Physical Security Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to:
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
System Security and Data Safeguards When SAP is given access to Licensee’s systems and data, SAP shall comply with Licensee’s reasonable administrative, technical, and physical safeguards to protect such data and guard against unauthorized access. In connection with such access, Licensee shall be responsible for providing Consultants with user authorizations and passwords to access its systems and revoking such authorizations and terminating such access, as Licensee deems appropriate from time to time. Licensee shall not grant SAP access to Licensee systems or personal information (of Licensee or any third party) unless such access is essential for the performance of Services under the Agreement. The parties agree that no breach of this provision shall be deemed to have occurred in the event of SAP non-conformance with the aforementioned safeguard but where no personal information has been compromised.
Physical Safeguards USAC and the Department agree to maintain all automated matching records in a secured computer environment that includes the use of authorized access codes to restrict access. Those records will be maintained under conditions that restrict access to persons who need them for official duties related to the matching process. The user’s supervisor will ensure that USAC or the Department are notified when a user has departed or duties have changed so the user no longer needs access to the system, to ensure timely deletion of the user’s account and password.
Security of All Software Components Supplier will inventory all software components (including open source software) used in Deliverables, and provide such inventory to Accenture upon request. Supplier will assess whether any such components have any security defects or vulnerabilities that could lead to a Security Incident. Supplier will perform such assessment prior to providing Accenture with access to such software components and on an on-going basis thereafter during the term of the Agreement. Supplier will promptly notify Accenture of any identified security defect or vulnerability and remediate same in a timely manner. Supplier will promptly notify Accenture of its remediation plan. If remediation is not feasible in a timely manner, Supplier will replace the subject software component with a component that is not affected by a security defect or vulnerability and that does not reduce the overall functionality of the Deliverable(s).
Security and Data Transfers Party shall comply with all applicable State and Agency of Human Services' policies and standards, especially those related to privacy and security. The State will advise the Party of any new policies, procedures, or protocols developed during the term of this agreement as they are issued and will work with the Party to implement any required. Party will ensure the physical and data security associated with computer equipment, including desktops, notebooks, and other portable devices, used in connection with this Agreement. Party will also assure that any media or mechanism used to store or transfer data to or from the State includes industry standard security mechanisms such as continually up-to-date malware protection and encryption. Party will make every reasonable effort to ensure media or data files transferred to the State are virus and spyware free. At the conclusion of this agreement and after successful delivery of the data to the State, Party shall securely delete data (including archival backups) from Party’s equipment that contains individually identifiable records, in accordance with standards adopted by the Agency of Human Services. Party, in the event of a data breach, shall comply with the terms of Section 7 above.
Physical and Environmental Security DST shall: (i) restrict entry to DST’s area(s) where Fund Confidential Information is stored, accessed, or processed solely to DST’s personnel or DST authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety.
Personnel Security 6.1 Staff recruitment in accordance with government requirements for pre- employment checks;
Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.
Security Technology When the service is accessed using a supported web browser, Secure Socket Layer (“SSL”), or equivalent technology shall be employed to protect data from unauthorized access. The service security measures shall include server authentication and data encryption. Provider shall host data pursuant to the DPA in an environment using a firewall that is periodically updated according to industry standards.
