Information Security Protocols. Aon uses a layered approach to information security. Aon will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) HIPPA Security Rule; (b) ISO 27001; (c) maintain a documented Information Security Program which includes annual risk assessment and management procedures; (d) maintain the principle of least privilege; (e) classify and handle all Customer data as confidential and apply the necessary security and controls to support HIPAA/HITECH Act compliance; (f) maintain commercially customary physical security and access controls for its data center(s); (g) maintain commercially customary network security controls including firewall and intrusion prevention solutions; (h) maintain commercially customary redundancy at the demark, network and system layers; (i) maintain commercially customary monitoring solutions to continually manage health and capacity of the IT infrastructure components; (j) provide data encryption in a commercially customary manner of all data transmissions; (k) require a minimum of 128-bit SSL encryption for application access and use; (l) maintain and update anti-virus program; (m) require individual user accounts and passwords for any access; (n) maintain strong password requirements for all Aon-managed accounts; (o) maintain generally acceptable user account management processes and procedures; (p) maintain industry accepted data protection program; (q) maintain whole disk encryption for all laptops; (r) deploy software security patches in accordance with generally accepted industry best practices; (s) maintain and periodically test (at least annually) a commercially customary disaster recovery plan that provides adequate system backup, technology replacement, and alternate (backup-site) site capabilities; (t) follow commercially customary hardening procedures for system/device builds; (u) conduct ongoing vulnerability management through the use of commercially customary tools; (v) conduct periodic (at least annually) third party vulnerability assessments; (w) follow Open Web Application Security Project (OWASP) methodologies, guidelines and techniques for application development; (x) follow commercially customary change and release management practices for hardware and software changes; (y) follow commerci...
Information Security Protocols. A. The DFS and Participating Agency shall comply with applicable Illinois court orders and subpoenas, Illinois and federal statutes, federal regulations, and Illinois administrative rules regarding confidential records or other information obtained by the parties to this Agreement. The records and information shall be protected by the parties to this Agreement from unauthorized disclosure. Any breach notification imposed by law shall be completed by party to this Agreement primarily responsible for said breach or improper dissemination of personally identifiable information or confidential records. Any costs resulting from a breach or improper dissemination shall be borne by the responsible party to this Agreement.
Information Security Protocols. Ventiv uses a layered approach to information security. Ventiv will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) HIPPA Security Rule; (b) ISO 27001; (c) maintain a documented Information Security Program which includes annual risk assessment and management procedures; (d) maintain the principle of least privilege; (e) classify and handle all Customer data as confidential and apply the necessary security and controls to support HIPAA/HITECH Act compliance; (f) maintain commercially customary physical security and access controls for its data center(s); (g) maintain commercially customary network security controls including firewall and intrusion prevention solutions; (h) maintain commercially customary redundancy at the demark, network and system layers;
Information Security Protocols. Ventiv uses a layered approach to information security. Ventiv will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) ISO 27001; (b) maintain a documented Information Security Program which includes annual risk assessment and management procedures;
Information Security Protocols. Our customers trust us to keep their information confidential and secure. In order to continue to retain that trust, ICS utilizes several information security protocols: • Comprehensive Employee Screening – All staff must pass a comprehensive background check which includes drug, criminal and in some cases, financial screening. • Security Clearances: Nearly 75% of our employees are cleared up to Top Secret, and our headquarters office has a Top Secret facility clearance. • Continuous Training – Security indoctrination includes a mandatory security training taken immediately after their start date and before being given sensitive access. Ongoing training is required of all staff at different intervals. • Prohibiting Unsafe Technologies - Social media platforms, including messaging and other email solutions on those platforms that purport to offer private communication tools, often do not comply with company information security requirements and can place customer information at risk. Staff are trained on what technologies should be avoided and how to configure and use approved technologies safely. • Non-Disclosure Agreements (NDAs) – ICS executes an NDA with every business partner, including but not limited to clients, teammates, vendors and every program where client information might be provided to us in order to establish the recognition, process and mutual responsibilities of receiving, utilizing and eventually disposing of such information. • Data Characterization: ICS recognizes that not all data should be treated the same. Therefore, ICS considers the following factors when granted access to sensitive or non-sensitive data. o Definitions and categorization of information types as confidential vs. public access. o Definitions of permissible uses, or copying, the receiving party can make with the confidential information. o Time limits that may or may not include an expiration date. A fixed period may be inappropriate for confidential information that has an indefinite life. • Incident Response – ICS staff are trained on what represents a potential security incident and how to respond. Reporting procedures are well defined in ICS policy manuals and procedures. ICS incident response procedures are then mapped to requirements for each client to include compliance with all applicable statutes, standards and regulations. • Segregation of Data – ICS segregates customer data into customized secure project sites. We grant access to each site to only those sta...
Information Security Protocols. SCONY ENTERPRISES has a documented HIPAA program on file, as well as, general policies and procedures with respect to handling sensitive client data. With respect to information security protocols and contractor performance while on assignment with the STATE OF FLORIDA, SCONY ENTERPRISES will adopt and advise our team members to conform to such procedures and practices advised by the STATE OF FLORIDA information technology division.
Information Security Protocols. Describe Respondent’s ability to ensure its employees protect confidential information. NTT DATA strives to earn the confidence of the clients we serve. We understand that unauthorized use or disclosure of customer data can be severely detrimental to business operations. NTT DATA’s code of conduct lays out the information security principles that every employee must follow. One of these principles is the duty to protect confidential customer information. Each year, we require all of our employees review our code of conduct, which includes our information security policy. Depending on specific requirements with respect to data security, we will also have every NTT DATA employee assigned to a State agency, sign an acknowledgement of his or her obligations to protect that agency’s data and the data of the people being served. We will provide our staff with the State’s data security rules and procedures as part of our onboarding process. In general, NTT DATA employees must review applicable security rules and procedures before starting work. They must also attend agency security briefings (if applicable). Our contract manager will reinforce protection of customer data with the candidates we assign to State agencies. Should a security incident occur, our contract manager will notify the State in writing within one business day. This notification will include a description of the incident, the information affected, and NTT DATA’s recommendations for mitigation and corrective action to make certain unauthorized use does not reoccur. We understand that if the breach of security concerns confidential personal information, we will be responsible for notifying affected persons.
Information Security Protocols. IT Security Protocol is one other area that we stay uncompromised on. We ensure that the policy standards set forth are strictly adhered to by all staff involved with various operations. Ranging from Mobile Device management that calls for strict norms against use of cell phones and portable storage / access devices to network security involving restriction to uncertified sites for prevention of malware, IT security is strictly deployed in all areas that deal with sensitive and confidential information. Further, the use of pop 3 mail services, updated / licensed software and file access limitation to authorized teams / managers are few other IT protocols that we follow all throughout the year. Infrastructure security involving bio-metrics-reader/ access-card enabled entry is also installed to generate log reports of entry/exit by staff and 24/7 video surveillance. DevCare Solutions’ procedures to timely accommodate a Customer’s designation of a job as one of special trust that requires a background screening. DevCare Solutions implements an elaborate method for requirement of high potential candidates. Our recruitment methodology employs the best of, employee referrals, own talent database and partners to source the ideal profile for the role. Hence, suitable candidates are selected, without the compromise of quality. More so, we are able to attract better resources primarily due to our lower margins on the cost factor, favoring the candidate, without having to demand flexibility on the pay scale from the client’s end. Pre-Interview
Information Security Protocols. All Presidio employees are required to complete Security Awareness training that covers information security at Presidio, incident response/reporting, handling confidential data, email/internet security, privacy, HIPAA security awareness, and security outside of Presidio. Presidio is a Federal government contractor with Department of Defense and Top Secret facility clearances that require minimum annual training. Florida Department of Management Services RFP No. 5-80101507-SA-D Information Technology Staff Augmentation Services 3rd Bid Date Due: March 19, 2019 at 1:00PM Background Screening Procedures All Presidio employees undergo background checks and receive routine security training as described above. In addition, we find that many customers also require that their own background check procedures be completed. These requests are routine to Presidio resources and we work to complete all background checks as promptly as possible including on-site visits for fingerprints, etc. Presidio conducts background investigations to meet initial clearance and background eligibility requirements. Employment background checks are performed on Presidio personnel before they are hired, and again before they are assigned to sensitive or classified work areas. In addition to the educational and work history previously mentioned, our Human Resources Department checks: • Federal Criminal Records • Motor Vehicle Records • Municipal Felony and Misdemeanor Criminal Records • National Felony Warrant Check • Public Domain Database Searches • Social Security Number Verification Presidio uses First Advantage Employment Screening to perform background checks and typically runs national criminal, social security number verification, and motor vehicle record checks. All Presidio new hires must complete a satisfactory pre-employment background check to be employed. Xxxxxxxx also performs Federal and state government level background checks as appropriate. In either case, employment with Presidio is contingent upon successful completion of a background check. The general background check consists of the following: • Identity and social security number verification • Drivers’ license/record check • National criminal record check o Only criminal convictions, guilty pleas, pleas of no contest, and deferred adjudication are considered in determining an applicant’s suitability for employment. Detention or arrest without conviction typically do not constitute valid grounds for employment d...
Information Security Protocols. Enforcing strict Information Technology (IT) security protocols is important to safeguarding confidential and protected information of our customers. Our established “Safeguarding Confidential Information” standard IT security protocols, are used to educate our employees and contractors on best practices for reducing exposure to security breaches and data loss. We ensure: • Each of our staff working onsite or offsite follows the rules and requirements set forth by our customers as stated in their employee/operational handbook or project documentation, to protect confidential information. • Each employee understands that the company’s and customer’s protected and confidential information is strictly for business use only, and failure to abide by the procedures set forth in the employee handbook will result in immediate termination from employment. • Each of our staff sign, as part of the company orientation, a Non-Disclosure and Confidentiality statement to enforce protected confidential and sensitive information. In addition to ensuring the safeguard of confidential information, our work experience with the Florida Department of Education and the Florida Department of Health has familiarized us with standards such as HIPPA and FERPA and how to best enforce these, depending on project needs.
