Protection of Data at Rest Sample Clauses

Protection of Data at Rest. Supplier shall use and employ a high standard of data protection mechanisms as is customary in the industry to protect Company Data as defined in this Agreement. 5.6.1 All Company Personal Sensitive Information at rest, including back-up copies thereof, stored by Supplier at Supplier’s data center are encrypted using 256-bit AES encryption, or encryption mechanisms providing equal or higher protection than 256- bit AES. 5.6.2 Any Company Data, including backup copies thereof, which are removed from Supplier’s facility or stored off-site, are encrypted using 256-bit AES or encryption mechanisms providing equal or higher protection than 256-bit AES. Supplier must process and store Company Data on computer server hardware dedicated solely to processing Company Data and must keep Company’s Data on physically separate computer server hardware from non-Company information. 5.6.3 Any Confidential Information may not be stored within a file or database in the Demilitarized Zone (“DMZ”). 5.6.4 All keys used for encryption must be handled in accordance with documented key management processes and procedures.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs
Protection of Data at Rest. Provider shall use and employ a high standard of data protection mechanisms as is customary in the industry to protect Recipient Production Data. 5.6.1 All Recipient Personal Sensitive Information at rest, including back-up copies thereof, stored by Provider at Provider’s data center are encrypted using at least 128-bit AES encryption, or encryption mechanisms providing equal or higher protection than 128-bit AES. 5.6.2 Any Recipient Production Data, including backup copies thereof that are removed from Provider’s facility or stored off-site are encrypted using 128-bit AES or encryption mechanisms providing equal or higher protection than 128-bit AES. 5.6.3 Any Recipient Confidential Information may not be stored within a file or database in the DMZ. 5.6.4 All keys used for encryption must be handled in accordance with documented key management processes and procedures.
Sample 1Sample 2
Protection of Data at Rest. Xxxxx.xxx will use and employ industry best practice data protection mechanisms to protect ADT Data.
Sample 1

Related to Protection of Data at Rest

  • Protection of Data The Contractor agrees to store Data on one or more of the following media and protect the Data as described: a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.

  • Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • Destruction of Data Provider shall destroy or delete all Personally Identifiable Data contained in Student Data and obtained under the DPA when it is no longer needed for the purpose for which it was obtained or transfer said data to LEA or LEA’s designee, according to a schedule and procedure as the parties may reasonable agree. Nothing in the DPA authorizes Provider to maintain personally identifiable data beyond the time period reasonably needed to complete the disposition.

  • Protection of PFPC PFPC shall be indemnified by the Fund and without liability for any action PFPC takes or does not take in reliance upon directions or advice or Oral Instructions or Written Instructions PFPC receives from or on behalf of the Fund or from counsel and which PFPC believes, in good faith, to be consistent with those directions or advice and Oral Instructions or Written Instructions. Nothing in this section shall be construed so as to impose an obligation upon PFPC (i) to seek such directions or advice or Oral Instructions or Written Instructions, or (ii) to act in accordance with such directions or advice or Oral Instructions or Written Instructions.

  • Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA. (b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction. (c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors. (d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.

  • Loss of Data In the event of loss of any State data or records where such loss is due to the intentional act, omission, or negligence of the Contractor or any of its subcontractors or agents, the Contractor shall be responsible for recreating such lost data in the manner and on the schedule set by the Contract Manager. The Contractor shall ensure that all data is backed up and is recoverable by the Contractor.

  • Applicability of Data Privacy Protections In the event that Personal Information will be Processed by Supplier in connection with the performance under this Agreement (including any SOW), then and only then shall the provisions of this Section ‘Data Protection and Privacy’ be applicable. For the avoidance of doubt, the data security requirements contained in section ‘Information Security’ shall apply regardless of whether Personal Information is Processed under this Agreement or any SOW. All Personal Information obtained from or on behalf of DXC or in connection with performance pursuant to this Agreement shall be Processed and protected pursuant to this Section ‘Data Protection and Privacy’, the Section ‘Information Security’ and any other Sections of this Agreement that address Personal Information.

  • Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that: a) they process data only for the express purpose for which it was obtained; b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form; c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement; d) they do not disclose personal data of the other Party, other than in terms of this Agreement; e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use; f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement; g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access. 25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing. 25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data. 25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it. 25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented. 25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.

  • PROTECTION OF WORK 12.1 Subcontractor shall effectually secure and protect the work done hereunder and assume full responsibility for the condition thereof until final acceptance by the OWNER and Contractor. Subcontractor further agrees to provide such protection as is necessary to protect the work and the workmen of Contractor, the OWNER, and other subcontractors from its operations. 12.2 Subcontractor shall be liable for any loss or damage to any work in place or to any equipment and materials on the job site caused by Subcontractor or its agents, employees or guests.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!