INFORMATION SECURITY PLAN REQUIREMENTS Sample Clauses
The INFORMATION SECURITY PLAN REQUIREMENTS clause sets out the obligations for a party, typically a service provider or contractor, to establish and maintain a comprehensive plan for protecting sensitive information. This clause usually requires the party to implement specific security measures, such as data encryption, access controls, regular security assessments, and incident response protocols, to safeguard data handled under the agreement. Its core function is to ensure that all parties adhere to industry-standard security practices, thereby reducing the risk of data breaches and ensuring compliance with relevant laws and regulations.
INFORMATION SECURITY PLAN REQUIREMENTS. If Contractor cannot provide evidence of its Information Security Plan as required in Section 28.0(f)(2)a above, Contractor shall provide the following assurances to the Department:
INFORMATION SECURITY PLAN REQUIREMENTS. (1) Contractor will develop, implement, and maintain a comprehensive Information Security Plan that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards. The safeguards contained in such program must be consistent with the safeguards for protection of Confidential Information and information of a similar character set forth in any state or federal regulations by which the person who owns or licenses such information may be regulated.
(2) Without limiting the generality of the foregoing, every comprehensive Information Security Plan will include, but not be limited to:
a. Designating one or more employees to maintain the comprehensive Information Security Plan;
b. Identifying and assessing internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing Confidential Information and of ETF Information Resources, and evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks, including but not limited to:
c. Ongoing employee (including temporary and contract employee) training;
d. Employee compliance with policies and procedures; and
e. Means, including Contractor staff, processes, and technology, for detecting information system intrusions, Data Breaches, and anomalous system behavior or activity, and for preventing security breaches, intrusions, or unauthorized access to information systems or networks.
f. Developing security policies for employees relating to the storage, access and transportation of records containing Confidential Information outside of business premises.
g. Imposing disciplinary measures for violations of the comprehensive Information Security Plan rules.
h. Preventing terminated employees from accessing records containing Confidential Information and/or ETF Information Resources.
i. Overseeing service providers, by: --Taking reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures to protect such Confidential Information and ETF Information Resources consistent with all applicable laws and regulations; and --Requiring such third-party service providers by contract to implement and maintain such appropriate security measures for Confidential Information.
j. Placing reasonable restrictions upon physical access to records containing Confidential Information and ETF Information Resources and...
INFORMATION SECURITY PLAN REQUIREMENTS. Contractor will develop, implement, and maintain a comprehensive Information Security Plan that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards. The safeguards contained in the Information Security Plan must be consistent with the safeguards for protection of Confidential Information and information of a similar character set forth in any state or federal regulations by which the person who owns or licenses such information may be regulated.