PURPOSE AND INTRODUCTION. A. In the course of providing the Goods and/or Services contemplated by the Agreement, Supplier may gain access to the University of California’s (UC) Institutional Information and/or IT Resources (both defined below). In such an event, UC and Supplier desire to appropriately protect Institutional Information and IT Resources. The purpose of this Appendix-Data Security is to specify Supplier’s cybersecurity and risk management responsibilities when Supplier has access to Institutional Information and/or IT Resources.
B. Any capitalized terms used here have the meaning ascribed to such terms as set forth in the Agreement or Incorporated Documents.
C. Supplier must provide commercially acceptable cybersecurity and cyber risk management to protect Institutional Information and/or IT Resources. This must include, but is not limited to the Supplier:
1. Developing and documenting a plan that protects Institutional Information and IT Resources.
2. Conducting an accurate and thorough assessment of the potential risks to and vulnerabilities of the security of the Institutional Information and/or IT Resources. Supplier must mitigate anticipated risks effectively. This includes implementing commercially acceptable security policies, procedures, and practices that protect Institutional Information and/or IT Resources.
3. Updating its plan to effectively address new cybersecurity risks.
4. Complying with pertinent contractual and regulatory responsibilities.
5. Providing UC with evidence of compliance with Supplier’s information security plan.
6. Keeping UC informed with timely updates on risks, vulnerabilities, Security Incidents, and Breaches.
7. Keeping UC informed of any measures UC must perform to ensure the security of Institutional Information and IT Resources. 1 Examples include the latest versions of PCI DSS, NIST CSF, CIS Critical Security Controls, IS0 27002, NIST SP 800-53 and NIST SP 800-171.
D. If, in the course of providing the Goods and/or Services under the Agreement, Supplier engages in transactions with UC affiliated individuals (including but not limited to: students, staff, faculty, customers, patients, guests, volunteers, visitors, research subjects, etc.), as a benefit and result of the Agreement, Supplier must treat any data about UC affiliated individuals that Supplier creates, receives, and/or collects in the course of those transactions with the same level of privacy and security protections and standards as required of Institutional Informat...
PURPOSE AND INTRODUCTION. The EOHHS Information Security Office’s mission is to safeguard EOHHS’s and its Agencies’ collective data in any form and prevent the inappropriate use, exfiltration, or manipulation of that data. The Security Office works constantly to maximize preservation of the confidentiality, availability, and integrity of EOHHS data through the promulgation, implementation, and enforcement of administrative, physical, and technical safeguards. This document outlines the specific ways such data should be preserved. It provides the bare minimum standards that apply to all Information Resources in the EOHHS Environment and within third party environments contracted for by EOHHS or which use, process, or maintain EOHHS data. These have been drafted with an eye towards: • Federal and State legal requirements • Specific data source contractual requirements • Commonwealth enterprise policies and standards (available at: xxxxx://xxx.xxxx.xxx/handbook/enterprise-information-security-policies-and-standards) • Extant good practice at Agencies and within Information Systems • Other factors as appropriate The need for this broadly applicable set of standards is clear when looking at the EOHHS Environment in its entirety.
PURPOSE AND INTRODUCTION. The key to ensuring a safe and secure environment is by having a staff that is competent and capable with respect to information security. No matter how secure and airtight an 1 Pursuant to 45 CFR § 95.621, for APD-funded operations and Information Resources, this is every two years. organization’s technical environment, if its employees cannot handle information appropriately, each of those employees poses a significant vulnerability to the organization. This Section V, Acceptable Use and Information Security Training, will offer the requirements for training and provide managers and staff the tools they need to ensure the EOHHS Environment is adequately protected against external and internal threats. Agencies are encouraged to develop information security training in addition to the requirements outlined in this section. If, at the time of publication of this policy, Agencies have documentation they believe satisfies the requirements herein for acceptable use or information security training, or if the Agency develops any related documentation after the publication of this policy, the Security Office must review and approve of such documentation before implementation.
PURPOSE AND INTRODUCTION. Access Control, in the broadest sense, deals with who has access to what and how. The standards outlined in this Access Control section address specific requirements about how permission to view, use, change, or update Information Resources should be granted, modified, and revoked in the EOHHS Environment. For access controls for facilities themselves, please see Section XVII,
PURPOSE AND INTRODUCTION. In support of access control monitoring and ensuring the confidentiality, integrity, and availability of Information Resources, Owners must ensure that they are able to assess and verify who accessed what with respect to their Information Resources. The controls outlined herein are predominately targeted at Information Systems, but physical Information Resources should be similarly safeguarded to the extent feasible.
PURPOSE AND INTRODUCTION. It is impossible to safeguard an environment where the issues, gaps and vdc xdeficiencies of that environment are unknown. Beginning in September, 2017, the EOHHS Security Office implemented a continuous monitoring program focusing on assessments of information systems, facilities, and operations in the EOHHS Environment. The purpose of these assessments is to develop a baseline for the implementation of physical, technical, and administrative safeguards for Information Systems designed to 13 See generally, NIST SP 800-60, “Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories,” at 20-23.
PURPOSE AND INTRODUCTION. Purpose This policy sets out the nature and purpose of the Partner Personnel Services Agreement (PPSA), as well as the respective roles and responsibilities of the parties, when UNDP engages non-staff personnel through the Personnel Service Agreement, as a service to its client UN entities. Introduction PPSA is a contractual modality through which UNDP may engage and administer non-staff personnel contacts for an on behalf of client UN entities - ‘the Partner’ for the purposes of this policy. By way of background, UNDP may engage personnel under the following scenarios: For its own needs; As a service to an eligible entity further to the Financial Regulations and Rules, i.e., either to a UN entity as agency services, or to the implementing partner of a UNDP project, to enable the entity to carry out its development needs or the needs of the project, respectively. If the contract for a UN entity is issued in UNDP’s name, and in the case of contracts issued for implementing partners, UNDP is accountable and responsible under the contract with the individual engaged, and the individual is supervised by and ultimately responsible to UNDP; OR Where UNDP engages personnel as a service to a Partner and the contract is issued by UNDP on behalf of the named UN Partner, the personnel concerned are considered the personnel of the Partner (“Partner Personnel”). The Partner Personnel and their work are under the full and direct responsibility, supervision and control of the Partner. UNDP shall provide the Partner with an administrative service as described below. In the case of 1.B.b.iii the personnel are considered the personnel of the Partner (“Partner Personnel”) and are covered by this policy. In the case of Partner Personnel, UNDP may act solely as a contracting agent through facilitating the engagement of individual(s) for the Partner. The PPSA shall specify the name of the Partner and the nature of the relationship between the Partner and the Partner Personnel engaged thereunder.
PURPOSE AND INTRODUCTION. The objective of the proposed Peer Assistance program is to improve teaching in the Boston Public Schools and provide support for permanent teachers who are experiencing difficulties in the classroom. In cooperation with the building principal or headmaster, a Peer Assistant will work with the participating teacher to identify areas of improvement, develop specific performance goals, offer support and monitor the progress of the teacher. Individually crafted performance and teaching goals for the participating teacher will be aligned with the BPS Dimensions of Effective Teaching and the teacher performance evaluation tool. Participation in the Peer Assistance program is voluntary. The management of the Peer Assistance program will be the responsibility of the Peer Assistance Committee (PAC) which is to be comprised of both BPS and BTU members. While the Peer Assistance program is designed and intended to help teachers in need, the Peer Assistance program will be separate from the performance evaluation of teachers. A teacher’s selection into or denial of selection into the Peer Assistance program will not be grievable nor be arbitrable. The parties agree that peer assistants shall receive training, and the development thereof shall be up the joint committee below.
PURPOSE AND INTRODUCTION. The purpose of this Agreement is to define the rights and obligations of the COUNTY and the USER with respect to the cooperative and coordinated purchase, lease, maintenance, technical and administrative support and use of portable and mobile radios by the USER on the COUNTY’s System. The System is a multi-site general purpose wireless communications system designed to provide, among other things, adequate area coverage reliability for portable radio operation above ground level throughout most of the County. Other USER benefits and services include, access to a countywide public safety radio communications system, multiple system redundancies with backup power, a wide range of talk groups, electronic identification of all radios on all transmissions.
PURPOSE AND INTRODUCTION. A. In the course of providing the Goods and/or Services contemplated by the Agreement, Supplier may gain access to the University of California’s (UC) Institutional Information and/or IT Resources (both defined below). In such an event, UC and Supplier desire to appropriately protect Institutional Information and IT Resources. The purpose of this Appendix-Data Security is to specify Supplier’s cybersecurity and risk management responsibilities when Supplier has access to Institutional Information and/or IT Resources.
B. Any capitalized terms used here have the meaning ascribed to such terms as set forth in the Agreement or Incorporated Documents.