Organization of Information Security Sample Clauses
Organization of Information Security a. Assigning security responsibilities to appropriate Medallia individuals or groups to facilitate protection of the Medallia Products environment and associated assets.
Organization of Information Security. ● Processor has appointed a Security Officer responsible for coordinating and monitoring the security rules and procedures. ● The Security Officer is bound by confidentiality obligations.
Organization of Information Security. ● Information Security governance and data protection compliance for MaxMind are the responsibility of XxxXxxx’s Chief Operating Officer. ● MaxMind has established an Information Security team, with security responsibilities shared across various business units. ● Confidentiality and nondisclosure agreements are required when sharing sensitive, proprietary personal, or otherwise confidential information between MaxMind and a third- party. ● A formal process is in place to manage third parties with access to organizational data, information systems, or data centers. All such third parties commit contractually to maintaining confidentiality of all confidential information.
Organization of Information Security. Information Security governance and data protection compliance for the Company are the responsibility of Lative’s Chief Executive Officer. • Confidentiality and non-disclosure agreements are required when sharing sensitive, proprietary personal or otherwise confidential information between Lative and a third-party
Organization of Information Security. Duty of Confidentiality. Provider’s personnel with access to customer data are subject to confidentiality obligations.
Organization of Information Security. 3.1. The Manufacturer must initiate and control the implementation of its information security policy and procedures and must require that its policy and procedures be reviewed, tested and updated on a regular basis.
3.2. If the Agreement requires the Manufacturer to have an annual IT Security Certification (a “Certification”) performed, then the following requirements must be met:
a. The Certification must assess the Manufacturer’s application of the information security principles of confidentiality, integrity and availability to the Altria Data.
b. Within 30 days after the completion of the Certification, the Manufacturer must develop and execute a remediation plan to remove the vulnerabilities identified in the Certification. If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager a copy of the remediation plan and status updates of the remediation plan, including a certification that the remediation plan has been successfully completed.
3.3. If the Agreement requires the Manufacturer to have an annual IT Security Vulnerability Assessment (an “Assessment”) performed, then the following requirements must be met:
a. The Assessment must comply with standards that are at least as stringent as those included in the then-current version of the National Institute of Standards and Technology (MST) standard 800-115 Technical Guide to Information Security Testing and Assessment, and must, at a minimum, include a review of the Manufacturer’s: (i) external computer networks, (it) internal computer networks (including wireless networks), (iii) information security architecture, which is a consistent set of principles, policies and standards that sets the direction and vision for the secure development and operation of an organization’s business information systems so as to ensure alignment with and support for the business needs, (iv) physical security, and (v) Internet accessible web applications.
b. Within 30 days after the completion of each Assessment, the Manufacturer must develop and execute a remediation plan to remove the vulnerabilities identified in the Assessment If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager a summary of the Assessment and the remediation plan. If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager status updates of the remediation plan, including a certification that the remediation plan has been successfully completed.
Organization of Information Security. Maintain an information security organization to coordinate the implementation of security for Red Hat.
Organization of Information Security. The managers of OPED GmbH are responsible in their organizational unit for the complete implementation of the principles of IT security and for fulfilling the IT security tasks assigned to them. Information security roles and responsibilities are defined in the IT security organization. Con- flicting tasks and areas of responsibility are separated in order to reduce the possibility of un- authorized or unintentional changes or misuse of our company's assets. We have a procedure in place that defines when and by whom relevant authorities are notified and recognized data protection and information security incidents are reported in a timely man- ner. We also maintain ongoing contact with special interest groups in order to be informed about changes and improvements in the area of data protection and information security. In our projects, data protection and data security are an integral part of all phases of our pro- ject methodology. Through our respective guidelines and processes for teleworking and the use of mobile de- vices, we also ensure data protection and data security in these areas.
Organization of Information Security. The Plesk group employs a group-wide Chief Information Officer, responsible for the entire IT system of all group entities. The CIO has sufficient authority to handle any operational and tactical level security initiatives, issues, as well as a group wide IT security framework. Where required, the CIO appoints additional Security Managers in different departments, responsible for the day-to-day handling of operational security issues, as well as reporting.
Organization of Information Security a. Assigning security responsibilities to appropriate Voci individuals or groups to facilitate protection of the Voci Products environment and associated assets.