Security of Data a. Each of the parties shall:
Security of Confidential Information Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
Protection of Property Seller assumes, and shall ensure that all subcontractors thereof and their respective employees assume, the risk of loss or destruction of or damage to any property of such parties whether owned, hired, rented, borrowed or otherwise, brought to a facility owned or controlled by Buyer or Buyer’s customer. Seller waives, and shall ensure that any subcontractor thereof and their respective employees waive, all rights of recovery against Buyer, its subsidiaries and their respective directors, officers, employees and agents for any such loss, destruction or damage. At all times Seller shall, and ensure that any subcontractor thereof shall, use suitable precautions to prevent damage to Buyer's property. If any such property is damaged by the fault or negligence of Seller or any subcontractor thereof, Seller shall, at no cost to Buyer, promptly and equitably reimburse Buyer for such damage or repair or otherwise make good such property to Buyer’s satisfaction. If Seller fails to do so, Buyer may do so and recover from Seller the cost thereof.
ACKNOWLEDGEMENT AND PROTECTION OF INTELLECTUAL PROPERTY RIGHTS 9.1 The Institution acknowledges that all copyrights, patent rights, trade marks, database rights, trade secrets and other intellectual property rights relating to the Licensed Material are the sole and exclusive property of Publisher or are duly licensed to the Publisher and that this Licence does not assign or transfer to the Institution any right, title or interest therein except for the right to use the Licensed Material in accordance with the terms and conditions of this Licence.
Priority of agreements and errors discrepancies
Protection of Intellectual Property Rights (a) (i) Protect, defend and maintain the validity and enforceability of its Intellectual Property; (ii) promptly advise Bank in writing of material infringements or any other event that could reasonably be expected to materially and adversely affect the value of its Intellectual Property; and (iii) not allow any Intellectual Property material to Borrower’s business to be abandoned, forfeited or dedicated to the public without Bank’s written consent.
Priority of Provisions If there is a conflict or inconsistency between any term, statement, requirement, or provision of any exhibit attached hereto, any document or events referred to herein, or any document incorporated into this Agreement by reference and a term, statement, requirement, or provision of Articles 1 through 8 of this Agreement, the term, statement, requirement, or provision contained in Articles 1 through 8 shall prevail and be given effect.
Description of the Services 1.1 The scope of the service to be rendered is described more fully in the Annexures and Schedules referred to below: ❑ Annexure A – Scope / Specification ❑ Annexure C – Pricing Schedule 2 DELIVERABLES AND COMPLETION DATE The Deliverables, due for completion by and governed by this Schedule 1. In the event that the Service Provider fails to meet the delivery dates as agreed, the following penalties will be imposed:
