Information Security Audits Sample Clauses

Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied.
Sample 1Sample 2Sample 3See All (16)
AutoNDA by SimpleDocs
Information Security Audits. During the term of this Agreement, and for one (1) year following termination:
Sample 1Sample 2Sample 3See All (7)
Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with City. All audit findings must be remedied. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program. Protected Health Information. Contractor, all subcontractors, all agents and employees of Contractor, and any subcontractor shall comply with all federal and state laws regarding the transmission, storage and protection of all PHI disclosed to Contractor by City in the performance of this Agreement. Contractor agrees that any failure of Contactor to comply with the requirements of federal and/or state and/or local privacy laws shall be a material breach of the Contract. In the event that City pays a regulatory fine, and/or is assessed civil penalties or damages through private rights of action, based on an impermissible use or disclosure of PHI given to Contractor or its subcontractors or agents by City, Contractor shall indemnify City for the amount of such fine or penalties or damages, including costs of notification. In such an event, in addition to any other remedies available to it under equity or law, City may terminate the Agreement.
Sample 1Sample 2See All (4)
Information Security Audits. During the term of this Agreement, and for one (1) year following termination Lender may provide prior written notice to Servicer or the intent to review the summary of the information security program, at Servicer’s Headquarters, upon reasonable notice of not less than 30 days.
Sample 1Sample 2
Information Security Audits. The Contractor must contract with a third -party to perform a yearly Information Security Audits of their primary and backup datacenter. All findings must be remedied. Included must be an outside penetration/vulnerability test as well as putting the third-party directly on the internal network for the third-party to provide internal penetration and vulnerability tests. The summary results of the audits must be shared with the City. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program. Payment Card Industry (“PCI”) Requirements. Contractors providing services and products that handle, transmit or store cardholder data, are subject to the following requirements: Applications shall be compliant with the Payment Application Data Security Standard (PA-DSS) and validated by a Payment Application Qualified Security Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must then be listed on the PCI Councils list of PA-DSS approved and validated payment applications. Gateway providers shall have appropriate Payment Card Industry Data Security Standards (PCI DSS) certification as service providers (xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxx.xxxxx). Compliance with the PCI DSS shall be achieved through a third-party audit process. The Contractor shall comply with Visa Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP) programs. For any Contractor that processes PIN Debit Cards, payment card devices supplied by Contractor shall be validated against the PCI Council PIN Transaction Security (PTS) program. For items 11.4.1 to 11.4.3 above, Contractor shall provide a letter from their qualified security assessor (QSA) affirming their compliance and current PCI or PTS compliance certificate. Contractor shall be responsible for furnishing City with an updated PCI compliance certificate 30 calendar days prior to its expiration. Bank Accounts. Collections that represent funds belonging to the City and County of San Francisco shall be deposited, without detour to a third-party’s bank account, into a City and County of San Francisco bank account designated by the Office of the Treasurer and Tax Collector.
Sample 1
Information Security Audits. Contractor will provide PCI Level 4 attestation for any Point-of-Sale systems owned and installed by Contractor on-site at customer sites.
Sample 1
Information Security Audits. If Contractor will be hosting data on behalf of the City, Contractor must contract with an independent third-party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied.
Sample 1
AutoNDA by SimpleDocs
Information Security Audits. Provider shall procure no less than annual security audits of the Facilities by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards no later than December, 2008. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 7.1.8. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities in Safeguards or otherwise in any Facilities; and (b) if so, the nature of each vulnerability discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities.
Sample 1
Information Security Audits. Provider shall procure no less than annual security audits of their data centers by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards as the same may be amended, modified, supplemented, or superseded from time to time. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 8.8 (Cardholder Information) hereto. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities, inadequacies, or insufficiencies in or breaches of Safeguards or otherwise in any Facilities; and (b) if so, the nature of each such vulnerability, inadequacy, insufficiency or breach discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability inadequacy, insufficiency or breach at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities inadequacies, insufficiencies or breaches.
Sample 1

Related to Information Security Audits

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!