Information Security Review Sample Clauses

Information Security Review. Xxxxxx’x reserves the right to perform information security reviews on any systems or applications used by Supplier to provide services to Xxxxxx’x. The security reviews can include physical inspection, external scan, code review, process reviews, and reviews of system configurations(“Security Reviews”). The Security Reviews shall be conducted at Xxxxxx’x discretion, by Xxxxxx’x or its designee (who shall be a reputable security firm), and at Xxxxxx’x expense unless provided otherwise. Supplier shall grant permission to Xxxxxx’x to perform the Security Reviews. Xxxxxx’x actions or results from any Security Reviews shall be the sole property of Xxxxxx’x and may not be utilized or relied on by Supplier in any way, except as set forth by Xxxxxx’x in performance of services hereunder. Should any Security Review result in the discovery of material security risks to the network used by Supplier to perform services for Xxxxxx’x, Supplier shall be solely responsible for the cost of the Security Reviews. Xxxxxx’x shall immediately notify Supplier of such risks and Supplier shall respond to Xxxxxx’x in writing within three days with Supplier’s plan to take reasonable measures to promptly correct, repair, modify the said network or application to effectively eliminate the risk at no cost to Xxxxxx’x.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs
Information Security Review. During the Term, Triad and/or the Eligible Recipients may perform information security reviews on any Systems, Equipment, Software, network(s) or facilities used by Supplier to provide the Services hereunder (“Reviews”). The Reviews may include physical inspection, external scan, internal scan, code review, process reviews and reviews of system configurations. The Reviews may be conducted, at Triad’s discretion and at Triad’s or the Eligible Recipient’s expense, by Triad, an Eligible Recipient or their designee(s). The Parties shall mutually agree upon the scope and methodology of such Reviews; provided, Supplier shall not unreasonably withhold or delay its agreement to such scope and methodology. Supplier hereby grants permission to Triad to perform the Reviews per the agreed upon scope and methodology; provided, however, any such Review shall be conducted by Triad or its external auditors or (as the Parties reasonably agree) other designees, as applicable, in compliance with the provisions of Sections 9.10(e) as if such Review were an audit subject to such Section. To the fullest extent permitted by Law, Supplier hereby waives the benefit of any state or federal law which may provide a cause of action against Triad or the Eligible Recipients based upon Reviews permitted under this Section and conducted pursuant to the agreed upon scope and methodology. Should any Review result in the discovery of material security risks to the Systems, Equipment, Software, network(s) or facilities used by Supplier to provide the Services hereunder, Triad shall promptly notify Supplier of such risks, and Supplier shall respond to Triad in writing within three (3) days with Supplier’s plan to take reasonable measures to promptly correct, repair, or modify the applicable System, Equipment, Software, network or facility to effectively eliminate such risks, subject to Section 9.6. Upon approval by Triad, Supplier shall implement such plan as quickly as practicable.
Sample 1
Information Security Review. So long as Customer operates in a dedicated environment and network, Customer reserves the right to perform periodic information security reviews on any dedicated environment, applications and/or facilities used by Vendor to provide Services to Customer hereunder (Reviews) such right being contingent upon Customer providing Vendor with written notice of each such Review and a description of all tests to be conducted during such Review at least five (5) days prior to the occurrence of each such Review. The Reviews shall include, but not be limited to, physical inspection, external scan, internal scan, code review, process reviews and reviews of system configurations. The Reviews shall be conducted in Customer’s discretion, by Customer or its designee (who will be a nationally known security firm), and at Customer’s expense in accordance with and based upon SAS 70 Type II requirements and standards. Vendor hereby grants permission to Customer to perform the Reviews. To the fullest extent permitted by law, Vendor hereby waives the benefit of any state or Federal law which may provide a cause of action against Customer based on actions permitted under this Section. Should any Review result in the discovery of material security risks under SAS 70 Type II standards to (a) the network used by Vendor to perform Services for Customer (excluding Customer’s network), (b) the application used by Vendor to perform Services for Customer, or (c) any Vendor Service Center used by Vendor to perform services for Customer, Customer shall immediately notify Vendor of such risks and Vendor shall respond to Customer in writing within three (3) days with Vendor’s plan to promptly correct, repair or modify the said network or application or facility to effectively eliminate the risk (each a Remediation Plan). Any such Remediation Plan shall call for the security risk to be corrected, repaired or modified, as applicable, in accordance with SAS 70 Type II standards, within thirty (30) days. Should Vendor fail to remedy any identified security risk within the time frame agreed upon by the parties, and in any event within thirty (30) days, Customer may withhold payment of all Fees. Customer must pay Fees withheld upon remediation of the identified risk with no accumulated interest. Should Customer identify any material security risk other than those under SAS 70 Type II standards, Vendor’s Remediation Plan shall call for Vendor to use commercially reasonable best efforts to correct, ...
Sample 1
Information Security Review. (a) The information security reviews (Reviews) may include physical inspection, external scan, internal scan, code review, process reviews (both business and technical), reviews of system configurations, and intrusion testing. To the extent software is required for a Review, off the shelf software will be used.‌ (b) The parties will agree in advance the scope of the Review conducted by the Contractor. The scope of any Review conducted by DEC will be decided by DEC. Neither DEC or the Contractor will unreasonably withhold or delay its agreement to such scope, including with respect to any Reviews to be performed by third parties that DEC or its subcontractors have a contractual obligation to permit to conduct Reviews. (c) Where a Review is unscheduled, the party conducting the Review will give 5 Business Days' notice of the Review to the other party. (d) A Review will be conducted, at the expense of the party conducting the Review. (e) The party conducting the Review will promptly following a Review provide to the other party a report in reasonable detail summarising the results of the Review including: (i) dates and times; (ii) subject systems; and (iii) results of Review conducted. (f) Should any Review result in the discovery of security risks to the Assets in the Solution, the party performing such Review will promptly notify the other party of such risks, and, except where the Asset is a DEC Resource, the Contractor will respond to DEC in writing within 3 Business Days with the Contractor's plan detailing the reasonable measures it will take to promptly correct, repair, or modify the applicable Asset to eliminate such risks at no cost to DEC. Upon approval by DEC, the Contractor will implement such plan as quickly as practicable. Once the Contractor has implemented the plan, another Review of the Assets will be conducted at the Contractor's expense within a reasonable time required by DEC in order to confirm that the security risks identified in the previous Review have been (g) [Omitted.] (h) DEC, its auditors or its subcontractors may also perform Reviews on the Solution. (i) The Contractor grants permission to DEC and its subcontractors to perform such Reviews on the Solution. The Contractor acknowledges that to the extent any applicable Laws require DEC or a subcontractor to obtain the Contractor's consent or the consent of any of the Contractor's subcontractors in order to legally conduct the Reviews permitted under this clause, the Contractor her...
Sample 1

Related to Information Security Review

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • System Security Review All systems processing and/or storing County PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • Due Diligence Review; Information The Company shall make available, during normal business hours, for inspection and review by the Investors, advisors to and representatives of the Investors (who may or may not be affiliated with the Investors and who are reasonably acceptable to the Company), all financial and other records, all SEC Filings (as defined in the Purchase Agreement) and other filings with the SEC, and all other corporate documents and properties of the Company as may be reasonably necessary for the purpose of such review, and cause the Company’s officers, directors and employees, within a reasonable time period, to supply all such information reasonably requested by the Investors or any such representative, advisor or underwriter in connection with such Registration Statement (including, without limitation, in response to all questions and other inquiries reasonably made or submitted by any of them), prior to and from time to time after the filing and effectiveness of the Registration Statement for the sole purpose of enabling the Investors and such representatives, advisors and underwriters and their respective accountants and attorneys to conduct initial and ongoing due diligence with respect to the Company and the accuracy of such Registration Statement. The Company shall not disclose material nonpublic information to the Investors, or to advisors to or representatives of the Investors, unless prior to disclosure of such information the Company identifies such information as being material nonpublic information and provides the Investors, such advisors and representatives with the opportunity to accept or refuse to accept such material nonpublic information for review and any Investor wishing to obtain such information enters into an appropriate confidentiality agreement with the Company with respect thereto.

  • Access to Information; Independent Investigation Prior to the execution of this Agreement, the Subscriber has had the opportunity to ask questions of and receive answers from representatives of the Company concerning an investment in the Company, as well as the finances, operations, business and prospects of the Company, and the opportunity to obtain additional information to verify the accuracy of all information so obtained. In determining whether to make this investment, Subscriber has relied solely on Subscriber’s own knowledge and understanding of the Company and its business based upon Subscriber’s own due diligence investigation and the information furnished pursuant to this paragraph. Subscriber understands that no person has been authorized to give any information or to make any representations which were not furnished pursuant to this Section 2 and Subscriber has not relied on any other representations or information in making its investment decision, whether written or oral, relating to the Company, its operations and/or its prospects.

  • Information/Cooperation Executive shall, upon reasonable notice, furnish such information and assistance to the Bank as may be reasonably required by the Bank, in connection with any litigation in which it or any of its subsidiaries or affiliates is, or may become, a party; provided, however, that Executive shall not be required to provide information or assistance with respect to any litigation between Executive and the Bank or any other subsidiaries or affiliates.

  • Representative Access (A) The state agrees that designated Union Representatives shall have access to state controlled premises where employees are employed. (B) If any area of the state’s premises is otherwise restricted to the public, permission must be requested to enter such area and such permission shall not be unreasonably denied. Access shall be during the regular working hours of the employee and only for the purpose of investigating an employee’s grievance.

  • Information Packages As soon as available and in any event not later than two (2) Business Days prior to each Settlement Date, an Information Package as of the most recently completed Fiscal Month.

  • Information Regarding Collateral (a) Level 3 and the Borrower will furnish to the Collateral Agent prompt written notice of any change (i) in any Loan Party’s corporate name or in any trade name used to identify it in the conduct of its business or in the ownership of its properties, (ii) in any Loan Party’s identity or corporate structure or (iii) in any Loan Party’s Federal Taxpayer Identification Number. Each of Level 3 and the Borrower agrees not to effect or permit any change referred to in the preceding sentence unless all filings (or arrangements therefor satisfactory to the Collateral Agent) have been made under the Uniform Commercial Code or otherwise that are required in order for the Collateral Agent to continue at all times following such change to have a valid, legal and perfected security interest in all the Collateral. Each of Level 3 and the Borrower also agrees promptly to notify the Collateral Agent if any material portion of the Collateral is damaged or destroyed. (b) Each year, at the time of delivery of the certificate pursuant to paragraph (c) of Section 5.01, Level 3 shall deliver to the Collateral Agent certificates of an authorized officer of Level 3 (i) setting forth the information required pursuant to (A) the Annual Perfection Certificate and (B) until such time as the Collateral Permit Condition is satisfied with respect to Level 3 LLC, the Annual Loan Proceeds Note Perfection Certificate, or confirming that there has been no change in such information since the dates of the Effective Date Perfection Certificate or the Effective Date Loan Proceeds Note Perfection Certificate, as the case may be, or the date of the most recent certificates delivered pursuant to this Section and (ii) certifying that all Uniform Commercial Code financing statements (excluding fixture filings) or other appropriate filings, recordings or registrations, including all refilings, rerecordings and reregistrations, containing a description of the Collateral required to be set forth therein have been filed of record in each United States governmental, municipal or other appropriate office in each jurisdiction identified pursuant to clause (i) above to the extent necessary to perfect and continue the perfection of the security interests under the applicable Security Documents for a period of not less than 18 months after the date of such certificate (except as noted therein with respect to any continuation statements to be filed within such period).

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!