Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Personal Information security breach Supplier/Service Provider’s Obligations
Information Security Requirements In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-of-life” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan.
System Security Review All systems processing and/or storing DHCS PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.
OIG INSPECTION, AUDIT, AND REVIEW RIGHTS In addition to any other rights OIG may have by statute, regulation, or contract, OIG or its duly authorized representative(s) may conduct interviews, examine or request copies of Xxxxxx’x books, records, and other documents and supporting materials and/or conduct on-site reviews of any of Xxxxxx’x locations for the purpose of verifying and evaluating: (a) Xxxxxx’x compliance with the terms of this IA and (b) Xxxxxx’x compliance with the requirements of the Federal health care programs. The documentation described above shall be made available by Xxxxxx to OIG or its duly authorized representative(s) at all reasonable times for inspection, audit, and/or reproduction. Furthermore, for purposes of this provision, OIG or its duly authorized representative(s) may interview Xxxxxx and any of Xxxxxx’x employees or contractors who consent to be interviewed at the individual’s place of business during normal business hours or at such other place and time as may be mutually agreed upon between the individual and OIG. Xxxxxx shall assist OIG or its duly authorized representative(s) in contacting and arranging interviews with such individuals upon OIG’s request. Xxxxxx’x employees and contractors may elect to be interviewed with or without a representative of Xxxxxx present.
Contractor Information The Contractor will provide up to date information for each of the following in the form and manner specified by OGS:
Background and Security Investigations 8.1 For the safety and welfare of the children to be served under this Contract, CONTRACTOR shall, as permitted by law, ensure that its staff, employees, independent contractors, volunteers or subcontractors who may come in contact with children in the course of their work, undergo and pass a background investigation to the satisfaction of COUNTY as a condition of beginning and continuing to work under this contract. Such background investigation may include, but shall not be limited to criminal conviction information obtained through fingerprints submitted to the California Department of Justice. The fees associated with the background investigation shall be at the expense of the CONTRACTOR, regardless if the member of CONTRACTOR’s staff passes or fails the backgrounds investigation.
Review Rights The State and the U.S. Department of Transportation, when federal funds are involved, and any of their authorized representatives shall have the right at all reasonable times to review or otherwise evaluate the work performed hereunder and the premises in which it is being performed.
BACKGROUND INVESTIGATION The BOARD is prohibited from knowingly employing a person who has been convicted of committing or attempting to commit certain criminal offenses. If the required criminal background investigation is not completed at the time this Contract is signed, and the subsequent investigation report reveals that there has been a prohibited conviction, this Contract shall immediately become null and void.
