Information Security. IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.
Information Security. 11.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") as set forth herein on the DXC Supplier Portal at: (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS.
11.2 (Intentionally Omitted).
11.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing.
11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products.
11.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.
11.6 DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (includin...
Information Security. 10.1 The Transfer Agent shall maintain reasonable safeguards for maintaining in confidence any and all Fund Confidential Information, including, without limitation, the policies and procedures described in Section 10.2. The Transfer Agent shall not, at any time, use any such Fund Confidential Information for any purpose other than as specifically authorized by this Agreement, or in writing by the Fund.
10.2 The Transfer Agent has implemented and maintains, and at a minimum agrees to comply with and continue to comply with, at each service location physical and information security and data protection safeguards against the destruction, loss, theft, unauthorized access, unauthorized use, or alteration of the Fund’s Confidential Information in the possession of the Transfer Agent that will be no less rigorous than those described in the Information Security Schedule attached hereto as Schedule 10.2, and from time to time enhanced in accordance with changes in regulatory requirements. The Transfer Agent will, at a minimum, update its policies to remain compliant with applicable regulatory requirements, including, without limitation, the GLB Act and the Mass Privacy Act. The Transfer Agent will meet with the Fund, at its request, on an annual basis to discuss information security safeguards. If the Transfer Agent or its agents discover or are notified that someone has violated security relating to the Fund’s Confidential Information the Transfer Agent will promptly (a) notify the Fund of such violation, and (b) if the applicable Confidential Information was in the possession or under the control of the Transfer Agent or its agents at the time of such violation, the Transfer Agent will promptly (i) investigate, contain and address the violation, (ii) provide the Funds with information on the steps being taken to reduce the risk of a reoccurrence of such violation, and (iii) without limiting (and subject to) Sections 7 and 8 of this Agreement, if requested by the Fund based on the facts and circumstances of the incident, provide credit monitoring, or other similar services or remedies as required by applicable law, for a one-year period (or such shorter or longer period required by applicable law) to Shareholders or others affected by the violation. .
Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and Xxxxx’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.
Information Security. The Transfer Agent has implemented and maintains at each service location physical and information security and data protection safeguards against the destruction, loss, theft, unauthorized access, unauthorized use, or alteration of the Fund’s Confidential Information, including Customer Information, in the possession of the Transfer Agent that will be no less rigorous than those in place at the Effective Date of this Agreement, and from time to time enhanced in accordance with changes in regulatory requirements. The Transfer Agent will, at a minimum, update its policies to remain compliant with applicable regulatory requirements, including those under the GLB Act and the Mass Privacy Act. The Transfer Agent will meet with the Fund, at its request, on an annual basis to discuss information security safeguards
Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services.
a. Each occurrence - $1,000,000
b. Network Security/Privacy Liability - $1,000,000
c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate
Information Security. Hitachi will comply with its global standards for information security, which will be provided to You at Your request.
Information Security. The Custodian has implemented information security controls and procedures reasonably designed to protect the information and data owned and/or used by the Custodian applicable to a Fund. Upon reasonable request, the Custodian shall discuss with senior management of the Funds such controls and procedures and/or provide a high-level presentation summarizing such controls and procedures.
Information Security. In order to provide sufficient protection for the confidentiality, integrity, and effective availability of information and resources and methods associated with it, the Contractor undertakes to comply with the requirements, details, and obligations with respect to information security described in the annex “Information Security Requirements & Technical and Organizational Measures for Data Protection” to the order.
Information Security. 8.1 The Supplier acknowledges and agrees that, in the course of providing the Services, the Supplier may receive, have access to, control over, or custody of Confidential Information, Materials, Personal Information and Data. In circumstances where this occurs, the Supplier shall comply with the terms and conditions set forth in this Agreement, including Section
8.2 below, in its collection, receipt, transmission, retention, storage, use, disclosure and disposal of Confidential Information, Materials, Personal Information and Data, (collectively in this Section 8 “Use”) and be responsible for any unlawful or unauthorized Use or Mishandling of Confidential Information, Materials, Personal Information or Data it receives, has access to, or which is under its control or custody (or the temporary control or custody of a subcontractor), to the extent such unlawful or unauthorized Use arises out of or is related to the Supplier’s or any employee, director, officer, agent, service provider, supplier or subcontractor of the Supplier, negligent act or omission, or failure to act in accordance with the terms of this Agreement.