Data Security Program Sample Clauses

Data Security Program. (a) The Supplier will maintain and comply with a comprehensive Security Program that conforms to (a) VITA Rules, including all VITA Rules comprising the then-current Commonwealth security procedures, including those found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/resources/vita-rules/ or successor URL(s), and (b) the Federal Information Security Management Act (or FISMA), 44 U.S.C. § 3541, et seq., and any other applicable Laws, and (c) Exhibit 2.1
Sample 1Sample 2Sample 3
AutoNDA by SimpleDocs
Data Security Program. Company will maintain a comprehensive written information security program that includes technical, physical, and administrative/organizational safeguards designed to (i) ensure the security and confidentiality of Ministerio de Hacienda Data and Personal Data, (H) protect against any anticipated threats or hazards to the security and integrity of Ministerio de Hacienda Data and of Personal Data, (Hi) protect against any actual or suspected unauthorized processing, loss, or acquisition of any Ministerio de Hacienda Data and any Personal Data, and (iv) ensure the proper disposal of Ministerio de Hacienda Data and Personal Data. Company will ensure that such program satisfies all of the requirements set forth in this Exhibit B and that Company complies with all such requirements, as well as any other written information security policies, procedures, and guidelines that are applicable to the Services. As used in this Exhibit B, the terms "systems", "information systems", and the like, include all information technology systems and all other Technology. Capitalized terms used but not defined in this Exhibit B will have the meanings set forth in the MSA.
Sample 1Sample 2
Data Security Program. Service Provider shall maintain a documented security program that has reasonable administrative, technical, and physical safeguards that are commensurate with the laws and industry standards relevant to Service Provider’s business activities and protects AbbVie Data according to its sensitivity. The minimum standards for Service Provider’s security controls that shall apply to the Services are set forth in Schedule A (AbbVie Third Party Security Controls).
Sample 1Sample 2
Data Security Program. ACS shall at all times maintain in effect a comprehensive data security program that includes reasonable and appropriate technical, organizational and physical security measures designed to protect against the destruction, loss, unauthorized access and/or alteration of data, including Symetra Data, in ACS’ possession, and which shall be: (a) no less rigorous than those measures maintained (or required to be maintained) by Symetra as of the Restatement Date (or required or implemented by Symetra in the future); (b) no less rigorous than those measures maintained by ACS for its own information of a similar nature; (c) no less rigorous than those measures that generally are implemented by providers of outsourcing services; and (d) compliant with all Symetra policies and procedures with which Symetra advises ACS it is required to comply (provided that ACS’ compliance with any such Symetra policies and procedures that are implemented and/or modified following the Restatement Date shall be effected through the Change Management Procedures), including those relating to the privacy, security, preservation and retention of data. The content and implementation of such data security program and associated technical, organizational and security measures shall be fully documented by ACS in the Service Delivery Reference Manual. From time to time, but not less frequently than annually, ACS proactively shall provide to Symetra information regarding industry-leading security best practices and ACS’ recommendations for implementing any of such practices. If Symetra wants to implement any of such practices, the Parties shall do so in accordance with the Change Management Procedures.
Sample 1Sample 2
Data Security Program. Vendor shall maintain in effect at all times a comprehensive data security program that includes reasonable and appropriate administrative, technical and physical security measures designed to detect, prevent and mitigate the risk of identity theft and protect against the destruction, loss, unauthorized access, disclosure, use and/or alteration of data (whether or not encrypted), including but not limited to Confidential Information, Customer Data, and Data, in Vendor's possession or under Vendor's control, and which shall be no less rigorous than those measures that are required to be maintained by Vendor to comply with applicable Laws and Regulations, including but not limited to, the current State of Washington Office of the Chief Information Officer (OCIO) IT Security Standards (OCIO 141.10) relating to Securing Information Technology Assets Standards, and shall ensure that all such safeguards, including the manner in which Confidential Information, Customer Data, and Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Contract. At WSDOT’s request, Vendor will provide the data security program to WSDOT for its review, and WSDOT shall have the right to provide feedback and comment on Vendor's data security program. If Vendor recommends certain security features that WSDOT does not approve, the matter will be escalated to the WSDOT and Vendor Contracting Officers for final resolution.
Sample 1
Data Security Program. The Center shall implement maintain and comply with komplexní programy, praktiky a postupy pro zabezpečení informací a sítí, které upravují provádění Studie (souhrnně „Program zabezpečení údajů“), které: (i) splňují současné nejlepší standardy v oboru; a (ii) jsou v souladu se všemi Platnými zákony o ochraně osobních údajů a zabezpečení údajů. Centrum písemně zdokumentuje svůj Program zabezpečení údajů a na vyžádání CRO nebo Zadavatele zpřístupní tyto dokumenty CRO nebo Zadavateli ke kontrole. Centrum bude udržovat svůj Program zabezpečení údajů aktuální. comprehensive information and network security programs, practices and procedures that govern the conduct of the Study (collectively, “Data Security Program”) that: (i) meets current best industry standards; and (ii) complies with all Applicable Privacy and Data Security Laws. The Center shall document its Data Security Program in written form and shall make those documents available to CRO or Sponsor for review upon CRO’s or Sponsor’s request. The Center shall keep its Data Security Program current and up- to-date.
Sample 1
Data Security Program. Provider shall maintain through the Term of the Agreement a comprehensive written data security program (“Data Security Program”) that satisfies the requirements under this Section 3. Without limiting the generality of Section 3.3, Provider’s Data Security Program must, at a minimum, comply with the most recently published version of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (IG3), and provide for: (a) protection of business facilities, paper files, servers, computing equipment, including all mobile devices and other equipment with information storage capability, and backup systems containing any Company Personal Data; (b) network, application (including databases) and platform security; (c) business systems segmentation designed to optimize security; (d) secure transmission and storage of Company Personal Data (whether by strong encryption or other equally protective measures); (e) authentication and access control mechanisms (including strong password management practices); and (f) personnel security and integrity requirements. Provider shall provide annual training to personnel and subcontractors on how to comply with the Provider’s Data Security Program. Provider shall regularly test and monitor the effectiveness of its Data Security Program and shall evaluate and adjust its Data Security Program in light of the results of such testing and monitoring. Provider shall notify Company of: (i) any material changes to its Data Security Program, and (ii) any other changes that may have a material effect on its Data Security Program.
Sample 1
AutoNDA by SimpleDocs
Data Security Program. Company will maintain a comprehensive written information security program that includes technical, physical, and administrative/organizational safeguards designed to (i) ensure the security and confidentiality of Republic Data and Personal Data, (ii) protect against any anticipated threats or hazards to the security and integrity of Republic Data and of Personal Data, (iii) protect against any actual or suspected unauthorized processing, loss, or acquisition of any Republic Data and any Personal Data, and (iv) ensure the proper disposal of Republic Data and Personal Data. Company will ensure that such program satisfies all of the requirements set forth in this Exhibit B and that Company complies with all such requirements, as well as any other written information security policies, procedures, and guidelines that are applicable to the Services. As used in this Exhibit B, the terms "systems", "information systems", and the like, include all information technology systems and all other Technology. Capitalized terms used but not defined in this Exhibit B will have the meanings set forth in the MSA.
Sample 1

Related to Data Security Program

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

  • Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.

  • Security Procedures The Fund shall comply with data access operating standards and procedures and with user identification or other password control requirements and other security procedures as may be issued from time to time by State Street for use of the System on a remote basis and to access the Data Access Services. The Fund shall have access only to the Fund Data and authorized transactions agreed upon from time to time by State Street and, upon notice from State Street, the Fund shall discontinue remote use of the System and access to Data Access Services for any security reasons cited by State Street; provided, that, in such event, State Street shall, for a period not less than 180 days (or such other shorter period specified by the Fund) after such discontinuance, assume responsibility to provide accounting services under the terms of the Custodian Agreement.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • Security Procedure The Client acknowledges that the Security Procedure it has designated on the Selection Form was selected by the Client from Security Procedures offered by State Street. The Client agrees that the Security Procedures are reasonable and adequate for its wire transfer transactions and agrees to be bound by any payment orders, amendments and cancellations, whether or not authorized, issued in its name and accepted by State Street after being confirmed by any of the selected Security Procedures. The Client also agrees to be bound by any other valid and authorized payment order accepted by State Street. The Client shall restrict access to confidential information relating to the Security Procedure to authorized persons as communicated in writing to State Street. The Client must notify State Street immediately if it has reason to believe unauthorized persons may have obtained access to such information or of any change in the Client’s authorized personnel. State Street shall verify the authenticity of all instructions according to the Security Procedure.

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!