Information Security Requirements. In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-of-life” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan.
Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures:
1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services E-Verify Employer Agent and its clients;
2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system;
3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate;
4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks;
5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year;
6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization;
7. Implement procedures for detecting, reporting, and responding to security incidents;
8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization;
9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retain...
Information Security Requirements. (a) Contractor is required to comply with CSU Information Security Requirements as described in Rider A, Supplemental Provisions for General Provisions for Service Acquisitions, attached hereto and by reference made a part of this agreement.
Information Security Requirements. Company has adopted certain requirements relating to information security, which are attached as Attachment A to this Schedule, and Contractor agrees to abide by all such requirements.
Information Security Requirements a) Vendor shall comply with all applicable state and federal laws and regulations regarding confidentiality, privacy, and security pertaining to TSLAC confidential information.
b) Access to sensitive or confidential TSLAC information. Vendor represents and warrants that it will take all necessary and appropriate action within its abilities to safeguard sensitive or confidential TSLAC information and to protect it from unauthorized disclosure. If communications with Vendor necessitate the release of confidential TSLAC information, the Confidential Treatment of Information Acknowledgement form (CTIA) must be signed by each individual who will require access to or may be exposed to that information. Vendor shall access TSLAC’s systems and sensitive or confidential TSLAC information only for the purposes for which it is authorized. Vendor shall ensure that any sensitive or confidential TSLAC information in the custody of Vendor is properly sanitized or destroyed when the information is no longer required to be retained by TSLAC or Vendor in accordance with this agreement. Electronic media used for storing any confidential TSLAC information must be sanitized by clearing, purging or destroying in accordance with NIST Special Publication 800-88 Guidelines for Media Sanitization. Vendor must maintain a record documenting the removal and completion of all sanitization procedures with the following information:
1) Date and time of sanitization/destruction,
2) Description of the item(s) and serial number(s) if applicable,
3) Inventory number(s), and
4) Procedures and tools used for sanitization/destruction. No later than sixty (60) days from Purchase Order expiration or termination or as otherwise specified in this agreement, Vendor must complete the sanitization and destruction of the data and provide to TSLAC all sanitization documentation. Vendor shall not access, process, store or transmit IRS Federal Taxpayer Information unless expressly authorized by this agreement. Vendor shall comply with IRS Publication 1075 requirements if it accesses, processes, stores, or transmits IRS Federal Taxpayer Information.
Information Security Requirements. The terms and conditions of this exhibit meet and/or exceeds the information security requirements of the three national credit reporting agencies (Equifax Information Services LLC, Transunion, Experian Information Solutions, Inc.), where applicable, complies with the access of information requirements of the Federal Fair Credit Reporting Act and Xxxxx-Xxxxx-Xxxxxx Act for data privacy (FCRA and GLB 5A Data). In addition, this exhibit complies with the notification requirements prescribed by the California Consumer Credit Reporting Agencies Act which can be found at xxxxx://xxx.xx.xxx/privacy/ccpa, and the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999) § 2480e which can be found at xxxxx://xxxxxxxxxxx.xxxxxxx.xxx/statutes/section/09/063/02480e, as well as the requirements of the Fair Xxxxx Company and affiliates (FICO).
Information Security Requirements. The State of California, Department of Child Support Services (DCSS) implemented information security standards outlined in the DCSS Information Security Manual (ISM), for the purpose of maintaining the security of child support information and assets. The ISM security policies and standards apply to Applicable Organizations, defined as “any organization whose employees or contractors have access to child support information or child support IT assets”. Local Child Support Agencies are required to ensure contractors having access to such information are required to comply with Third Party Vendor IT Security Policies included in the ISM. In keeping with ISM and County requirements, Contractor shall agree to comply with the DCSS ISM and implement the following administrative, physical, and information security safeguards to ensure the integrity, security, and confidentiality of all County of Orange Department of Child Support Services (CSS) information, including but not limited to electronic files, data, paper documents and forms, for the term and length of this contract and while in possession of, maintaining, or accessing CSS information. The DCSS ISM and all revisions as the DCSS ISM is modified may be viewed at: xxxx://xxx.xxxxxxxx.xx.xxx/Portals/0/home/docs/InfoSecurityManual.pdf
Information Security Requirements. Web Services Employers performing verification services under this MOU must ensure that information that is shared between the Web Services Employer and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services Employer agrees to institute the following procedures:
1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services Employer;
Information Security Requirements. Xxxxxx will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) secure the Services and Customer Property against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access, and (c) minimize security risks, including through risk assessment and regular testing. As part of this information security program, Xxxxxx shall implement the security measures set forth at xxxxx.xxxxxx.xx/#xxxxxxxx-xxxxxxxxxxxx.
Information Security Requirements. (a) Buildscale shall have implemented and documented appropriate administrative, technical and physical measures set forth in the Agreement, as applicable, to protect Personal Information against accidental or unlawful destruction, alteration, unauthorized disclosure or access. Buildscale will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Buildscale will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Information, and ensure that these risks are addressed.
(b) Buildscale shall have implemented and documented appropriate business continuity and disaster recovery plans to enable it continue or resume providing Services (including restoring access to the Personal Information) in a timely manner after a disruptive event. Buildscale will regularly test and monitor the effectiveness of its business continuity and disaster recovered plans. At appropriate intervals or as otherwise requested by Customer, Buildscale will provide a copy of its written business continuity and disaster recovery plans to Customer.
(c) If the Processing involves the transmission of Personal Information over a network, Buildscale shall have implemented appropriate supplementary measures to protect the Personal Information against the specific risks presented by the Processing. Personal Information may not be transmitted over any insecure network unless it has been appropriately encrypted.
(d) Upon request, and subject to the confidentiality obligations set forth in the Agreement, Buildscale shall provide Customer (or Customer’s independent, third-party auditor that is not a competitor of Buildscale) information regarding Buildscale’s compliance with the obligations set forth in this DPA in the form of the Buildscale’s SOC 2 report. Customer may contact Buildscale in accordance with the “Notices” Section of the Agreement to request an on-site audit of the architecture, systems and procedures relevant to the protection of Customer Personal Information. Customer shall reimburse Buildscale for any time expended by Buildscale or its third-party sub-processors for any such on-site audit at Buildscale’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Buildscale shall mutually agree upon the scope, timing, and duration of the audit in addition to ...
