Data Security Requirements. Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Data Security Requirements. A. Data Transport. When transporting Confidential Information electronically, including via email, the data will be protected by:
1. Transporting the data within the County network or Agency’s internal network, or;
2. Encrypting any data that will be in transit outside the County’s network or Agency’s internal network. This includes transit over the public Internet.
Data Security Requirements. Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53). Contractor also shall provide technical and organizational safeguards against accidental, unlawful, or unauthorized access or use, destruction, loss, alteration, disclosure, transfer, commingling, or processing of such information that ensure a level of security appropriate to the risks presented by the processing of County Data. Contractor personnel and/or subcontractor personnel and affiliates approved by County to perform work under this Contract may use or disclose County personal and confidential information only as permitted in this Contract. Any other use or disclosure requires express approval in writing by the County of Orange. No Contractor personnel and/or subcontractor personnel or affiliate shall duplicate, disseminate, market, sell, or disclose County personal and confidential information except as allowed in this Contract. Contractor personnel and/or subcontractor personnel or affiliate who access, disclose, market, sell, or use County personal and confidential information in a manner or for a purpose not authorized by this Contract may be subject to civil and criminal sanctions contained in applicable federal and state statutes. Contractor shall take all reasonable measures to secure and defend all locations, equipment, systems, and other materials and facilities employed in connection with the Services against hackers and others who may seek, without authorization, to disrupt, damage, modify, access, or otherwise use Contractor systems or the information found therein; and prevent County data from being commingled with or contaminated by the data of other customers or their users of the Services and unauthorized access to any of County data. Contractor shall also continuously monitor its systems for potential areas where security could be breached. In no case shall the safeguards of Contractor’s data privacy and information and cyber security program be less string...
Data Security Requirements. Website Payments Pro, Advanced Credit and Debit Card Payments and Virtual Terminal enable you to accept payments online directly from debit and credit cards, which are payment instruments whose security depends on controlling the disclosure of Card Data. A person who has sufficient Card Data can send or receive a card payment charged to the cardholder’s account without necessarily having the cardholder’s authorisation for the payment. To prevent your Shared Customers from having their Card Data misused, you must keep Card Data secret at all times. The General Data Protection Regulation also requires you to keep a Shared Customer’s personal data secure. PayPal strongly recommends that you obtain the services of a competent professional expert in information security to advise you and assist in securing your website and any other points of sale.
Data Security Requirements. Exhibit A shall only apply to the County if the County possesses 150 or
Data Security Requirements. USBFS must have well-documented procedures for information backup with validity checked on a periodic interval.
Data Security Requirements. Exhibit A shall only apply to the County if the County possesses 150 or more DSHS records across all programs or services throughout their organization, or transmits more than 5 records at one time.
Data Security Requirements. Attachment E shall only apply if the Contractor serves 150 or more DSHS clients for the entity as a whole.
Data Security Requirements. 3.1 The PCI Security Standards Council (“PCI SSC”) was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa, Inc. All five founders agreed to incorporate PCI Data Security Standards (“PCI DSS”) as the technical requirements of each of their data security compliance programs. The PCI SSC is responsible for the Payment Application Data Security Standard (“PA-DSS”) and PIN Transaction Security Requirements for PIN-Entry Devices (“PED”). PCI DSS applies to any Merchant or Merchant Servicer that stores, processes or transmits Cardholder information. All eligible Merchants, regardless of size, must comply with these standards. Following are standards that, at a minimum, Merchant must comply with:
(a) Install and maintain a firewall configuration to protect Cardholder data.
(b) Do not use vendor-supplied defaults for system passwords and other security parameters.
(c) Protect stored Cardholder data.
(d) Encrypt transmission of Cardholder data across open, public networks.
(e) Use and regularly update anti-virus software or programs.
(f) Develop and maintain secure systems and applications.
(g) Restrict access to Cardholder data by business need-to-know.
(h) Assign a unique ID to each person with computer access.
(i) Restrict physical access to Cardholder data.
(j) Track and monitor all access to network resources and Cardholder data.
(k) Regularly test security systems and processes.
(l) Maintain a policy that addresses information security for all personnel. Revised 111113 More information, including the complete PCI DSS specifications can be found at: xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxx providers.vpa_agreement.php Each of the Card Schemes has requirements based on PCI DSS that define a standard of due care and enforcement for protecting sensitive information. Merchant must meet the compliance validation requirements defined by the Card Schemes available at: xxx.xxxx.xxx/xxxx xxx.xxxxxxxxxx.xxx/xxx xxx.xxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxx/xxxx.xxxx xxx.xxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxx In cases where payment application software is used as a part of Authorization or settlement of Cardholder data, Merchant must use a PA-DSS compliant payment application or have current proof of PCI DSS compliance validation. The List of Validated Payment Applications may be found at: xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/approvedcompanies providers/vpaagreement.php In cases where PIN-based debit Transactions are processed, Merchant mu...
Data Security Requirements. Company agrees at all times to comply with the applicable security requirements set forth in the User Manuals, as the same may be revised from time to time, as well as the data protection/security requirements imposed under federal, state and local laws, rules and regulations.
