Security Policy for Contractors 1. The Department for Work and Pensions treats its information as a valuable asset and considers that it is essential that information must be protected, together with the systems, equipment and processes which support its use. These information assets may include data, text, drawings, diagrams, images or sounds in electronic, magnetic, optical or tangible media, together with any Personal Data for which the Department for Work and Pensions is the Data Controller.
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Contractor and Employee Security Precautions A. The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.
Business Associate’s Subcontractors and Agents BA shall ensure that any agents and subcontractors that create, receive, maintain or transmit Protected Information on behalf of BA, agree in writing to the same restrictions and conditions that apply to BA with respect to such Protected Information and implement the safeguards required by paragraph 3.4 above with respect to Electronic PHI [45 C.F.R. Section 164.504(e)(2)(ii)(D); 45 C.F.R. Section 164.308(b)] BA shall implement and maintain sanctions against agents and subcontractors that violate such restrictions and conditions and shall mitigate the effects of any such violation [45 C.F.R. Sections 164.530(f) and 164.530(e)(1)].
SECURITY POLICIES AND NOTIFICATIONS State Security Policies and Procedures The Contractor and its personnel shall review and be familiar with all State security policies, procedures and directives currently existing or implemented during the term of the Contract, including ITS Policy NYS-P03-002 Information Security Policy (or successor policy). Security Incidents Contractor shall address any Security Incidents in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy (or successor policy), including the New York State Cyber Incident Reporting Procedures incorporated therein or in such successor policy.
Security Policies IBM maintains privacy and security policies that are communicated to IBM employees. IBM requires privacy and security training to personnel who support IBM data centers. We have an information security team. IBM security policies and standards are reviewed and re-evaluated annually. IBM security incidents are handled in accordance with a comprehensive incident response procedure.
Subcontractor Insurance In accord with Good Utility Practice, each Interconnected Entity shall require each of its subcontractors to maintain and provide evidence of insurance coverage of types, and in amounts, commensurate with the risks associated with the services provided by the subcontractor. Bonding of contractors or subcontractors shall be at the hiring Interconnected Entity’s discretion, but regardless of bonding, the hiring principal shall be responsible for the performance or non- performance of any contractor or subcontractor it hires.
HHSC and Contractor Agreements HHSC and Contractor hereby agree:
Special Claims Made Policy Form Provisions CONTRACTOR shall not provide a Commercial General Liability (Claims Made) policy without the express prior written consent of COUNTY, which consent, if given, shall be subject to the following conditions:
Subcontractor Insurance Requirements Consultant shall require each of its subcontractors that perform Services under this Agreement to maintain insurance coverage that meets all of the requirements of this Section.
