Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
Security Measures Lessee hereby acknowledges that the rental payable to Lessor hereunder does not include the cost of guard service or other security measures, and that Lessor shall have no obligation whatsoever to provide same. Lessee assumes all responsibility for the protection of the Premises, Lessee, its agents and invitees and their property from the acts of third parties.
Accessibility of Information Technology Contractor represents and warrants that any software/ hardware/ communications system/ equipment (collectively “technology”), if any, provided under this Agreement adheres to the standards and/or specifications as may be set forth in the Section 508 of the Rehabilitation Act of 1973 standards guide and is fully compliant with WCAG 2.0 AA standards for accessibility and compliant with any applicable FCC regulations. Technology that will be used on a mobile device must also be navigable with Voiceover on iOS devices in addition to meeting WCAG 2.0 level AA. If portions of the technology or user experience are alleged to be non-compliant or non- accessible at any point, District will provide Contractor with notice of such allegation and Contractor shall use its best efforts to make the technology compliant and accessible. If a state or federal department, office or regulatory agency, or if any other third party administrative agency or organization (“Claimants”), make a claim, allegation, initiates legal or regulatory process, or if a court finds or otherwise determines that technology is non-compliant or non-accessible, Contractor shall indemnify, defend and hold harmless the District from and against any and all such claims, allegations, liabilities, damages, penalties, fees, costs (including but not limited to reasonable attorneys’ fees), arising out of or related to Xxxxxxxxx’ claims. Contractor shall also fully indemnify District for the full cost of any user accommodation that is found to be necessary due to an identifiable lack of accessibility in the Contractor’s technology. If necessary, an independent 3rd party accessibility firm using POUR standards (Perceivable, Operable, Understandable and Robust) may be used to validate the accessibility of the technology.
Use of Information Collected ICON may collect and may make use of personal information to assist in the operation of our website and to ensure delivery of the services you need and request. At times, we may find it necessary to use personally identifiable information (PII) as a means to keep you informed of other possible products and/or services that may be available to you from xxxxx://xxxx.xxxx.xxx. ICON may also be in contact with you in regards to completing surveys and/or research questionnaires related to your opinion of current or potential future services that may be offered. ICON does not now, but reserves the right in the future to sell, rent or lease any of our customer lists and/or names to any third party. ICON may deem it necessary to follow websites and/or pages that users may frequent in an effort to glean what types of services and/or products may be the most popular to customers or the public ICON may disclose your personal/organizational information, without prior notice to you, ONLY if required to do so in accordance with applicable laws and/or in a good faith belief that such action is deemed necessary or is required in an effort to: • Remain in compliance with any decrees, laws and/or statutes or in an effort to comply with any process which may be served upon ICON, and/or; • Maintain safeguard and/or preserve all the rights and/or property of ICON, and • Perform under demanding conditions in an effort to safeguard the personal safety of users of xxxxx://xxxx.xxxx.xxx and/or general public. Unsubscribe or Opt-Out All users and/or visitors to our website have the option to discontinue receiving communication from us and/or reserve the right to discontinue receiving communications by way of email or newsletters. To discontinue or unsubscribe to our website please send an email that you wish to unsubscribe/register to Xxxxxxx@xxxx.xxx. If you wish to unsubscribe/register or opt-out from any third- party websites, you must go to that specific website to unsubscribe and/or opt-out.
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Updates to Security Measures Customer is responsible for reviewing the information made available by MailChimp relating to data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that the Security Measures are subject to technical progress and development and that MailChimp may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
Personal Information security breach Supplier/Service Provider’s Obligations
Update of Information If, prior to the Closing Time, any event shall occur or condition shall exist which would, singly or in the aggregate, result in a Material Adverse Effect the Company will promptly give the Winning Bidder(s), the Placement Agents and the Selling Shareholder written notice of such event or condition and effects therefrom, as well as copies of any related documentation.
Safeguarding of Information 8(1) Where a Crown Servant or Government Contractor, by virtue of his position as such, has in his possession or under his control any document or other article which it would be an offence under any of the foregoing provisions of this Act for him to disclose without lawful authority he is guilty of an offence if –
Contractor Information The Contractor will provide up to date information for each of the following in the form and manner specified by OGS:
