IT Security Plan Sample Clauses

IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractors IT Secu- rity Plan shall comply with applicable Fed- eral laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in ac- cordance with Federal and GSA policies and procedures. GSA’s Office of the Chief Infor- mation Officer issued ‘‘CIO IT Security Pro- cedural Guide 09–48, Security Language for Information Technology Acquisitions Ef- forts,’’ to provide IT security standards, poli- cies and reporting requirements. This docu- ment is incorporated by reference in all so- licitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at http:// .xxx.xxx/xxxxxx/xxxxxxxx/00000. Spe- cific security requirements not specified in ‘‘CIO IT Security Procedural Guide 09–48, Se- curity Language for Information Technology Acquisitions Efforts’’ shall be provided by the requiring activity.
Sample 1Sample 2
AutoNDA by SimpleDocs
IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractor’s IT Se- curity Plan shall comply with applicable Federal laws that include, but are not lim- ited to, 40 U.S.C. 11331, the Federal Informa- tion Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and DOS policies and procedures, as they may be amended from time to time during the term of this contract that include, but are not limited to: (1) OMB Circular A–130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources; (2) National Institute of Standards and Technology (NIST) Guidelines (see NIST Special Publication 800–37, Guide for the Se- curity Certification and Accreditation of Federal Information Technology Systems (xxxx://xxxx.xxxx.xxx/publications/nistpubs/800-37/ SP800-37-final.pdf)); and (3) Department of State information secu- rity sections of the Foreign Affairs Manual (FAM) and Foreign Affairs Handbook (FAH) (xxxx://xxxx.xxxxx.xxx/Regs/Search.asp), specifi- cally: (i) 12 FAM 230, Personnel Security;
Sample 1
IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be followed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall describe those parts of the contract to which this clause applies. The Contractors IT Security Plan shall comply with applicable Federal laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and GSA policies and procedures. GSA’s Office of the Chief Information Officer issued “CIO IT Security Procedural Guide 09–48, Security Language for Information Technology Acquisitions Efforts,” to provide IT security standards, policies and reporting requirements. This document is incorporated by reference in all solicitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at xxxx://xxx.xxx.xxx/portal/category/25690. Specific security requirements not specified in “CIO IT Security Procedural Guide 09–48, Security Language for Information Technology Acquisitions Efforts” shall be provided by the requiring activity.
Sample 1
IT Security Plan all Authorized TCP Individuals will comply with the standards, procedures, or policies outlined below for IT security: MCTD will be stored in a UTA-sanctioned data storage location: xxxxx://xxx.xxx.xxx/security/approved_storage/index.php. xxxxx://xxx.xxx.xxx/security/password/index.php. Use of portable/external storage devices such as flash drives or laptops will comply with UTA’s standards for Security: xxxxx://xxx.xxx.xxx/security/usb_security/index.php. In addition, if a portable media or storage device is removed from the approved location (1.a.), it will remain within the Authorized TCP Individual’s “effective controlat all times via the following procedures: 1. An Authorized Individual will keep the items under his/her physical possession or keep it secured in a place such as a hotel safe, a bonded warehouse, or a locked or guarded exhibition facility; 2. An Authorized Individual will take security precautions to protect against unauthorized release of the MCTD: a. use of secure connections when accessing e-mail and other business activities that involve the transmission and use of the technology, b. use of password systems on electronic devices that store technology, and c. use of personal firewalls on electronic devices that store the technology; 3. Authorized Individuals will not ship, transmit, or hand-carry the MCTD outside of the U.S. without first consulting with UT Arlington’s Export Control Officer. If MCTD will be transmitted electronically (with Authorized Individuals or the Supplying Agency), describe how the transmission will take place and how it will be secured (procedures must be approved by Information Security): **UTA’s Information Security Office will review and approve procedures that are deviations, exceptions, or additions to any of the Security Plan referenced above.
Sample 1

Related to IT Security Plan

  • Security Plan The Business Continuity Plan and the Disaster Recovery Plan may be combined into one document. Additionally, at the beginning of each State Fiscal Year, if the MCO modifies the following documents, it must submit the revised documents and corresponding checklists for HHSC’s review and approval:

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Security Policy As part of PCI DSS, the Card Organizations require that you have a security policy that covers the security of credit card information.

  • Security Policies IBM maintains privacy and security policies that are communicated to IBM employees. IBM requires privacy and security training to personnel who support IBM data centers. We have an information security team. IBM security policies and standards are reviewed and re-evaluated annually. IBM security incidents are handled in accordance with a comprehensive incident response procedure.

  • Equity Plan For purposes of this Agreement, “Equity Plan” means the CS Disco, Inc. 2021 Equity Incentive Plan, as amended from time to time, or any successor plan thereto.

  • Transition Plan In the event of termination by the LHIN pursuant to this section, the LHIN and the HSP will develop a Transition Plan. The HSP agrees that it will take all actions, and provide all information, required by the LHIN to facilitate the transition of the HSP’s clients.

  • Contractor and Employee Security Precautions The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.

  • Leave Plan Effective April the Hospital agrees to introduce a leave program, funded solely by the nurse, subject to the following terms and conditions:

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Business Continuity Plan The Warrant Agent shall maintain plans for business continuity, disaster recovery, and backup capabilities and facilities designed to ensure the Warrant Agent’s continued performance of its obligations under this Agreement, including, without limitation, loss of production, loss of systems, loss of equipment, failure of carriers and the failure of the Warrant Agent’s or its supplier’s equipment, computer systems or business systems (“Business Continuity Plan”). Such Business Continuity Plan shall include, but shall not be limited to, testing, accountability and corrective actions designed to be promptly implemented, if necessary. In addition, in the event that the Warrant Agent has knowledge of an incident affecting the integrity or availability of such Business Continuity Plan, then the Warrant Agent shall, as promptly as practicable, but no later than twenty-four (24) hours (or sooner to the extent required by applicable law or regulation) after the Warrant Agent becomes aware of such incident, notify the Company in writing of such incident and provide the Company with updates, as deemed appropriate by the Warrant Agent under the circumstances, with respect to the status of all related remediation efforts in connection with such incident. The Warrant Agent represents that, as of the date of this Agreement, such Business Continuity Plan is active and functioning normally in all material respects.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!