General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.
General Security Requirements. The Contractor (and/or any subcontractor) shall comply with information security and privacy requirements, Enterprise Performance Life Cycle (EPLC) processes, HHS Enterprise Architecture requirements to ensure information is appropriately protected from initiation to expiration of the contract. All information systems development or enhancement tasks supported by the contractor shall follow the HHS EPLC framework and methodology or and in accordance with the HHS Contract Closeout Guide (2012). HHS EA requirements may be located here: xxxxx://xxx.xxx.xxx/ocio/ea/documents/proplans.html.
General Security Requirements. (a) GA shall have a written, comprehensive information security program for the establishment and maintenance of a security system covering all electronic equipment, including its computers and any wireless system that, at a minimum, has the following elements:
(i) Secure user authentication protocols that include:
(A) control of user IDs and other identifiers;
(B) a secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;
(C) control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect;
(D) restricting access to active users and active user accounts only;
(E) blocking access to user identification after multiple unsuccessful attempts to gain access or limitation placed on access for the particular system;
(F) prohibitions against sharing or migrating access privileges to another individual; and
(G) assignment of access privileges only to identifiable, individual accounts, and all activity conducted by these accounts must be auditable.
(ii) Secure access control measures that:
(A) restrict access to records and files containing Confidential Information to those who need such information to perform their job duties; and
(B) assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with computer access, that are reasonably designed to maintain the integrity of the security of the access controls.
(b) Company may require GA to have an annual review and/or an annual technical audit of its security policies and practices by Company, or, at GA’s option and expense, an independent auditor, to ensure compliance with this Amendment. The third party audit report, including recommendations for remedying deficiencies where appropriate, will be provided to Company within seven (7) business days of receipt of the report by GA. GA shall have thirty (30) calendar days to implement remedies to any identified deficiencies, and notify Company that such deficiencies have been addressed. GA’s failure to remedy the identified deficiencies shall be considered in breach of this Section 5.
(c) GA will encrypt all records and files containing Confidential Information that are transmitted across public networks or transmitted wirelessly.
(d) GA will encrypt all desktop computers, laptops and all other portable devices on which Confidential Information is st...
General Security Requirements. (a) GA will maintain a written, information security program designed to protect the confidentiality, integrity and availability of Confidential Information in paper or other records and within its information system, including computers, devices, applications, and any wireless systems, and designed to perform the following core information security functions:
(i) identify and assess both internal and external information security risks (“Risk Assessment”);
(ii) utilize a defensive infrastructure;
(iii) implement policies and procedures that protect Confidential Information from unauthorized Use;
(iv) detect, respond to, and mitigate, Information Security Breaches and Security Incidents, restoring normal operations and services; and
(v) fulfill regulatory reporting obligations.
(b) The Risk Assessment performed by GA will be:
(i) sufficient to inform the design of the information security program;
(ii) updated as reasonably necessary to address changes to GA’s information systems, records, Confidential Information, and business operations; and
General Security Requirements. (a) GA will maintain a written, information security program designed to protect the confidentiality, integrity and availability of Confidential Information in paper or other records and within its information system, including computers, devices, applications, and any wireless systems, and designed to perform the following core information security functions:
(i) identify and assess both internal and external information security risks (“Risk Assessment”);
(ii) utilize a defensive infrastructure;
(iii) implement policies and procedures that protect Confidential Information from unauthorized Use;
(iv) detect, respond to, and mitigate, Information Security Breaches and Security Incidents, restoring normal operations and services; and
(v) fulfill regulatory reporting obligations.
(b) The Risk Assessment performed by GA will be:
(i) sufficient to inform the design of the information security program;
(ii) updated as reasonably necessary to address changes to GA’s information systems, records, Confidential Information, and business operations; and
(iii) documented and carried out in accordance with written policies and procedures.
(c) GA will designate a qualified individual responsible for overseeing and implementing its information security program and enforcing its information security policy initiatives.
(d) GA will assess the effectiveness of its information security program through continuous monitoring, periodic penetration testing and vulnerability assessments, or similar actions, all as dictated by its Risk Assessment.
(e) GA, or GA’s designated third party, will:
(i) utilize qualified information security personnel to manage its information security risks and perform or oversee the performance of GA’s core information security functions; and
(ii) provide or verify that such personnel have obtained periodic information security training to maintain up-to-date knowledge of changing information security threats and countermeasures.
(f) GA will provide regular information security awareness training for all personnel.
(g) GA will have written policies, implemented and approved by senior management for the protection of its information systems and Confidential Information, addressing the following:
(i) data governance and classification;
(ii) asset inventory and device management;
(iii) access controls and identity management;
(iv) business continuity and disaster recovery planning;
(v) system security and monitoring;
(vi) network security and monitoring;...
General Security Requirements. The following requirements apply to all components of the Tribal Lottery System, including the Manufacturing Computer, the Central Computer, the Electronic Accounting System and Player Terminals. SNOQUALMIE TRIBE APPENDIX X2 02-26-07
9.1 Separation. The Manufacturing Computer, Central Computer, and Player Terminals in each Tribal Lottery System shall be physically and operationally independent from one another except as specified otherwise in this Appendix, such as for communications, storage and security monitoring, including the routing of communications among system components, provided such routing does not affect the integrity of the communications or the outcome of any game. All Tribal Lottery System cables shall be secured against unauthorized access,
General Security Requirements. Signatory shall comply with the HIPAA Security Rule as if the HIPAA Security Rule applied to Individually Identifiable Information that is TI regardless of whether Signatory is a Covered Entity or a Business Associate. Signatory shall also comply with the security requirements stated in Section 12 of this Common Agreement and specific additional requirements as described in the QTF and applicable SOPs. With the exception of Section 12.1.5, none of these requirements in Section 12.1 shall apply to any federal agency or any other type of entity exempted from compliance with this Section 12.1 in an applicable SOP.
General Security Requirements. Vendor / Bidder should have the security controls in place to protect sensitive and/or confidential information shared with the vendor. • Ensure that any agent, including a vendor or subcontractor, to whom ReBIT provides access to information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the information systems. • Vendors will not copy any ReBIT’s data obtained while performing services under this RFP to any media, including hard drives, flash drives, or other electronic device, other than as expressly approved by ReBIT. • All personnel who will be part of this engagement deployed at ReBIT’s premises will need to adhere ReBIT’s security policy. • All personnel who will be part of this engagement will need to sign NDA with ReBIT. • Vendor / Bidder should carry out Background checks which includes Address, Education, past employment and criminal checks for all personnel that will be deployed at ReBIT for the implementation. • Vendor shall disclose the origin of all software components used in the product including any open source or 3rd party licensed components.
General Security Requirements. Signatory shall comply with the HIPAA Security Rule as if the HIPAA Security Rule applied to Individually Identifiable information that is TI regardless of whether Signatory is a Covered Entity or a Business Associate. Signatory shall also comply with the security requirements stated in Section 12 of this Common Agreement and specific additional requirements as described in the QTF and applicable SOPs, to the extent that such requirements are not already included in the HIPAA Security Rule, with respect to all Individually Identifiable information that is TI as if such information were Protected Health Information and Signatory were a Covered Entity or Business Associate. Notwithstanding anything else in this Section 12, none of these requirements shall apply to any federal agency or Public Health Authority.
General Security Requirements. 1. GA shall have a written, comprehensive information security program for the establishment and maintenance of a security system covering all electronic equipment, including its computers and any wireless system that, at a minimum, have the following elements:
(a) Secure user authentication protocols that include:
1. control of user IDs and other identifiers;
2. a secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;