Information Security Policy. Xxxxxx has developed and implemented, and will maintain, security policies that govern all relevant aspects of its security program, and are aligned with security industry standards. Information security policies are reviewed periodically and Xxxxxx may amend new policies as it deems reasonable to maintain protection of services and content processed therein. The Information Security Policy may be made available to customers upon request.
Information Security Policy the Vendor acknowledges the receipt of a copy of the NYSED’s Information Security Policy and agrees to adhere to the policy and any amendments thereto. NYSED will promptly forward to the Vendor a copy of any amendments [REMINDER - PLEASE ATTACH].
Information Security Policy. Supplier shall develop, publish, and implement information security policy documents. The information security policy shall state the purpose and scope of the policy, communicate management's commitment, describe management’s and workforce member's roles and responsibilities, and establish Supplier's approach to managing information security. The documents shall be reviewed at planned intervals or if significant changes occur to ensure the policies' adequacy and effectiveness.
Information Security Policy. (a) The Accredited Body must develop, document and maintain an Information Security Policy (Policy) that clearly describes how it protects information.
(b) The Policy should be supported by the Accredited Body’s senior management and be structured to include any legal framework relevant to the Policy, such as the Australian Crime Commission Act 2002 (Cth) and this Agreement.
(c) The Policy must include adequate details on how it is enforced through physical, technical and administrative controls, including details on:
(i) the type or class of information that the Policy applies;
(ii) information security roles and responsibilities relating to the Service;
(iii) security clearance requirements and its Personnel’s responsibilities;
(iv) configuration and change control;
(v) technical access controls;
(vi) staff training;
(vii) networking and connections to other systems;
(viii) physical security (including media security); and
(ix) incident management.
(d) The Accredited Body’s privacy policy must reference the Policy, in terms of how the Applicant’s Personal Information is held (as per APP 1.4(b)).
Information Security Policy. 7.2.1 Either Party to this Agreement may request a copy of the others Information Security Policy (ISP) (where it exists) when sensitive personal data is to be shared.
Information Security Policy. 1.1 The Applicant shall implement and maintain a written information security policy that specifies the technical and organisational measures it shall apply to protect the Materials it processes in accordance with this MTA against unauthorised access and/or unlawful processing. The information security policy shall also describe the measures to be taken in the event of an actual or suspected data security breach.
1.2 The Applicant shall appoint a duly skilled individual with responsibility for ensuring the security of the Materials processed by the Applicant in its organisation and for reviewing, maintaining and updating the Applicant’s information security policy.
1.3 The Applicant shall ensure authorised individuals who have access to the Materials are aware of their responsibilities for any data they handle, including appropriate training in order to fulfil their roles.
1.4 The information security policy shall also set out that:
1.4.1 information should be stored in an environment suited to its format and sensitivity, to ensure its preservation from physical harm or degradation and its security from unauthorised access;
1.4.2 data storage devices are appropriately protected and access controlled; and
1.4.3 servers, client devices and applications used for storing, accessing and analysing UK Biobank Materials are appropriately maintained with operating systems, firmware, and software within vendor supported versions where exceptions are documented with mitigations described.
Information Security Policy. Ellucian will maintain an Information Security Policy that is approved by senior management and communicated to employees and applicable third parties. The Information Security Policy will identify roles and responsibilities as well as governing principles and control objectives for information security across Ellucian’s global business operations. The Information Security Policy and will be reviewed annually and supporting standards, guidelines and procedures will be adjusted as appropriate.
Information Security Policy. Talos shall maintain a written information security policy applicable to all authorized personnel.
Information Security Policy. 1.1 The Collaborator Institution shall implement and maintain a written information security policy that specifies the technical, administrative and physical security standards it shall apply to protect the Materials it processes in accordance with this MTA.
1.2 The information security policy shall mandate the use of appropriate technical and organisational security measures in the Collaborator Institution to protect the Materials against unauthorised and unlawful processing and against damage or destruction. The information security policy shall detail the security measures set out in this Annex 2 as a minimum. It shall further describe the measures to be taken in the event of an actual or suspected Data Security Incident.
1.3 The Collaborator Institution shall appoint a duly skilled individual with responsibility for ensuring the security of the Materials processed by the Collaborator Institution in its organisation and for reviewing, maintaining and updating the Collaborator Institution’s information security policy. The information security policy shall set out measures for the Collaborator Institution’s internal IT and IT security governance and management.
1.4 The information security policy shall also set out that:
1.4.1 the Materials shall be stored throughout their existence in an environment suited to its format and sensitivity, to ensure its preservation from physical harm or degradation and its security from unauthorised access;
1.4.2 appropriate controls are implemented to ensure confidentiality, integrity and availability of data, including but not limited to anti-virus software and role-based access controls;
1.4.3 servers, client devices and applications used for storing, accessing and analysing Materials are deployed with operating systems, firmware, and software within vendor supported versions and where exceptions are documented with adequate mitigations described and auditable; and
1.4.4 encryption is in place in transit and at rest (in accordance with clause 6.1 below).
Information Security Policy. An information security policy governing how data processing, protection and privacy of personal data is ensured in compliance with relevant legislation, regulations and as required in the processor Information Security Policy, and to ensure assistance to the controller with compliance for exercising the data subjects’ rights, assistance to the controller in relation to audits and inspections, and assistance to the controller in relation to ensuring compliance with the obligations pursuant to Articles 32 – 36, are implemented. The processor’s personnel with access to personal data are subject to confidentiality obligations. The processor performs a risk assessment on processing activities before processing the personal data or launching new modules, components and features as part of Zensai’s Services and Platforms The processor retains its security documents pursuant to its retention requirements after they are no longer in effect. The processor’s Information Security Policy may be sent to the controller on request. All critical assets required for running the business are identified, have an owner and are documented in a register that is kept up-to-date by the pointed-out employer. The processor classifies personal data to help identify it and to allow for access to it to be appropriately restricted. The processor’s personnel must obtain authorisation prior to storing personal data on portable devices or remotely accessing personal data. The processor informs its personnel about relevant security procedures and their respective roles. The processor also informs its personnel of possible consequences of breaching the security rules and procedures. The processor will only use anonymous data in training. The processor’s personnel and authorised and approved third party users protect assets from unauthorised access, disclosure, modification, destruction or interference. The processor’s personnel have no physical access to physical components nor data centres for processing activities since the processor’s Services and Platforms is hosted on a cloud platform. The processor controls that vendors use industry standard processes to delete personal data when it is no longer needed.
