EU Policy and Legal Context for Cyber Security Sample Clauses

EU Policy and Legal Context for Cyber Security. The NIS Directive Under the EU Directive on the security of Network and Information Systems [NIS], Operators of Essential Services (OES) are required to take appropriate and proportionate security measures to identify and manage risks to networks and information systems. They are also required to notify serious incidents to the national competent authority. In the case of EU Railway OES, their IT systems 2 OES – Operators of Essential Services as defined by the [NIS] Directive are interconnected in various ways, and the threats they face are in common, and so a joint affirmative action is required to ensure interconnected European railways can support each other, share knowledge, and share response capacity for common European benefit. Such actions can have multiple forms (see later). XXX demands that Member State Governments, and OES such as Railways, take steps to ensure Cyber Security for European Society and Economy. The Member States National Frameworks and Strategies are supported by the European Cooperation Group (ECG3) to conjoin efforts across Europe concerning transposition of NIS into law. The Member State CSIRTs are supported by the European CSIRTS Network (ECN4) for coordination of shared response (see later). However, the European level, and National level, cannot be fully effective without parallel actions by Railway OES due to their “connectedness”. Railways as “OES” are mandated to report all Cyber Security incidents to their National cyber security teams. However, since a threat at one railway or one of its systems is potentially a threat at conjoined railways (via shared infrastructure, messaging, etc., or via common enemies promoting malicious or criminal actions), a pan-European collaboration is clearly demanded. This is further complicated by the dependence of Railway OES on Digital Service Providers (DSPs) who effectively deploy and manage systems and services on behalf of the National and pan-European Railway infrastructure of SERA. The relationships subsumed under NIS are therefore somewhat hierarchic as shown in Figure 2.
AutoNDA by SimpleDocs
EU Policy and Legal Context for Cyber Security. The Cybersecurity Act 10
EU Policy and Legal Context for Cyber Security. The Cybersecurity Act On June 2019, the European Parliament and the Council of the European Union adopted the European “Cybersecurity Act” (CSA) Regulation. The Cybersecurity Act: • Reinforce the new permanent mandate of XXXXX to assist Member States in preventing and responding to cyber-attacks and • Stablish the European cybersecurity certification framework to ensure Information and communication technology (ICT) products, services and procedures are cyber secure. Most of the CSA’s provisions support or advance provisions of the NIS Directive. However, the Act: • Establishes an EU cybersecurity certification framework for ICT products, services, and processes. • Requires Member States to designate one or more national cybersecurity certification authorities. • Establishes assessment bodies to determine conformity with the Act. • Requires Member States to determine penalties for certification violations and infringement of European cybersecurity certification schemes. The opening clauses of the CSA (whereas 2) provide an extensive justification of the need to develop such as certification framework. ICT products and services “are not sufficiently built-in by design, leading to insufficient cybersecurity”. The Act also notes that “the limited use of certification leads to individual, organizational and business users having insufficient information about the cybersecurity features of ICT products, ICT services, and ICT processes, which undermines trust in digital solutions.” In this context, any rail digital service providers, train builders, rail equipment suppliers or commercial cybersecurity threat intelligence providers offering ICT products, services, or processes within the EU to rail OES (IMs and RUs), are affected by the Cybersecurity Act and should begin monitoring the ENISA and EU websites for updates on EU cybersecurity certification schemes. Furthermore, the CSA emphasises (whereas 92) that “it could be necessary in the future to impose specific cybersecurity requirements and make the certification thereof mandatory for certain ICT products, ICT services or ICT processes, in order to improve the level of cybersecurity in the Union”. The CSA also points out that “The efficiency of the European cybersecurity certification schemes, and whether specific schemes should be made mandatory, should be assessed in light of the cybersecurity-related legislation of the Union, in particular Directive (EU) 2016/1148, taking into consideration the security o...

Related to EU Policy and Legal Context for Cyber Security

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Data Protection and Security A. In this Agreement the following terms shall have the meanings respectively ascribed to them:

  • Certification of Meeting or Exceeding Tobacco-Free Workplace Policy Minimum Standards A. Grantee certifies that it has adopted and enforces a Tobacco-Free Workplace Policy that meets or exceeds all of the following minimum standards of:

  • Privacy and Security (a) The Service Provider shall not transmit or store any AHS data outside the borders of Canada, nor transmit any AHS data in Canada to any party not specifically contemplated in this Agreement, without AHS’s prior written consent to each such data transmittal, which consent may be arbitrarily and unreasonably withheld.

  • Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.

  • CERTIFICATION PROHIBITING DISCRIMINATION AGAINST FIREARM AND AMMUNITION INDUSTRIES (Texas law as of September 1, 2021) By submitting a proposal to this Solicitation, you certify that you agree, when it is applicable, to the following required by Texas law as of September 1, 2021: If (a) company is not a sole proprietorship; (b) company has at least ten (10) full-time employees; (c) this contract has a value of at least $100,000 that is paid wholly or partly from public funds; (d) the contract is not excepted under Tex. Gov’t Code § 2274.003 of SB 19 (87th leg.); and (e) governmental entity has determined that company is not a sole-source provider or governmental entity has not received any bids from a company that is able to provide this written verification, the following certification shall apply; otherwise, this certification is not required. Pursuant to Tex. Gov’t Code Ch. 2274 of SB 19 (87th session), the company hereby certifies and verifies that the company, or association, corporation, partnership, joint venture, limited partnership, limited liability partnership, or limited liability company, including a wholly owned subsidiary, majority-owned subsidiary parent company, or affiliate of these entities or associations, that exists to make a profit, does not have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association and will not discriminate during the term of this contract against a firearm entity or firearm trade association. For purposes of this contract, “discriminate against a firearm entity or firearm trade association” shall mean, with respect to the entity or association, to: “(1) refuse to engage in the trade of any goods or services with the entity or association based solely on its status as a firearm entity or firearm trade association; (2) refrain from continuing an existing business relationship with the entity or association based solely on its status as a firearm entity or firearm trade association; or (3) terminate an existing business relationship with the entity or association based solely on its status as a firearm entity or firearm trade association. See Tex. Gov’t Code § 2274.001(3) of SB 19. “Discrimination against a firearm entity or firearm trade association” does not include: “(1) the established policies of a merchant, retail seller, or platform that restrict or prohibit the listing or selling of ammunition, firearms, or firearm accessories; and (2) a company’s refusal to engage in the trade of any goods or services, decision to refrain from continuing an existing business relationship, or decision to terminate an existing business relationship to comply with federal, state, or local law, policy, or regulations or a directive by a regulatory agency, or for any traditional business reason that is specific to the customer or potential customer and not based solely on an entity’s or association’s status as a firearm entity or firearm trade association.” See Tex. Gov’t Code § 2274.001(3) of SB 19.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Summary of Policy and Prohibitions on Procurement Lobbying Pursuant to State Finance Law §139-j and §139-k, this Contract includes and imposes certain restrictions on communications between OGS and a Vendor during the procurement process. A Vendor is restricted from making contacts from the earliest notice of intent to solicit offers/bids through final award and approval of the Procurement Contract by OGS and, if applicable, the Office of the State Comptroller (“restricted period”) to other than designated staff unless it is a contact that is included among certain statutory exceptions set forth in State Finance Law §139-j(3)(a). Designated staff, as of the date hereof, is identified in Appendix G, Contractor and OGS Information, or as otherwise indicated by OGS. OGS employees are also required to obtain certain information when contacted during the restricted period and make a determination of the responsibility of the Vendor pursuant to these two statutes. Certain findings of non-responsibility can result in rejection for contract award and in the event of two findings within a four-year period; the Vendor is debarred from obtaining governmental Procurement Contracts. Further information about these requirements can be found on the OGS website: xxxx://xxx.xxx.xx.xxx/aboutOgs/regulations/defaultSFL_139j-k.asp.

  • Limitation of Vendor Indemnification and Similar Clauses This is a requirement of the TIPS Contract and is non-negotiable TIPS, a department of Region 8 Education Service Center, a political subdivision, and local government entity of the State of Texas, is prohibited from indemnifying third-parties (pursuant to the Article 3, Section 52 of the Texas Constitution) except as otherwise specifically provided for by law or as ordered by a court of competent jurisdiction. Article 3, Section 52 of the Texas Constitution states that "no debt shall be created by or on behalf of the State … " and the Texas Attorney General has opined that a contractually imposed obligation of indemnity creates a "debt" in the constitutional sense. Tex. Att'y Gen. Op. No. MW-475 (1982). Thus, contract clauses which require TIPS to indemnify Vendor, pay liquidated damages, pay attorney's fees, waive Vendor's liability, or waive any applicable statute of limitations must be deleted or qualified with ''to the extent permitted by the Constitution and Laws of the State of Texas." Does Vendor agree? Yes, I Agree Alternative Dispute Resolution Limitations This is a requirement of the TIPS Contract and is non-negotiable. TIPS, a department of Region 8 Education Service Center, a political subdivision, and local government entity of the State of Texas, does not agree to binding arbitration as a remedy to dispute and no such provision shall be permitted in this Agreement with TIPS. Vendor agrees that any claim arising out of or related to this Agreement, except those specifically and expressly waived or negotiated within this Agreement, may be subject to non-binding mediation at the request of either party to be conducted by a mutually agreed upon mediator as prerequisite to the filing of any lawsuit arising out of or related to this Agreement. Mediation shall be held in either Camp or Titus County, Texas. Agreements reached in mediation will be subject to the approval by the Region 8 ESC's Board of Directors, authorized signature of the Parties if approved by the Board of Directors, and, once approved by the Board of Directors and properly signed, shall thereafter be enforceable as provided by the laws of the State of Texas. Does Vendor agree? Yes, Vendor agrees Does Vendor agree? Yes, Vendor agrees No Waiver of TIPS Immunity This is a requirement of the TIPS Contract and is non-negotiable. Vendor agrees that nothing in this Agreement shall be construed as a waiver of sovereign or government immunity; nor constitute or be construed as a waiver of any of the privileges, rights, defenses, remedies, or immunities available to Region 8 Education Service Center or its TIPS Department. The failure to enforce, or any delay in the enforcement, of any privileges, rights, defenses, remedies, or immunities available to Region 8 Education Service Center or its TIPS Department under this Agreement or under applicable law shall not constitute a waiver of such privileges, rights, defenses, remedies, or immunities or be considered as a basis for estoppel. 5 Does Vendor agree? Yes, Vendor agrees Payment Terms and Funding Out Clause This is a requirement of the TIPS Contract and is non-negotiable. Vendor agrees that TIPS and TIPS Members shall not be liable for interest or late-payment fees on past-due balances at a rate higher than permitted by the laws or regulations of the jurisdiction of the TIPS Member. Funding-Out Clause: Vendor agrees to abide by the applicable laws and regulations, including but not limited to Texas Local Government Code § 271.903, or any other statutory or regulatory limitation of the jurisdiction of any TIPS Member, which requires that contracts approved by TIPS or a TIPS Member are subject to the budgeting and appropriation of currently available funds by the entity or its governing body. 2

  • Multiple Measures of Student Learning Measures must include a combination of classroom, school and district assessments, student growth percentiles on state assessments, if state assessments are available, and student MEPA gain scores. This definition may be revised as required by regulations or agreement of the parties upon issuance of ESE guidance expected by July 2012.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!