Information Security Training Standards Sample Clauses

Information Security Training Standards. All EOHHS staff must review and acknowledge the EOHHS Information Security Training, or an approved alternative, within one (1) month of hire and prior to accessing any Information Resources in the EOHHS Environment and then on an annual basis thereafter as defined by EOHHS. The EOHHS Information Security Training shall consist of two components: i. Any required EOTSS information security training generally made available to EOHHS staff, and ii. Any required EOHHS information security training. EOHHS has published the EOHHS Information Security Training on PACE. Previous versions of the EOHHS Information Security Training may be stored elsewhere but should not be relied upon for compliance purposes. At a minimum, all staff are required to take that calendar year’s information security training posted to PACE. The Security Office has also developed other information security training for specific types of data that may be required based on job duties and role. All EOHHS staff must take information security training that covers the following subject matter: • Definition of sensitive information, • An explanation of the need to safeguard sensitive information, • How to protect sensitive information, • Least access privilege, • Password requirements, • Kinds of data breaches and attack vectors, • Email management, • Incident reporting, and • Steps that staff can take to prevent a data breach. The current EOHHS information security training is deemed to meet the requirements of Executive Order 504 training for EOHHS employees. Additionally, the training is designed to contain information that is intended to meet the training requirements of the HIPAA Security Rule and applicable Third Party Agreements. Agencies may create documentation that effectively supplants or replaces the EOHHS Information Security Training. Agencies may also create documentation that effectively supplements or adds to the EOHHS Information Security Training. Agencies are strongly encouraged to do so where the EOHHS Information Security Training has perceived deficiencies based on the quality or kind of data being handled by the Agency or based on legal compliance. Any supplanting or supplementary materials, whether or not identified as such, must be reviewed and approved by the Security Office prior to publication and dissemination to staff.
AutoNDA by SimpleDocs

Related to Information Security Training Standards

  • Cybersecurity Training A. Contractor represents and warrants that it will comply with the requirements of Section 2054.5192 of the Texas Government Code relating to cybersecurity training and required verification of completion of the training program. B. Contractor represents and warrants that if Contractor or Subcontractors, officers, or employees of Contractor have access to any state computer system or database, the Contractor, Subcontractors, officers, and employees of Contractor shall complete cybersecurity training pursuant to and in accordance with Government Code, Section 2054.5192.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Security Standards The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.

  • Safety Training Pursuant to Missouri Revised Statute Section 292.675, Contractors and subcontractors who sign a contract to work on public works projects must provide a 10-hour OSHA construction safety program, or similar program approved by the Department of Labor and Industrial Relations, to be completed by their on-site employees within sixty (60) days of beginning work on the construction project. Contractors and subcontractors in violation of this provision will forfeit to the public body $2,500 plus $100 a day for each employee who is employed without training. Public bodies and contractors may withhold/assess these penalties from the payment due to those contractors and subcontractors if found to be in non-compliance.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.

  • Quality Assurance The parties endorse the underlying principles of the Company’s Quality Management System, which seeks to ensure that its services are provided in a manner which best conforms to the requirements of the contract with its customer. This requires the Company to establish and maintain, implement, train and continuously improve its procedures and processes, and the employees to follow the procedures, document their compliance and participate in the improvement process. In particular, this will require employees to regularly and reliably fill out documentation and checklists to signify that work has been carried out in accordance with the customer’s specific requirements. Where necessary, training will be provided in these activities.

  • CHILD ABUSE REPORTING CONTRACTOR hereby agrees to annually train all staff members, including volunteers, so that they are familiar with and agree to adhere to its own child and dependent adult abuse reporting obligations and procedures as specified in California Penal Code section 11164 et seq. and Education Code 44691. To protect the privacy rights of all parties involved (i.e., reporter, child and alleged abuser), reports will remain confidential as required by law and professional ethical mandates. A written statement acknowledging the legal requirements of such reporting and verification of staff adherence to such reporting shall be submitted to the LEA.

  • Quality Assurance Requirements There are no special Quality Assurance requirements under this Agreement.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!