Information Security and Confidentiality. The Contractor and any of its subcontractors associated with this Contract will maintain reasonable and appropriate administrative, physical, and technical safeguards to ensure the integrity and confidentiality of DARS-related information and to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information in accordance with applicable federal and state laws, rules, and regulations and DARS policies and procedures.
1. Different requirements apply to different types of contractors. Requirements that may apply include, but are not limited to: i.State Vocational Rehabilitation Services Program at 34 C.F.R. Part 361; ii.Federal Early Intervention Program for Infants and Toddlers with Disabilities at
Information Security and Confidentiality. The Contractor and any of its subcontractors associated with this Contract will maintain reasonable and appropriate administrative, physical, and technical safeguards to ensure the integrity and confidentiality of DARS-related information and to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information in accordance with applicable federal and state laws, rules, and regulations and DARS policies and procedures.
1. Different requirements apply to different types of contractors. Requirements that may apply include, but are not limited to: i. State Vocational Rehabilitation Services Program at 34 C.F.R. Part 361; ii. Federal Early Intervention Program for Infants and Toddlers with Disabilities at 34 C.F.R. Part 303; iii. Texas Health and Safety Code Sections 85.113 Workplace Guidelines for State Contractors and 85.115 Confidentiality Guidelines; iv. HIPAA privacy and security rules, 45 C.F.R. parts 160, 162 and 164;
Information Security and Confidentiality. 8.1. The AppXite can demonstrate its compliance with the obligations in this DPA by maintaining the ISO 27001 Information Security Management certification, therefore, having an independent auditor’s note that AppXite’s information security practices are in conformity with ISO 27001 requirements.
8.2. The Processor shall, in order to assist the Controller to fulfil its legal obligations including but not limited to; security measures and privacy impact assessments, be obliged to take appropriate technical and organizational measures to protect the Personal Data which is Processed and shall thereby follow any written information security requirements or policies communicated by the Controller from time to time. The measures shall at least result in a level of security which is appropriate taking into consideration:
i. the technical possibilities available;
ii. the cost to implement the measures;
iii. the special risks involved with processing of personal data; and
iv. the sensitivity of the personal data.
8.3. The Processor shall maintain adequate security for the Personal Data appropriate to the risk of processing.
8.4. The Processor shall protect the Personal Data against destruction, modification, unlawful dissemination, or unlawful access. Having regard to the state of the art and the costs of implementation and taking into account the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, the technical and organizational measures to be implemented by the Processor shall include, inter alia, as appropriate:
i. the Pseudonymisation and encryption of Personal Data;
ii. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing Personal Data;
iii. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
iv. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
8.5. The Processor shall maintain a record of all categories of Processing activities carried out on behalf of the Controller. The Processor shall prepare and keep updated a description of its technical, organisational and physical measures to be and maintain compliant with the Applicable Data Protection Law.
8.6. The Processor undertakes not to, with...
Information Security and Confidentiality. 5.1. Data Processor shall be obligated to fulfil any legal obligations imposed on it regarding information security under applicable data protection laws and shall in any case take appropriate technical and organizational measures to protect the personal data which is processed.
5.2. Data Processor agrees to maintain a level of security for the Services that is in accordance with i) industry practice, (ii) applicable data protection laws (including putting in place reasonable administrative, physical, technical, organisational and other security measures to protect against unauthorized access to, or loss, destruction, unavailability or alteration of any Customer personal data processed or stored, and (iii) the latest version of Data Processor's “Standard Policies and Procedures - Information Security Overview” available at xxx.xxxxxx.xxx/xxxxxxx. Data Processor may update the Information Security Overview from time to time, provided however, that any changes will not materially degrade the information security policies and procedures in place.
5.3. Data Processor undertakes not to, without Data Controller's prior written consent, disclose or otherwise make personal data processed under this Data Processing Agreement available to any third party, except for sub-processors engaged in accordance with this data processing agreement, unless Data Processor is compelled by law so to disclose or otherwise make it available.
5.4. Data Processor shall be obliged to ensure that only such staff and other Data Processor representatives that directly require access to personal data in order to fulfil the Data Processor's obligations in accordance with this data processor agreement have access to such information. Data Processor shall ensure that such staff and other Data Processor representatives are bound by a confidentiality obligation concerning this information to the same extent as Data Processor in accordance with this data processing agreement.
Information Security and Confidentiality. 6.1. To maintain an adequate level of security for the protection of Personal Data, and without prejudice to the information security and confidentiality obligations which otherwise follows from the Agreement, Xxxx commits to the following appropriate technical and organisational measures:
(a) Data Encryption: Implement strong encryption for data at rest and in transit.
(b) Access Control: Enforce strict access controls, including multi-factor authentication and role-based access, to ensure only authorised personnel access personal data.
(c) Data Minimisation: Process and store only necessary personal data.
Information Security and Confidentiality. The Data processor undertakes to implement appropriate technical and organizational measures to ensure security of personal data being processed and undertakes to comply with any written security requirements and policies provided by the Data controller. The Data processor undertakes to protect personal data from destruction, alteration, unauthorized distribution, or unauthorized access, and from any forms of unlawful processing. The appropriate technical and organisational measures are chosen to ensure a level of security appropriate to the risk, including inter alia as appropriate: pseudonymisation of Personal Data and their encryption; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. The Data processor undertakes to ensure that it shall apply at least minimal technical and organisational measures referred to in Annex No. 1 “Personal data processing instructions” in the processing of personal data. The Data processor undertakes to take the necessary actions in order to assist the Data controller in case of a personal data breach, to mitigate its adverse effects and to immediately notify the Data controller of any incident relating to personal data and of unauthorized access to personal data in accordance with clauses 3.3-3.6 of this Agreement. The Data processor undertakes to ensure confidentiality of personal data and that the Data processor’s personnel having access to personal data: are appropriately trained to comply with the Data protection laws and the requirements established for them hereunder; properly fulfil the requirements set out herein and in the Data protection laws; are informed of the duty keep the personal data confidential; and have committed themselves to confidentiality on agreed basis or are under an appropriate statutory obligation of confidentiality. The Data processor is obliged to ensure that access to the personal data is strictly limited and granted only to the Data processor’s personnel who need access to such data to perform the duties of the Data processor under this Agreement and the Main Agreement.
Information Security and Confidentiality. 11.1 Save as is otherwise required by law or any regulatory authority (to which, if legally permissible, the Discloser will notify the Recipient as soon as practicable), each Party undertakes to the other that for the duration of this Agreement and thereafter it shall keep secret and shall not without the prior written consent of the other Party disclose to any third party except to its legal and professional advisors any Confidential Information learned by or disclosed to the recipient Party (the “Recipient”) by the other Party (the “Discloser”) pursuant to or otherwise in connection with this Agreement, except where any Confidential Information is (otherwise than by breach of this Agreement or other obligations of confidence):
11.1.1 in or subsequently enters the public domain; or
11.1.2 in or subsequently enters the possession of the Recipient other than pursuant to disclosure from the Discloser or knowing that the Confidential Information has been disclosed in breach of confidentiality;
11.1.3 provided to the Recipient’s employees, officers, representatives, subcontractors (as referred to within this Agreement or the other Party has provided written consent) or advisers who need to know such information for the purposes of carrying out the Party's obligations under this Agreement. Each Party shall procure that its employees, officers, representatives, subcontractors or advisers to whom it discloses the other Party's confidential information comply with this clause 11; and
11.1.4 required by law, a court of competent jurisdiction or any governmental or regulatory authority, provided that the Discloser informs the other Party as soon as possible.
11.2 The Supplier agrees that all Client Documents and Client Data containing or referring to Confidential Information at any time in the Supplier’s control or possession are and shall remain the property of the Client.
11.3 The Client agrees that all Supplier Documents, Supplier Data, Supplier Software, Deliverables and Pre-Existing Materials containing or referring to Confidential Information at any time whilst in the Client’s control or possession are and shall remain the property the Supplier.
11.4 The Parties undertake:
11.4.1 to exercise due care and diligence to avoid unauthorised disclosure or use of Confidential Information and any Client Documents, Client Data, Supplier Documents, Supplier Data, Supplier Software, Deliverables or Pre-Existing Materials containing or referring to it (as applicable); and...
Information Security and Confidentiality. 5.1 Data Processor shall be obligated to fulfil any legal obligations imposed on it regarding information security under applicable data protection laws and shall in any case take appropriate technical and organizational measures to protect the personal data which is processed.
5.2 For the current version of Quinyx’s Information Security Standard Policies and Procedures, see: xxxxx://xxxxx.xxxxxx.xxx/hubfs/iGoMoon2017/PDFs/Quinyx_Information_Security.pdf?t=1 523976583623.
5.3 The Data Processor undertakes not to, without the Data Controller’s prior written consent, disclose or otherwise make personal data processed under this data processor agreement available to any third party, except for sub-processors engaged in accordance with this data processor agreement.
5.4 The Data Processor shall be obliged to ensure that only such staff and other Data Processor representatives that directly require access to personal data in order to fulfil the Data Processor’s obligations in accordance with this data processor agreement have access to such information. The Data Processor shall ensure that such staff and other Data Processor representatives are bound by a confidentiality obligation concerning this information to the same extent as the Data Processor in accordance with this data processor agreement.
Information Security and Confidentiality. 6.1 Taking into account the state of the art and the costs of implementation and the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of the Data Subjects, WSP shall implement appropriate technical and organizational measures (please check Anywhere365 TOMs Document) to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(i) If appropriate, the pseudonymization and encryption of Personal Data;
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services Processing Personal Data;
(iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
6.2 In assessing the appropriate level of security, WSP shall take into account the particular risks that are presented by Processing in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted stored or otherwise Processed.
6.3 WSP shall immediately and in any event not later than 24 hours after becoming aware of it notify the Personal Data Breach to the CUSTOMER. The notification shall at least:
(i) describe the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned;
(ii) communicate the name and contact details of the data protection officer or another contact point where more information can be obtained;
(iii) describe the likely consequences of the Personal Data Breach;
(iv) describe the measures taken or proposed to be taken by WSP to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects;
(v) include any other information available to WSP which the Controller is required by Applicable Data Protection Legislation to notify to the Data Protection Authorities and/or the Data Subjects. WSP will furthermore provide the reasonable assistance requested by the CUSTOMER in order to investigate the Personal Data Breach and notify it to the Data Protection Authorities and/or the Data Subjects as required by Applicable...
Information Security and Confidentiality. 3.1 Arrangements in place for the secure exchange of information:
