Data Security Security Compliance Audits Sample Clauses

Data Security Security Compliance Audits 
Sample 1Sample 2Sample 3
AutoNDA by SimpleDocs

Related to Data Security Security Compliance Audits

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

  • Operator’s Security Contact Information Xxxxxxx X. Xxxxxxx Named Security Contact xxxxxxxx@xxxxxxxxx.xxx Email of Security Contact (000) 000-0000 Phone Number of Security Contact

  • Compliance Monitoring Grantee must be subject to compliance monitoring during the period of performance in which funds are Expended and up to three years following the closeout of all funds. In order to assure that the program can be adequately monitored, the following is required of Grantee: a. Grantee must maintain a financial tracking system provided by Florida Housing that ensures that CRF funds are Expended in accordance with the requirements in this Agreement. b. Grantee must maintain records on all awards to Eligible Persons or Households. These records must include, but are not limited to: i. Proof of income compliance (documentation from submission month, including but not limited to paystub, Florida unemployment statement, social security and/or disability statement, etc.); ii. Lease; and iii. Documentation of rental assistance payments made.

  • Compliance Control Services (1) Support reporting to regulatory bodies and support financial statement preparation by making the Fund's accounting records available to the Trust, the Securities and Exchange Commission (the “SEC”), and the independent accountants. (2) Maintain accounting records according to the 1940 Act and regulations provided thereunder. (3) Perform its duties hereunder in compliance with all applicable laws and regulations and provide any sub-certifications reasonably requested by the Trust in connection with any certification required of the Trust pursuant to the Xxxxxxxx-Xxxxx Act of 2002 (the “SOX Act”) or any rules or regulations promulgated by the SEC thereunder, provided the same shall not be deemed to change USBFS’s standard of care as set forth herein. (4) Cooperate with the Trust’s independent accountants and take all reasonable action in the performance of its obligations under this Agreement to ensure that the necessary information is made available to such accountants for the expression of their opinion on the Fund’s financial statements without any qualification as to the scope of their examination.

  • Environmental Compliance and Reports Borrower shall comply in all respects with any and all Environmental Laws; not cause or permit to exist, as a result of an intentional or unintentional action or omission on Borrower’s part or on the part of any third party, on property owned and/or occupied by Borrower, any environmental activity where damage may result to the environment, unless such environmental activity is pursuant to and in compliance with the conditions of a permit issued by the appropriate federal, state or local governmental authorities; shall furnish to Lender promptly and in any event within thirty (30) days after receipt thereof a copy of any notice, summons, lien, citation, directive, letter or other communication from any governmental agency or instrumentality concerning any intentional or unintentional action or omission on Borrower’s part in connection with any environmental activity whether or not there is damage to the environment and/or other natural resources. Additional Assurances. Make, execute and deliver to Lender such promissory notes, mortgages, deeds of trust, security agreements, assignments, financing statements, instruments, documents and other agreements as Lender or its attorneys may reasonably request to evidence and secure the Loans and to perfect all Security Interests.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!