Information Security Policy for Supplier Relationships. Information security requirements for mitigating the risks associated with supplier’s access to the Xxxxxx+Gyr’s assets are agreed with the supplier and documented.
Information Security Policy for Supplier Relationships Sample Clauses
Related to Information Security Policy for Supplier Relationships
Contractor and Employee Security Precautions The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.
Certification Regarding Business with Certain Countries and Organizations Pursuant to Subchapter F, Chapter 2252, Texas Government Code, PROVIDER certifies it is not engaged in business with Iran, Sudan, or a foreign terrorist organization. PROVIDER acknowledges this Purchase Order may be terminated if this certification is or becomes inaccurate.
Obligations and Activities of Business Associate Business Associate agrees to: a. Not use or disclose Protected Health Information other than as permitted or required by this BAA, the Agreement, or as required by law; b. Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as provided for by this BAA; c. Report to Covered Entity any Use or Disclosure of Protected Health Information not provided for by this BAA of which it becomes aware, including breaches of Unsecured Protected Health Information as required at 45 CFR 164.410, and any Security Incident of which it becomes aware; d. In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractors that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information; e. Make available Protected Health Information in a Designated Record Set to Covered Entity or to an individual whose Protected Health Information is maintained by Business Associate, or the individual’s designee, and document and retain the documentation required by 45 CFR 164.530(j), as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524; f. Make any amendment(s) to Protected Health Information in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526; g. Maintain and make available the information required to provide an accounting of Disclosures to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528; h. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and i. Make its internal practices, books, and records available to the Secretary for purposes of determining Business Associate’s or Covered Entity’s compliance with HIPAA and HIPAA Regulations.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. CONTRACTOR agrees not to use or further disclose PHI COUNTY discloses to CONTRACTOR other than as permitted or required by this Business Associate Contract or as required by law. 2. XXXXXXXXXX agrees to use appropriate safeguards, as provided for in this Business Associate Contract and the Agreement, to prevent use or disclosure of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY other than as provided for by this Business Associate Contract. 3. XXXXXXXXXX agrees to comply with the HIPAA Security Rule at Subpart C of 45 CFR Part 164 with respect to electronic PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY. 4. CONTRACTOR agrees to mitigate, to the extent practicable, any harmful effect that is known to CONTRACTOR of a Use or Disclosure of PHI by CONTRACTOR in violation of the requirements of this Business Associate Contract. 5. XXXXXXXXXX agrees to report to COUNTY immediately any Use or Disclosure of PHI not provided for by this Business Associate Contract of which CONTRACTOR becomes aware. CONTRACTOR must report Breaches of Unsecured PHI in accordance with Paragraph E below and as required by 45 CFR § 164.410. 6. CONTRACTOR agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of CONTRACTOR agree to the same restrictions and conditions that apply through this Business Associate Contract to CONTRACTOR with respect to such information. 7. CONTRACTOR agrees to provide access, within fifteen (15) calendar days of receipt of a written request by COUNTY, to PHI in a Designated Record Set, to COUNTY or, as directed by COUNTY, to an Individual in order to meet the requirements under 45 CFR § 164.524. If CONTRACTOR maintains an Electronic Health Record with PHI, and an individual requests a copy of such information in an electronic format, CONTRACTOR shall provide such information in an electronic format. 8. CONTRACTOR agrees to make any amendment(s) to PHI in a Designated Record Set that COUNTY directs or agrees to pursuant to 45 CFR § 164.526 at the request of COUNTY or an Individual, within thirty (30) calendar days of receipt of said request by COUNTY. XXXXXXXXXX agrees to notify COUNTY in writing no later than ten (10) calendar days after said amendment is completed. 9. CONTRACTOR agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by CONTRACTOR on behalf of, COUNTY available to COUNTY and the Secretary in a time and manner as determined by COUNTY or as designated by the Secretary for purposes of the Secretary determining COUNTY’S compliance with the HIPAA Privacy Rule. 10. CONTRACTOR agrees to document any Disclosures of PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, and to make information related to such Disclosures available as would be required for COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 11. CONTRACTOR agrees to provide COUNTY or an Individual, as directed by COUNTY, in a time and manner to be determined by COUNTY, that information collected in accordance with the Agreement, in order to permit COUNTY to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. 12. XXXXXXXXXX agrees that to the extent CONTRACTOR carries out COUNTY’s obligation under the HIPAA Privacy and/or Security rules CONTRACTOR will comply with the requirements of 45 CFR Part 164 that apply to COUNTY in the performance of such obligation. 13. If CONTRACTOR receives Social Security data from COUNTY provided to COUNTY by a state agency, upon request by COUNTY, CONTRACTOR shall provide COUNTY with a list of all employees, subcontractors and agents who have access to the Social Security data, including employees, agents, subcontractors and agents of its subcontractors. 14. CONTRACTOR will notify COUNTY if CONTRACTOR is named as a defendant in a criminal proceeding for a violation of HIPAA. COUNTY may terminate the Agreement, if CONTRACTOR is found guilty of a criminal violation in connection with HIPAA. COUNTY may terminate the Agreement, if a finding or stipulation that CONTRACTOR has violated any standard or requirement of the privacy or security provisions of HIPAA, or other security or privacy laws are made in any administrative or civil proceeding in which CONTRACTOR is a party or has been joined. COUNTY will consider the nature and seriousness of the violation in deciding whether or not to terminate the Agreement.
Violence Policies and Procedures The Employer agrees to have in place explicit policies and procedures to deal with violence. The policy will address the prevention of violence, the management of violent situations, provision of legal counsel and support to employees who have faced violence. The policies and procedures shall be part of the employee's health and safety policy and written copies shall be provided to each employee. Prior to implementing any changes to these policies, the employer agrees to consult with the Association.
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.
Sub-Advisor Compliance Policies and Procedures The Sub-Advisor shall promptly provide the Trust CCO with copies of: (i) the Sub-Advisor’s policies and procedures for compliance by the Sub-Advisor with the Federal Securities Laws (together, the “Sub-Advisor Compliance Procedures”), and (ii) any material changes to the Sub-Advisor Compliance Procedures. The Sub-Advisor shall cooperate fully with the Trust CCO so as to facilitate the Trust CCO’s performance of the Trust CCO’s responsibilities under Rule 38a-1 to review, evaluate and report to the Trust’s Board of Trustees on the operation of the Sub-Advisor Compliance Procedures, and shall promptly report to the Trust CCO any Material Compliance Matter arising under the Sub-Advisor Compliance Procedures involving the Sub-Advisor Assets. The Sub-Advisor shall provide to the Trust CCO: (i) quarterly reports confirming the Sub-Advisor’s compliance with the Sub-Advisor Compliance Procedures in managing the Sub-Advisor Assets, and (ii) certifications that there were no Material Compliance Matters involving the Sub-Advisor that arose under the Sub-Advisor Compliance Procedures that affected the Sub-Advisor Assets. At least annually, the Sub-Advisor shall provide a certification to the Trust CCO to the effect that the Sub-Advisor has in place and has implemented policies and procedures that are reasonably designed to ensure compliance by the Sub-Advisor with the Federal Securities Laws.
Responsibilities of Business Associate Business Associate agrees:
Responsibilities of Customer 5.1 To the extent that the Supplier requires access to the Customer Site to perform the Services, the Customer shall provide such access during Normal Business Hours and to provide a suitable work environment to enable the Supplier to perform such Services subject to the Supplier complying with such internal policies and procedures of the Customer (including those relating to security and health and safety) as may be notified to the Supplier in writing from time to time. 5.2 The Customer shall co-operate with the Supplier in all matters relating to the Services and shall appoint a Representative (“Customer Representative”), who shall have authority to commit the Customer on all matters relating to the relevant Service. 5.3 The Customer agrees and acknowledges the terms of the applicable Licence Agreements, Customer Agreement and that such terms shall form part of this Agreement. For the avoidance of doubt, in the event the applicable Licence Agreements and/or Customer Agreement is not applicable to the Services being received or delivered by the Supplier to the Customer under this Agreement, such agreements shall not apply. 5.4 Customer shall; (a) adhere to the Acceptable Use Policy; (b) be a bona fide licenced user of all Third-Party Software used in the provision of the Services; (c) co-operate with the Supplier in all matters relating to the Services as reasonably requested by the Supplier; (d) adhere to the dates scheduled for provision of Services by the Supplier to the Customer as stated in the applicable Statement of Work or otherwise agreed between the Parties in writing. In the event the Customer wishes to reschedule or cancel the dates for the provision of Services, liquidated damages (“Liquidated Damages”) will become payable from the Customer to Supplier on the following basis: (i) If dates are changed or cancelled at the Customer’s request more than 14 days before the scheduled start date no Liquidated Damages are payable. (ii) If dates are changed or cancelled between 7 days and 14 days before the scheduled start date Liquidated Damages equivalent to 50% of the Fees for the Services to be provided at that time will be payable. (iii) If dates are changed or cancelled less than 7 days before the scheduled start date Liquidated Damages equivalent to 100% of the Fees for the Services to be provided at that time will be payable. (e) inform the Supplier of all health and safety rules and regulations and any other reasonable security requirements that apply at any of the Customer’s premises; (f) in respect of any Microsoft funded services, sign and deliver the Microsoft Proof of Execution (XXX) within 7 days of the date of issue by Microsoft. In the event that the Customer does not return the XXX within the 7 days’ notice period, the Supplier may be entitled to charge the Customer the amounts directly and the Customer shall follow the payment terms in this Agreement.; (g) maintain continuous global admin access to the Customer’s relevant Microsoft (h) Where a Microsoft Cloud service is deployed / utilised within the project the Customer shall assign the Supplier to be the Digital Partner of Record for a minimum of twelve (12) months from project completion date; (i) provide appropriate hardware interface, software and access authorisation to enable remote diagnosis, should such capability be required; (j) provide all information and make available all resources as reasonably requested by Supplier in the execution of its obligations under this Agreement; (k) use all reasonable efforts to follow the reasonable instructions of Supplier support personnel with respect to the resolution of defects; (l) gather all relevant information prior to requesting assistance in respect of any defects including detailed defect description, and procedures required to replicate a problem if possible. Any additional information which may help in the diagnosis of a defect should be included such as network configuration details; (m) agree that if, in the course of performing the Services, it is reasonably necessary for the Supplier’s performance of its obligations under a Statement of Work for Supplier to access or use any equipment, software or data of the Customer (or which is in the possession of the Customer) then it shall where it is able to do so grant to Supplier a non-exclusive, royalty free, terminable licence to use the same solely for the purpose of delivering the Services only for as long as is strictly necessary to deliver such Services; and (n) provide network and user access between Customer’s and Supplier’s data centres. 5.5 To the extent that the Supplier requires access to the Customer’s Operating Environment to perform the Dedicated Support, the Customer shall use reasonable endeavours to provide such access during Normal Business Hours and to provide a suitable work environment to enable the Supplier to perform such Dedicated Support subject to the Supplier complying with such internal policies and procedures of the Customer (including those relating to security and health and safety) as may be notified to the Supplier in writing from time to time. 5.6 The Customer shall (unless otherwise specified in the Statement of Work or as otherwise set out in this Agreement): (a) use the Services only for lawful purposes and in accordance with this Agreement; (b) keep secure from third parties any passwords issued to the Customer by the Supplier; (c) install or, permit the Supplier to install, the current version of software required to provide the Dedicated Support from time to time when upgrades or fixes occur and to provide a reasonable level of assistance in implementation and testing; (d) provide notice of intention to change applicable Customer-side Equipment or Customer Operating Environment or data-feeds that will directly impact the Dedicated Support; (e) comply with all applicable laws and regulations with respect to its activities under this Agreement, including those set out in Clause 20; (f) carry out all other Customer responsibilities set out in this Agreement and the Statement of Work in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the Parties, the Supplier may adjust any timetable or delivery schedule set out in this Agreement as reasonably necessary; (g) use the Third-Party Software and/or Software correctly in accordance with its operating instructions; (h) notify Supplier promptly of any problems with the Third-Party Software and/or Software; and (i) use only versions of the Third-Party Software and/or Software covered by Microsoft in mainstream or extended support unless otherwise agreed in writing. 5.7 In the event that the Customer is in breach of its obligations under the Agreement (excluding payment obligations) then the Supplier shall provide written notice of such breach, specifying in detail the nature of the breach and providing thirty (30) Business Days’ notice to remedy such breach if capable of remedy. If the Customer fails to remedy such breach the Supplier shall be entitled to terminate or suspend the Services without prejudice to any pre-existing rights and obligations of either Party. The Supplier shall have no liability or responsibility should the Services fail to comply with the Statement of Work and/or Service Level Agreements as a direct result of the Customer (including without limitation any of its employees, subcontractors or any of its staff) being in breach of the Agreement. 5.8 In the event that the Customer is in breach of its payment obligations under the Agreement then the Supplier shall provide written notice of such breach, specifying in detail the nature of the breach and providing thirty (30) days notice to remedy such breach if capable of remedy. If the Customer fails to remedy such breach the Supplier shall be entitled to terminate or suspend the Services without prejudice to any pre- existing rights and obligations of either Party. The Supplier shall have no liability or responsibility should the Services fail to comply with the Statement of Work and/or Service Level Agreements as a direct result of the Customer (including without limitation any of its employees, subcontractors or any of its staff) being in breach of the Agreement.
Information and Services Required of the Owner The Owner shall provide information with reasonable promptness, regarding requirements for and limitations on the Project, including a written program which shall set forth the Owner’s objectives, constraints, and criteria, including schedule, space requirements and relationships, flexibility and expandability, special equipment, systems, sustainability and site requirements.
