Information Security Standards. Xxxxxx’x shall provide to Supplier its Information Security Standards that define information security controls and guidelines currently in place. The Supplier shall, in the performance by Supplier of services under the Agreement, comply with all commercially reasonable standards within thirty days of receipt of same, unless the parties agree otherwise. At any time during the term of the Agreement, and upon notice to Supplier, Xxxxxx’x may have a Security Review and an architectural design review of the facilities and applications used by Supplier to perform services for Xxxxxx’x, such a review will be performed by either Xxxxxx’x or a third party, at Xxxxxx’x discretion. If a security flaw is discovered, Xxxxxx’x shall give immediate notice of such flaw to Supplier and Supplier shall have five business days to formulate a plan to cure such flaw, unless the parties agree to a longer period of time for such cure. Unless otherwise agreed to by the parties, during the term of the Agreement, Supplier shall have thirty days from receipt of notice to comply with any change in the Information Security Standards.
Information Security Standards. As applicable to the services provided in this Contract, Contractor shall comply with the “Security Assessment Report and Attestation Guideline” and “HHS Information Security Controls” published by HHSC and currently accessed on the following webpage: xxxxx://xxx.xxxxx.xxx/doing-business-hhs/contracting-hhs/vendor-resources.
Information Security Standards. 1. Each Partner agrees to hold all information shared under this agreement in accordance with security standard ISO 27001 or an equivalent level of compatible security.
Information Security Standards. Further to Section 12.2(l), the Manager shall promptly make available to the Initial Member information regarding the policies and procedures for protection of Customer Information described in Section 12.2(l) as requested by either of them from time to time. The Manager further agrees that any Customer Information transmitted electronically by it (or the Servicer or any Sub-Servicer) shall be encrypted.
Information Security Standards. In the performance of all Work pursuant to this Agreement and Statement of Work, Customer and EESCO will comply with the following standards and practices:
Information Security Standards. We represent and warrant that we will not request or have access to any HHSC Confidential Information or information databases or computer systems. HHSC shall not provide us with its Confidential Information, nor will it provide us with access to its information databases or computer systems. In the event the parties mutually agree that we should and do have access to HHSC Confidential Information, or HHSC information databases or computer systems, we will safeguard HHSC Confidential Information in compliance with all applicable federal and state privacy, security and breach notification statutes and regulations including the “Security Assessment Report and Attestation Guideline” and “HHS Information Security Controls” published by HHSC and currently accessed on the following webpage: xxxxx://xxx.xxxxx.xxx/doing-business-hhs/contracting-hhs/vendor-resources.
Information Security Standards. The Customer must maintain security in the acquisition and use of the Comtrac Services in accordance with applicable standards, frameworks, and best practice. Customers in Australia For an Australian Customer, these include: • Australian Government Information Security Manual (ISM) • Australian Government Protective Security Policy Framework (PSPF) • Australian Government Essential Eight • Information Security Registered Assessors Program (IRAP) • and/or any later versions of these. Customers not in Australia For a Customer in a jurisdiction outside of Australia, these include the relevant jurisdiction equivalents, aligned to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, and/or any later version of this. All Customers All Customers must identify applicable requirements from: • ISO/IEC 27001:2013. Information technology - Security techniques - Information security management systems - Requirements • ISO/IEC 9001:2015. Quality management systems - Requirements; • ISO/IEC 31000:2018. Risk Management – Guidelines; and • OWASP Application Security Verification Standard, • and/or any later versions of these, and implement requirements appropriate to the Customer and the Comtrac Services to which the Customer subscribes. Certification against standards is not a requirement, but alignment with and adoption of applicable requirements is, and Comtrac reserves the right to request sight of any related Statement of Applicability. Security Governance In order to support the acquisition and use of the Comtrac Services, the Customer must develop and maintain information security policies, procedures, and guidelines in accordance with the requirements above that are reviewed at regular intervals (and no less than annually); Facilitate appropriate responses to changing threats and risks; and Cater for technology advances.
Information Security Standards. 3.1.1. SOC 2 Type II. GoodData undertakes SOC 2 Type II audits on a regular basis. The SOC 2 reflects current industry standard security best practices. Accordingly, if there is any conflict between the SOC 2 and this Xxxxx XX, the SOC 2 terms shall prevail.
Information Security Standards. Contractor acknowledges that the State of Oregon has established minimum levels of security for all data and information processed, transmitted or otherwise used by DAS PS in connection with this Participating Addendum and each Contract, whether it is submitted to, directly or indirectly, or accessed or accessible by Contractor pursuant to Contractor’s performance hereunder, including without limitation, Personal Information (as defined in Section 8.5), data concerning DAS PS or Authorized Purchaser’s employees or clients, and information provided to Contractor by DAS PS or an Authorized Purchaser related to DAS PS or the Authorized Purchaser or its information systems and operations, and all metadata associated with the foregoing and other Confidential Information of DAS PS or Authorized Purchasers or their customers or clients residing in or accessed by the Cloud Solutions or Related Services (collectively, “Protected Data”). The State of Oregon’s information security policies are set forth in Exhibit F- Part I. The State of Oregon will have the right to amend these security policies on 30 days’ notice to Contractor or such shorter notice period as required in order to comply with law. If the State amends such security policies, Contractor will implement such amendments in the fulfillment of its obligations hereunder, and the parties will enter into an amendment to this Participating Addendum to document any technical or operational changes associated with or resulting from such amended policies. State Premises. Contractor will comply, and will cause its employees, agents and subcontractors to comply with the State of Oregon’s information security policies applicable to Contractor in its performance under this Participating Addendum or a Contract at any State of Oregon premises to which they have access in connection with the performance hereunder. Additional Standards. In addition to the standards established by the Information Security Policies described in Section 8.2, Contractor shall provide Related Services in compliance with the following, in each case to the extent applicable to Contractor in performing the services hereunder: The HIPAA Security Rule set forth at 45 CFR Part 160 and Subparts A and C of Part 164; The United States Department of Justice, Federal Bureau of Investigation’s Criminal Justice Information Services Security Policy, Version 5.6 or current (the “CJIS Security Policy), including, where applicable, signature on the FBI’s CJIS...
Information Security Standards. Contractor acknowledges that the State of Oregon has established minimum levels of security for all data and information processed, transmitted or otherwise used by Authorized Purchaser in connection with its performance under this Contract, whether it is submitted to, directly or indirectly, or accessed or accessible by Contractor pursuant to Contractor’s performance hereunder, including without limitation, Personal Information (as defined in Section 5.5), data concerning Authorized Purchaser or Authorized Purchaser’s employees or clients, and information provided to Contractor by Authorized Purchaser or an Authorized Purchaser related to Authorized Purchaser or the Authorized Purchaser or its information systems and operations, and all metadata associated with the foregoing and other Confidential Information of Authorized Purchaser or Authorized Purchasers or their customers or clients residing in or accessed by the Cloud Solutions or Related Services (collectively, “Protected Data”). The State of Oregon’s information security policies are set forth in Exhibit F-Part I. The State of Oregon will have the right to amend these security policies on 30 days’ notice to Contractor or such shorter notice period as required in order to comply with law. If the State amends such security policies, Contractor will implement such amendments in the fulfillment of its obligations hereunder, and the parties will enter into an amendment to this Participating Addendum to document any technical or operational changes associated with or resulting from such amended policies.
