Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule.
4.2 Suitable to complexity and size of the organization, establish and publish information security and acceptable user policies identifying user responsibilities and addressing requirements in line with this document and applicable laws and regulations.
4.3 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. If you believe Experian data may have been compromised, immediately notify ACRAnet within twenty-four (24) hours or per agreed contractual notification timeline (See also Section 8).
4.4 The FACTA Disposal Rules requires that Company implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.5 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security in the organization.
4.6 When using third party service providers (e.g. application service providers) to access, transmit, store or process Experian data, ensure that service provider is compliant with the Experian Independent Third Party Assessment (EI3PA) program, and registered in Experian’s list of compliant service providers. If the service provider is in the process of becoming compliant, it is Company’s responsibility to ensure the service provider is engaged with Experian and an exception is granted in writing. Approved certifications in lieu of EI3PA can be found in the Glossary section.
Maintain an Information Security Policy. MUIS has a written program instructing its employees on how to protect Trust Data and otherwise meet the specifications set forth herein. ● XXXX has identified its Chief Information Security Officer to be in charge of its program, and shall ensure that this individual is available to the Trusts to respond to any questions and to work with the Trusts in the event of a breach of the security or confidentiality of Trust Data. MUIS regularly monitors this written program to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Trust Data. Where necessary, MUIS will update its security policies as necessary to limit risks and will provide summaries to the Trusts upon request. Specifically, XXXX agrees to: o Establish processes and procedures for identifying internal and external risks, responding to security violations, unusual or suspicious events, and similar incidents, to limit damage or unauthorized access to Trust Data, and to permit identification and prosecution of violators, and, as necessary, improve the effectiveness of safeguards to limit such risks, including employee training, ensuring ongoing employee compliance with its written program, and the development of measures for detecting and preventing security system failures. o Implement appropriate measures to dispose of any Trust Data that will protect against unauthorized access or use of that information, including but not limited to securely wiping electronic media and physical destruction of information stored on paper.
Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.
4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.
4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
Maintain an Information Security Policy. Partner's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: ● Maintaining security policies and procedures, ● Secure development, operation and maintenance of software and systems, ● Security alert handling, ● Security incident response and escalation procedures, ● User account administration, ● Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005.
Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule.
4.2 Suitable to complexity and size of the organization, establish and publish information security and acceptable user policies identifying user responsibilities and addressing requirements in line with this document and applicable laws and regulations.
4.3 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. If you believe Experian data may have been compromised, immediately notify CISCO Credit within twenty-four (24) hours or per agreed contractual notification timeline (See also Section 8).
4.4 The FACTA Disposal Rules requires that Company implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.5 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security in the organization.
4.6 When using third party service providers (e.g. application service providers) to access, transmit, store or process Experian data, ensure that service provider is compliant with the 03/2016 CISCO Credit Public Page 3 of 10 Reseller ASR for End Users Experian Independent Third Party Assessment (EI3PA) program, and registered in Experian’s list of compliant service providers. If the service provider is in the process of becoming compliant, it is Company’s responsibility to ensure the service provider is engaged with Experian and an exception is granted in writing. Approved certifications in lieu of EI3PA can be found in the Glossary section.
Maintain an Information Security Policy a. Maintaining a security policy that includes information security.
b. Providing security training and awareness to all employees and contractors who have access to Company Data.
c. Complying with all applicable U.S. privacy and data security laws and regulations to which TMUS is subject, including any applicable codes of conduct for self-regulatory programs.
Maintain an Information Security Policy. CLIENT understands and agrees that they must implement and follow a security policy. These measures include: ● Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. ● Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. ● The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information.
4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.
4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
Maintain an Information Security Policy. The Parties ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant Parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: • Maintaining security policies and procedures; • Secure development, operation and maintenance of software and systems; • Security alert handling; • Security incident response and escalation procedures; • User account administration; • Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005. The Parties have installed and maintain firewall configurations to protect Personal Data that controls all traffic allowed between Recipient's (internal) network and untrusted (external) networks, as well as traffic into and out of more sensitive areas within its internal network. This includes current documentation, change control and regular reviews. Recipient does not use vendor-supplied defaults for system passwords and other security parameters on any systems and has developed configuration standards for all system components consistent with industry-accepted system hardening standards.
Maintain an Information Security Policy. 1. Maintain a policy that addresses information security for all personnel • Certification: Consultant agrees to promptly provide, from time to time at the request of the CITY, current evidence, in form and substance reasonably satisfactory to CITY, of compliance with PCI-DSS and PA-DSS, which has been properly certified by an authority recognized by the payment card industry for that purpose. If during the term of this Agreement, Consultant undergoes, or has reason to believe that it will undergo, and adverse change in its certification or compliance status with the PCI-DSS or PA-DSS or other material payment. card industry standards, it will promptly notify the CITY of such circumstances.
