcontractor shall maintain appropriate policies and procedures to respond to incidents of unauthorized or suspected unauthorized access to or disclosure of Customer Data. Such policies and procedures shall equal or exceed the Advanta Data Security Standards and Payment Card Industry Standards. Subcontractor shall reasonably monitor, evaluate and adjust its information security system and procedures in response to relevant changes in technology, changes in the sensitivity of Customer Data and internal and external threats to information security and shall adopt such changes to its information security system and procedures as reasonably requested by Advanta. Subcontractor agrees to take appropriate actions to address any security breach involving such information. Subcontractor shall notify the Advanta General Program Manager promptly, and in any event as soon as reasonably possible after Subcontractor reasonably suspects or has concluded that any security incident or breach (which shall include any such breach caused by any employee of Subcontractor) has occurred or is about to occur that, in Subcontractor’s reasonable judgment, is likely to put any data, including any Customer Data, or network of Advanta at risk. Upon the occurrence of any such security incident or breach, (a) Subcontractor shall, as soon as practicable and at its sole expense, implement an action plan to correct the incident or breach and prevent the continuation of such security incident or breach, and shall promptly notify Advanta of the corrective action and measures taken and (b) Advanta may audit to determine whether the corrective action has been implemented and is effective. If there is any such security breach relating to Customer Data under Subcontractor’s ****** — Denotes material that has been omitted and filed separately with the Commission. control or the control of an entity with which Subcontractor has contracted, then Subcontractor shall pay the out of pocket expenses incurred by Advanta in responding to the security breach, including paying the cost of notifying customers that information about them was subject to a security breach. Any notice sent concerning a security breach shall be subject to the prior written approval of Advanta.
Data Security Procedures. The Contractor shall develop data security procedures to ensure only authorized access to data and databases by Contractor Representatives for purposes of performing the Agreement and to ensure no unauthorized access to data or databases by individuals or entities. The Contractor shall ensure that access to data and databases by Contractor Representatives will be provided on a need to know basis and will adhere to the principle of least privilege. (The principle of least privilege means giving a user account only those privileges which are essential to perform its intended function.)
Data Security Procedures. StarCompliance shall Representatives for purposes of performing the Agreement and to ensure no unauthorized access to data or databases by individuals or entities other than those authorized by the Agreement or the Client. . ( which are essential to perform its intended function.)
Data Security Procedures. Participating Provider undertakes solely in its own independent capacity to (and will procure that all Provider Personnel will) maintain reasonable operating standards and security procedures, and shall use their best efforts to secure Personal Data and Confidential Information (collectively, “Confidential Data”) through the use of reasonable and appropriate administrative, physical, and technical safeguards including, but not limited to, appropriate network security and encryption technologies governed by an established set of policies and procedures (an “Information Security Management System”). Participating Provider shall maintain and regularly update the Information Security Management System based upon a formal change control process that governs how security controls are adjusted over time ensuring at all times that it maintains a comparable or better level of security than that defined in this Exhibit B. Such Information Security Management System shall: (A) ensure the ongoing confidentiality, integrity, availability, and resilience of Participating Provider systems and services processing Confidential Data and those of subcontractors that have been authorized by Apple to process Confidential Data; (B) enable Participating Provider to restore the availability and access to Confidential Data in a timely manner in the event of a physical or technical incident; (C) maintain a process for regularly testing, assessing, and evaluating the effectiveness of all technical and organizational measures for ensuring the security of Confidential Data at all times; and (D) shall also include the following:
(i) Implementation of controls to manage access to Confidential Data, including:
(a) Preventing access to Confidential Data other than by those Provider Personnel that must access Confidential Data to perform Participating Provider’s obligations under the Terms and Conditions (hereinafter, the “Services”);
(b) Immediately terminating access privileges to Confidential Data for any Provider Personnel that no longer need such access, and conducting regular reviews of access lists in accordance with high industry standards to ensure that access privileges have been appropriately provisioned and terminated;
(c) Requiring Provider Personnel the use of multi-factor authentication to access Confidential Data; and
(d) Providing regular training on data security to all Provider Personnel that may have access to Confidential Data;
(ii) Maintenance of firewalls to segregat...
Data Security Procedures. Though the SDPBC data provided to the individual/organization does not contain “personally identifiable information” as defined in 34 CFR § 99.3, it is still critical that the data be kept secure and confidential. Therefore, all SDPBC student level data must be stored securely so that only authorized users within the organization have access to it. This means that computer data bases should be password protected; that precautions are taken to ensure that access through modems, networks, and the Internet is carefully monitored and limited to authorized users; and that data tapes, disks, paper files and other storage media are kept in secure locations.
Data Security Procedures. The first point of security is access to the computer system and its data via the local network of users. To enhance security and reduce the risk of unauthorized access, the following guidelines shall be followed:
A. Users will be assigned one unique account for access to the system.
B. Each user account shall require a password with a minimum of 6 characters. This password shall be treated as confidential information by the users. Users are responsible to safeguard their passwords, other access protocols, and district and Computer Center information, in whatever form. No list of passwords shall be maintained by the Computer Center or the District.
C. All users will be required by the system to change their password or at least every 90 days; "captive" accounts (accounts which have access to only limited, non-system programs and commands) must have their passwords assigned by the Computer Center and shall be changed at least every year.
D. A review of user account activity will be performed quarterly by the computer staff. User accounts that have not been accessed in the previous 180 days will be disabled; users not accessing their account in the previous 90 days will be notified that such inactivity may cause their account to be disabled. Users should ensure their terminals, when not in use, are properly logged off the system.
E. Users shall be granted only those privileges consistent with the duties and responsibilities of their position. Authorized privileges shall be grouped in a "normal" and "extended" category: "normal" privileges are granted by the system when a user logs onto the system and represent the privileges required to perform the users normal duties; "extended" privileges are those privileges which the user may be authorized to use, but which must be specifically enabled by user before being utilized.
F. Access to the computer system via an electronic network outside the Computer Center area will be restricted to the minimum level of access necessary for authorized users. No "general access" accounts shall be maintained.
G. Access to privileged or system accounts shall only occur with the authorization of the Computer Center Director. Following outside access to a privileged account, the account password shall be changed to prevent further access without the Computer Center staff's knowledge.
H. Audit Log Sufficient audit alarms shall be enabled to track attempts to break into a user or system account and other security-related events. The...
Data Security Procedures. We restrict access to non-public personal information about you to those persons who need to know that information in connection with providing products or services to you. We may from time to time provide the retailer(s) where you may make purchases using your credit card issued by us with access to your non-public personal information. We maintain physical, electronic, and procedural safeguards to guard your non-public personal information.