Information Security Policies and Measures
Information Security Policies and Measures Sample Clauses
Related to Information Security Policies and Measures
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.
Security Policies IBM maintains privacy and security policies that are communicated to IBM employees. IBM requires privacy and security training to personnel who support IBM data centers. We have an information security team. IBM security policies and standards are reviewed and re-evaluated annually. IBM security incidents are handled in accordance with a comprehensive incident response procedure.
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.
Information Services Traffic 5.1 For purposes of this Section 5, Voice Information Services and Voice Information Services Traffic refer to switched voice traffic, delivered to information service providers who offer recorded voice announcement information or open vocal discussion programs to the general public. Voice Information Services Traffic does not include any form of Internet Traffic. Voice Information Services Traffic also does not include 555 traffic or similar traffic with AIN service interfaces, which traffic shall be subject to separate arrangements between the Parties. Voice Information services Traffic is not subject to Reciprocal Compensation charges under Section 7 of the Interconnection Attachment. 5.2 If a D&E Customer is served by resold Verizon Telecommunications Service or a Verizon Local Switching UNE, subject to any call blocking feature used by D&E, to the extent reasonably feasible, Verizon will route Voice Information Services Traffic originating from such Service or UNE to the Voice Information Service platform. For such Voice Information Services Traffic, unless D&E has entered into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers, D&E shall pay to Verizon without discount the Voice Information Services provider charges. D&E shall pay Verizon such charges in full regardless of whether or not it collects such charges from its own Customers. 5.3 D&E shall have the option to route Voice Information Services Traffic that originates on its own network to the appropriate Voice Information Services platform(s) connected to Verizon’s network. In the event D&E exercises such option, D&E will establish, at its own expense, a dedicated trunk group to the Verizon Voice Information Service serving switch. This trunk group will be utilized to allow D&E to route Voice Information Services Traffic originated on its network to Verizon. For such Voice Information Services Traffic, unless D&E has entered into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers, D&E shall pay to Verizon without discount the Voice Information Services provider charges. 5.4 D&E shall pay Verizon such charges in full regardless of whether or not it collects charges for such calls from its own Customers. 5.5 For variable rated Voice Information Services Traffic (e.g., NXX 550, 540, 976, 970, 940, as applicable) from D&E Customers served by resold Verizon Telecommunications Services or a Verizon Local Switching Network Element, D&E shall either (a) pay to Verizon without discount the Voice Information Services provider charges, or (b) enter into an arrangement with Verizon to xxxx and collect Voice Information Services provider charges from D&E’s Customers. 5.6 Either Party may request the other Party provide the requesting Party with non discriminatory access to the other party’s information services platform, where such platform exists. If either Party makes such a request, the Parties shall enter into a mutually acceptable written agreement for such access. 5.7 In the event D&E exercises such option, D&E will establish, at its own expense, a dedicated trunk group to the Verizon Information Service serving switch. This trunk group will be utilized to allow D&E to route information services traffic originated on its network to Verizon.
Information Technology Enterprise Architecture Requirements If this Contract involves information technology-related products or services, the Contractor agrees that all such products or services are compatible with any of the technology standards found at xxxxx://xxx.xx.xxx/iot/2394.htm that are applicable, including the assistive technology standard. The State may terminate this Contract for default if the terms of this paragraph are breached.
Operations Manual The Franchisor agrees to loan to the Franchisee one or more manuals, technical bulletins, cookbooks and recipes and other written materials (collectively referred to as “Operations Manual”) covering Factory Candy ordering, Store Candy manufacturing, processing and stocking and other operating and in-store marketing techniques for the ROCKY MOUNTAIN CHOCOLATE FACTORY Store. The Franchisee agrees that it shall comply with the Operations Manual as an essential aspect of its obligations under this Agreement, that the Operations Manual shall be deemed to be incorporated herein by reference and failure by the Franchisee to substantially comply with the Operations Manual may be considered by the Franchisor to be a breach of this Agreement.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.
Bilateral Safeguard Measures 1. Where, as a result of the reduction or elimination of a customs duty under this Agreement, any product originating in a Party is being imported into the territory of another Party in such increased quantities, in absolute terms or relative to domestic production, and under such conditions as to constitute a substantial cause of serious injury or threat thereof to the domestic industry of like or directly competitive products in the territory of the importing Party, the importing Party may take bilateral safeguard measures to the minimum extent necessary to remedy or prevent the injury, subject to the provisions of paragraphs 2 to 10. 2. Bilateral safeguard measures shall only be taken upon clear evidence that increased imports have caused or are threatening to cause serious injury pursuant to an investigation in accordance with the procedures laid down in the WTO Agreement on Safeguards. 3. The Party intending to take a bilateral safeguard measure under this Article shall immediately, and in any case before taking a measure, make notification to the other Parties and the Joint Committee. The notification shall contain all pertinent information, which shall include evidence of serious injury or threat thereof caused by increased imports, a precise description of the product involved and the proposed measure, as well as the proposed date of introduction, expected duration and timetable for the progressive removal of the measure. A Party that may be affected by the measure shall be offered compensation in the form of substantially equivalent trade liberalisation in relation to the imports from any such Party. 4. If the conditions set out in paragraph 1 are met, the importing Party may take measures consisting in increasing the rate of customs duty for the product to a level not to exceed the lesser of: (a) the MFN rate of duty applied at the time the action is taken; or (b) the MFN rate of duty applied on the day immediately preceding the date of the entry into force of this Agreement. 5. Bilateral safeguard measures shall be taken for a period not exceeding one year. In very exceptional circumstances, after review by the Joint Committee, measures may be taken up to a total maximum period of three years. No measure shall be applied to the import of a product which has previously been subject to such a measure. 6. The Joint Committee shall within 30 days from the date of notification examine the information provided under paragraph 3 in order to facilitate a mutually acceptable resolution of the matter. In the absence of such resolution, the importing Party may adopt a measure pursuant to paragraph 4 to remedy the problem, and, in the absence of mutually agreed compensation, the Party against whose product the measure is taken may take compensatory action. The bilateral safeguard measure and the compensatory action shall be immediately notified to the other Parties and the Joint Committee. In the selection of the bilateral safeguard measure and the compensatory action, priority must be given to the measure which least disturbs the functioning of this Agreement. The compensatory action shall normally consist of suspension of concessions having substantially equivalent trade effects or concessions substantially equivalent to the value of the additional duties expected to result from the bilateral safeguard measure. The Party taking compensatory action shall apply the action only for the minimum period necessary to achieve the substantially equivalent trade effects and in any event, only while the measure under paragraph 4 is being applied. 7. Upon the termination of the measure, the rate of customs duty shall be the rate which would have been in effect but for the measure. 8. In critical circumstances, where delay would cause damage which would be difficult to repair, a Party may take a provisional emergency measure pursuant to a preliminary determination that there is clear evidence that increased imports constitute a substantial cause of serious injury, or threat thereof, to the domestic industry. The Party intending to take such a measure shall immediately notify the other Parties and the Joint Committee thereof. Within 30 days of the date of the notification, the procedures set out in paragraphs 2 to 6, including for compensatory action, shall be initiated. Any compensation shall be based on the total period of application of the provisional emergency measure and of the emergency measure. 9. Any provisional measure shall be terminated within 200 days at the latest. The period of application of any such provisional measure shall be counted as part of the duration of the measure set out in paragraph 5 and any extension thereof. Any tariff increases shall be promptly refunded if the investigation described in paragraph 2 does not result in a finding that the conditions of paragraph 1 are met. 10. Five years after the date of entry into force of this Agreement, the Parties shall review in the Joint Committee whether there is need to maintain the possibility to take safeguard measures between them. If the Parties decide, after the first review, to maintain such possibility, they shall thereafter conduct biennial reviews of this matter in the Joint Committee.
