Encryption The Fund acknowledges and agrees that encryption may not be available for every communication through the System, or for all data. The Fund agrees that Custodian may deactivate any encryption features at any time, without notice or liability to the Fund, for the purpose of maintaining, repairing or troubleshooting the System or the Software.
Workstation/Laptop encryption All workstations and laptops that process and/or store DHCS PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the DHCS Information Security Office.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Workstation Encryption Supplier will require hard disk encryption of at least 256-bit Advanced Encryption Standard (AES) on all workstations and/or laptops used by Personnel where such Personnel are accessing or processing Accenture Data.
Encrypt or Encryption As defined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule at 45 CFR 164.304, means the use of an algorithmic process to transform Personally Identifiable Information into an unusable, unreadable, or indecipherable form in which there is a low probability of assigning meaning without use of a confidential process or key.
Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.
Customer Data 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at XxxxxXXX.xxx or such other website address as may be notified to the Customer as such document may be amended by the Supplier in its sole discretion from time to time the current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion.
5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(b) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(c) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(d) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.5 The Supplier and the Customer shall comply with their respective obligations as set out in Schedule 4 of this Agreement
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes.
11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses.
11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.
Computers All computers, hardware, software, computer upgrades and maintenance in connection therewith shall be at Owner's expense.
Device Data We may share certain personal information and device-identifying technical data about you and your devices with third party service providers, who will compare and add device data and fraud data from and about you to a database of similar device and fraud information in order to provide fraud management and prevention services, which include but are not limited to identifying and blocking access to the applicable service or Web site by devices associated with fraudulent or abusive activity. Such information may be used by us and our third party service providers to provide similar fraud management and prevention services for services or Web sites not provided by us. We will not share with service providers any information that personally identifies the user of the applicable device.
