Information Security Protocols. Ventiv uses a layered approach to information security. Ventiv will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) HIPPA Security Rule; (b) ISO 27001; (c) maintain a documented Information Security Program which includes annual risk assessment and management procedures; (d) maintain the principle of least privilege; (e) classify and handle all Customer data as confidential and apply the necessary security and controls to support HIPAA/HITECH Act compliance; (f) maintain commercially customary physical security and access controls for its data center(s); (g) maintain commercially customary network security controls including firewall and intrusion prevention solutions; (h) maintain commercially customary redundancy at the demark, network and system layers;
(i) maintain commercially customary monitoring solutions to continually manage health and capacity of the IT infrastructure components; (j) provide data encryption in a commercially customary manner of all data transmissions;
(k) require a minimum of 128-bit SSL encryption for application access and use; (l) maintain and update anti-virus program; (m) require individual user accounts and passwords for any access; (n) maintain strong password requirements for all Ventiv-managed accounts; (o) maintain generally acceptable user account management processes and procedures; (p) maintain industry accepted data protection program; (q) maintain whole disk encryption for all laptops; (r) deploy software security patches in accordance with generally accepted industry best practices; (s) maintain and periodically test (at least annually) a commercially customary disaster recovery plan that provides adequate system backup, technology replacement, and alternate (backup-site) site capabilities; (t) follow commercially customary hardening procedures for system/device builds; (u) conduct ongoing vulnerability management through the use of commercially customary tools; (v) conduct periodic (at least annually) third party vulnerability assessments; (w) follow Open Web Application Security Project (OWASP) methodologies, guidelines and techniques for application development; (x) follow commercially customary change and release management practices for hardware and software changes;
Information Security Protocols. A. The DFS and Participating Agency shall comply with applicable Illinois court orders and subpoenas, Illinois and federal statutes, federal regulations, and Illinois administrative rules regarding confidential records or other information obtained by the parties to this Agreement. The records and information shall be protected by the parties to this Agreement from unauthorized disclosure. Any breach notification imposed by law shall be completed by party to this Agreement primarily responsible for said breach or improper dissemination of personally identifiable information or confidential records. Any costs resulting from a breach or improper dissemination shall be borne by the responsible party to this Agreement.
B. The DFS will deploy and maintain its internal Laboratory Information Management System (LIMS), as well as the websites it makes available to the Participating Agency, utilizing information technology providers that are required by the DFS to adhere to the Federal Bureau of Investigation’s current Criminal Justice Information Services (CJIS) Security Policy.
C. The Participating Agency shall only utilize computer and telecommunications systems that are permanently maintained within its physically secure locations to access secure websites designated by the DFS.
D. The DFS shall ensure its websites follow required CJIS Security Policy protocols relating to information security and encrypted communication.
E. When the DFS makes multi-factor authentication available and Participating Agency elects to utilize it, they may access DFS websites from devices that are not permanently maintained within physically secure location. Alternatively, if the Participating Agency has already implemented multi-factor authentication on its mobile devices in accordance with Sections 5.6 and 5.13 of the CJIS Security Policy, they may utilize these devices if permission is obtained from the Illinois CJIS Systems Officer with the Illinois State Police.
Information Security Protocols. A lengthy career of providing services to government organizations logically leads PCG to having a high degree of information security protocols. As such, PCG has successfully earned PCI (Payment Card Industry) & HIPAA compliance. As a regular collaborator with major state health organizations (i.e. XXXX and DOH), constant vigilance and understanding of security threats are paramount to both business success and, more importantly, the protection of those people whom our clients work to keep healthy. This is accomplished through solidified processes. One of which is our security management process: The security management process is the basis upon which PCG Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic data, necessitated by the nature of the project, client, or data itself. Assigned security responsibilities allow PCG to compartmentalize security tasks, so they are executed with the highest attention to detail. A single individual is appointed to this position. This position acts as the point of contact, the subject matter expert, the instructor and the voice of security concerns. PCG’s information access management enables it to control who sees what and when. This is accomplished by use of various levels of secure passwords, tokens and built in access controls. These access controls can be as simple as having a testing environment that isn’t connected to any other computers or networks, or as complex as a multi-level, profile based, custom positive/negative item access. This way, if one analyst needs access to financial information, all analysts won’t get access – only the one who needs it. This allows for confidentiality for projects and information. This scenario also allows for a single point of exit, should any information get out into the world. PCG employees are all knowledgeable in the field of technology, with technical degrees and years of experience of working with computers with client data. Due to multiple projects with the state Department of Health, security is at the forefront of all individual’s minds, especially when there are public facing projects. PCG has earned the knowledge, experience and wherewithal to continue to stay abreast of all security compromises that may surprise other businesses. It is a part of the culture here at PCG to keep our state and private clients protected to the best of our abilities. PCG’s facility access...
Information Security Protocols. Accenture has a comprehensive Security Framework solution, which includes well-documented policies, secure access to client environments, strong personnel security practices, and is ISO 27001 compliant. We have the following Physical and Data security features in place to protect client sensitive data: In the instance where the work is not performed at the customer site, we can provide comprehensive physical security standards for the work site, including (as applicable): Accenture takes the security of data very seriously. Accenture issued laptops are provided with the following security standards: Accenture also recognizes there are situations where clients want our staff to leverage their workstations, which are configured with client specific data protocols, and we are happy to comply. In addition to the aforementioned technology security standards on laptops, Accenture has a comprehensive client data protection program. Safeguarding client data is one of the most fundamental and important responsibilities we have. Protecting client data is essential to maintain the trust of our clients. To help our clients protect their data, Accenture has implemented its Client Data Protection Program which is focused on supporting our client’s security and privacy needs. Accenture’s Client Data Protection program provides an improved ability to protect our client’s highly confidential data. Key elements of are: As previously mentioned, if a candidate passes the initial screening and interview process, In fact, we have demonstrated experience in conducting such background checks
Information Security Protocols. As a partner with our Customer we are entrusted with their Confidential, Proprietary information and it is expected this information will be kept secure by the Company and its employees. Information security is addressed in our Standards of Conduct, Integrity and Ethics Program and is integral to a successful relationship with our Customer. As part of our hiring process, all new employees must sign a Jacobs Non-Disclosure Agreement. This agreement stays in full force as long as they are employed by Jacobs. Likewise, if an employee plans to leave our employ, there are required to review and sign the debrief statement on the Jacobs Non-Disclosure form which states they have a continued obligation to protect this information even after they leave our employ. Another element of our Standards of Conduct, Integrity and Ethics Program is our confidential 24-hour Jacobs Integrity Hotline. Employees are encouraged to use the hotline to report possible violations of the Jacobs policies, possible breaches in the security of Confidential and/Proprietary information whether it be Jacobs or our Customers’ information. The hotline is available for employees to seek guidance if they are unsure whether the information they have a concern with should be reported. In an effort to ensure employees feel they can report incidents without recourse, the hotline allows for anonymous reporting of incidents, or an employee can put the concern confidentially in writing. In order to allow for the appropriate level of action by the company, the information provided must provide a sufficiently detailed description of the factual basis for the report. The Company’s networks and shared data systems are other key areas of concern regarding information security and are an indispensable business tool in today’s environment. They allow employees to retrieve vital information quickly, improve communication while reducing costs, collaborate with partners and provide better customer service. While computer networks have revolutionized the business process, the risks they introduce could be fatal to a company. Attacks on networks can lead to lost money, time, products, and sensitive information. Systems, networks and sensitive information can be compromised by malicious or inadvertent actions at any time. The first and most important step to securing a network is the process of developing policies. Policies define what should be protected, why it should be protected, and how it should be protecte...
Information Security Protocols. IT Security Protocol is one other area that we stay uncompromised on. We ensure that the policy standards set forth are strictly adhered to by all staff involved with various operations. Ranging from Mobile Device management that calls for strict norms against use of cell phones and portable storage / access devices to network security involving restriction to uncertified sites for prevention of malware, IT security is strictly deployed in all areas that deal with sensitive and confidential information. Further, the use of pop 3 mail services, updated / licensed software and file access limitation to authorized teams / managers are few other IT protocols that we follow all throughout the year. Infrastructure security involving bio-metrics-reader/ access-card enabled entry is also installed to generate log reports of entry/exit by staff and 24/7 video surveillance. DevCare Solutions’ procedures to timely accommodate a Customer’s designation of a job as one of special trust that requires a background screening. DevCare Solutions implements an elaborate method for requirement of high potential candidates. Our recruitment methodology employs the best of, employee referrals, own talent database and partners to source the ideal profile for the role. Hence, suitable candidates are selected, without the compromise of quality. More so, we are able to attract better resources primarily due to our lower margins on the cost factor, favoring the candidate, without having to demand flexibility on the pay scale from the client’s end.
Information Security Protocols. All Presidio employees are required to complete Security Awareness training that covers information security at Presidio, incident response/reporting, handling confidential data, email/internet security, privacy, HIPAA security awareness, and security outside of Presidio. Presidio is a Federal government contractor with Department of Defense and Top Secret facility clearances that require minimum annual training. Florida Department of Management Services RFP No. 5-80101507-SA-D Information Technology Staff Augmentation Services 3rd Bid Date Due: March 19, 2019 at 1:00PM All Presidio employees undergo background checks and receive routine security training as described above. In addition, we find that many customers also require that their own background check procedures be completed. These requests are routine to Presidio resources and we work to complete all background checks as promptly as possible including on-site visits for fingerprints, etc. Presidio conducts background investigations to meet initial clearance and background eligibility requirements. Employment background checks are performed on Presidio personnel before they are hired, and again before they are assigned to sensitive or classified work areas. In addition to the educational and work history previously mentioned, our Human Resources Department checks: • Federal Criminal Records • Motor Vehicle Records • Municipal Felony and Misdemeanor Criminal Records • National Felony Warrant Check • Public Domain Database Searches • Social Security Number Verification Presidio uses First Advantage Employment Screening to perform background checks and typically runs national criminal, social security number verification, and motor vehicle record checks. All Presidio new hires must complete a satisfactory pre-employment background check to be employed. Xxxxxxxx also performs Federal and state government level background checks as appropriate. In either case, employment with Presidio is contingent upon successful completion of a background check. The general background check consists of the following: • Identity and social security number verification • Drivers’ license/record check • National criminal record check o Only criminal convictions, guilty pleas, pleas of no contest, and deferred adjudication are considered in determining an applicant’s suitability for employment. Detention or arrest without conviction typically do not constitute valid grounds for employment decisions or play a part in the d...
Information Security Protocols. Ventiv uses a layered approach to information security. Ventiv will use commercially reasonable efforts to maintain the security, integrity and availability of all Customer Data to which it has access, including but not limited to commercially reasonable efforts reflecting changing technological approaches, to comply with the following measures: (a) ISO 27001; (b) maintain a documented Information Security Program which includes annual risk assessment and management procedures;
Information Security Protocols. SCONY ENTERPRISES has a documented HIPAA program on file, as well as, general policies and procedures with respect to handling sensitive client data. With respect to information security protocols and contractor performance while on assignment with the STATE OF FLORIDA, SCONY ENTERPRISES will adopt and advise our team members to conform to such procedures and practices advised by the STATE OF FLORIDA information technology division.
Information Security Protocols. Describe Respondent’s ability to ensure its employees protect confidential information. NTT DATA strives to earn the confidence of the clients we serve. We understand that unauthorized use or disclosure of customer data can be severely detrimental to business operations. NTT DATA’s code of conduct lays out the information security principles that every employee must follow. One of these principles is the duty to protect confidential customer information. Each year, we require all of our employees review our code of conduct, which includes our information security policy. Depending on specific requirements with respect to data security, we will also have every NTT DATA employee assigned to a State agency, sign an acknowledgement of his or her obligations to protect that agency’s data and the data of the people being served. We will provide our staff with the State’s data security rules and procedures as part of our onboarding process. In general, NTT DATA employees must review applicable security rules and procedures before starting work. They must also attend agency security briefings (if applicable). Our contract manager will reinforce protection of customer data with the candidates we assign to State agencies. Should a security incident occur, our contract manager will notify the State in writing within one business day. This notification will include a description of the incident, the information affected, and NTT DATA’s recommendations for mitigation and corrective action to make certain unauthorized use does not reoccur. We understand that if the breach of security concerns confidential personal information, we will be responsible for notifying affected persons.
