Information Security and Privacy Programs Clause Samples

Information Security and Privacy Programs a. Information Security Program. Contractor must maintain a company-wide Information Security Program designed to evaluate Risks to the Confidentiality, Availability, and Integrity of the County Information covered under this Contract. Contractor’s Information Security Program must include the creation and maintenance of Information Security Policies, standards, and procedures. Information Security Policies, standards, and procedures will be communicated to all Contractor employees in a relevant, accessible, and understandable form and will be regularly reviewed and evaluated to ensure operational effectiveness, compliance with all applicable laws and regulations, and addresses new and emerging Threats and Risks. Contractor must exercise the same degree of care in safeguarding and protecting County Information that the Contractor exercises with respect to its own Information and Data, but in no event less than a reasonable degree of care. Contractor will implement, maintain, and use appropriate administrative, technical, and physical security measures to preserve the Confidentiality, Integrity, and Availability of County Information. Contractor’s Information Security Program must: • Protect the Confidentiality, Integrity, and Availability of County Information in the Contractor’s possession or control; • Protect against any anticipated Threats or hazards to the Confidentiality, Integrity, and Availability of County Information; • Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of County Information; • Protect against accidental loss or destruction of, or damage to, County Information; and • Safeguard County Information in compliance with any applicable laws and regulations which apply to the Contractor.