HHS-OCIO Information Systems Security and Privacy Policy (xxxx Sample Clauses

HHS-OCIO Information Systems Security and Privacy Policy (xxxx xxx.xxx.xxx/ocio/policy/#Security)‌‌‌‌‌‌‌ 2. HHS HSPD-12 Policy Document, v. 2.0 (xxxx://xxx.xxxxxxxxxx.xxx/sites/default/files/omb/assets/omb/memoranda/fy200 5/m05-24.pdf)‌‌
Sample 1Sample 2Sample 3See All (11)
AutoNDA by SimpleDocs

Related to HHS-OCIO Information Systems Security and Privacy Policy (xxxx

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Data Security and Privacy (a) Each Group Member is, and at all times, has been, in compliance in all material respects with (i) all applicable Data Protection Laws, including, to the extent applicable, but not limited to the GDPR and those relating to cross-border transfers; (ii) all applicable contractual obligations of each Loan Party and its Subsidiaries concerning data privacy and security relating to Personal Data in the possession or control of any Group Member or maintained by third parties on behalf of such Group Member and having access to such information under contracts (or portions thereof) to which a Group Member is a party; and (iii) all applicable data transfer agreements and data processing agreements, including the EU standard contractual clauses, to which a Group Member is a party (collectively, “Privacy Agreements”): (b) Each Group Member is, and has been, in compliance in all material respects with all applicable prior and current written internal and public-facing privacy policies and notices of the Group Members regarding the collection, retention, use, processing, disclosure and distribution of Personal Data by the Group Members or their respective agents (collectively, the “Privacy Policies”), and the Privacy Policies have been maintained to be consistent in all material respects with the actual practices of each Group Member. The Privacy Policies contemplate the Group Members’ current uses of the Personal Data, and to the extent required under applicable Data Protection Laws, each Group Member has sought and obtained the appropriate consent from the applicable data subject for such uses. The Privacy Policies have made all material disclosures to users, customers, employees, or other individuals required by Data Protection Laws. (c) Each Group Member has implemented and maintains a commercially reasonable security program (“Security Program”) that (i) complies in all material respects with all applicable Data Protection Laws, applicable Privacy Policies, and applicable Privacy Agreements, and (ii) includes commercially reasonable administrative, technical, organization, and physical security procedures and measures designed to preserve the security and integrity of all Personal Data and any other sensitive or confidential information or data related to each Group Member (collectively, “Company Sensitive Information”) in such Group Member’s possession or control and to protect such Company Sensitive Information against unauthorized or unlawful processing, access, acquisition, use, theft, interruption, modification, disclosure, loss, destruction or damage. (d) Except as disclosed on Schedule 4.23(d), there has been (i) no actual, suspected or alleged (in writing) incidents of unauthorized access, use, intrusion, disclosure or breach of the security of any information technology systems owned or controlled by a Group Member or any of their contractors and used by such contractors on behalf of a Group Member, and (ii) no actual, suspected or alleged (in writing) incidents of unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration, or use of any Company Sensitive Information, in each case that could reasonably be expected to cause a Material Adverse Effect. (e) Each Group Member has a valid and legal right (whether contractually, by applicable law or otherwise) to access or use all Personal Data that is accessed and used by or on behalf of a Group Member in connection with the sale, use and/or operation of their products, services and businesses. (f) Except as would not reasonably be expected to have a Material Adverse Effect, there is no pending or to the knowledge of any Loan Party, threatened in writing, complaints, claims, demands, inquiries, proceedings, or other notices, including any notices of any investigation or other legal proceedings, regarding a Group Member, initiated by (i) any Governmental Authority, including the United States Federal Trade Commission, a state attorney general, data protection authority or similar state official, or a supervisory authority; (ii) any counterparty to, or subject of, a Privacy Agreement; or (iii) any self-regulatory authority or entity, alleging that any activity of a Group Member: (1) is in violation of any applicable Data Protection Laws, (2) is in violation of any Privacy Agreements, (3) is in violation of any Privacy Policies or (4) is otherwise in violation of any person’s privacy, personal or confidentiality rights.

  • Network Security and Privacy Liability Insurance During the term of this Contract, Supplier will maintain coverage for network security and privacy liability. The coverage may be endorsed on another form of liability coverage or written on a standalone policy. The insurance must cover claims which may arise from failure of Supplier’s security resulting in, but not limited to, computer attacks, unauthorized access, disclosure of not public data – including but not limited to, confidential or private information, transmission of a computer virus, or denial of service. Minimum limits: $2,000,000 per occurrence $2,000,000 annual aggregate Failure of Supplier to maintain the required insurance will constitute a material breach entitling Sourcewell to immediately terminate this Contract for default.

  • CONFIDENTIALITY AND PRIVACY POLICIES AND LAWS The Contractor shall comply to the extent applicable with all State and Authorized User policies regarding compliance with various confidentiality and privacy laws, rules and regulations, including but not limited to the IRS Publication 1075, Family Educational Rights and Privacy Act (FERPA), the Health Insurance and Portability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Contractor shall cooperate in executing a written confidentiality agreement under FERPA and/or a Business Associate Agreement (HIPAA/HITECH) or other contractual provisions upon request by the State or any Authorized User.

  • Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.

  • Privacy Policy The Provider must publicly disclose material information about its collection, use, and disclosure of Student Data, including, but not limited to, publishing a terms of service agreement, privacy policy, or similar document.

  • Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!