SAFEGUARD STANDARD. Contractor agrees to protect the security of Confidential Information according to all applicable laws and regulations by generally accepted information risk management security control frameworks, standards or guidelines such as the ISO/IEC 27000-series, NIST800-53, CIS Critical Security Controls for Effective Cyber Defense or HIPAA Security Rule – 45 CFR Part 160 and Subparts A and C of Part 164 and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor will implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Confidential Information. Contractor will ensure that all security measures are regularly reviewed including ongoing monitoring, monthly vulnerability testing and annual penetration and security incident response tests, revised, no less than annually, to address evolving threats and vulnerabilities while Contractor has responsibility for the Confidential Information under the terms of this Agreement.
SAFEGUARD STANDARD. Supplier agrees to protect the privacy and security of Non-public Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Supplier will implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Non-public Information. All Protected Information stored on portable devices or media must be encrypted in accordance with the Federal Information Processing Standards (FIPS) Publication 140-2. Supplier will ensure that such security measures are regularly reviewed and revised to address evolving threats and vulnerabilities while Supplier has responsibility for the Non-public Information under the terms of this Appendix. Prior to agreeing to the terms of this Appendix, and periodically thereafter (no more frequently than annually) at UC’s request, Supplier will provide assurance, in the form of a third-party audit report or other documentation acceptable to UC, such as SOC2 Type II, demonstrating that appropriate information security safeguards and controls are in place.
SAFEGUARD STANDARD. As required by TRINITY policy, ENTERTAINER/PERFORMER agrees that it will conduct local, state, and national criminal background checks and review of the national sex offender database, in addition to any other background checks required by applicable law and consistent with the duties and responsibilities associated with such individuals’ positions, locations of work and other possible factors, prior to allowing an employee to perform Services on campus or to have access to TRINITY’s Confidential Information, as determined by TRINITY, and will require the same of any subcontractors, agents, or consultants assigned to do work for TRINITY. ENTERTAINER/PERFORMER further agrees that all employees, subcontractors, agents, or consultants are obligated to observe covenants of confidentiality. A credit history report is also required for individuals who may be assigned to finance and accounting positions. Any individuals who have criminal or civil convictions may not be assigned to TRINITY without consultation with TRINITY in accordance with local, state, and federal law, including the Equal Employment Opportunity Commission’s Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions. Xxxxxxx reserves the right to not allow assignment to Trinity. Any individuals with civil convictions related to financial wrongdoing including, but not limited to, embezzlement, fraud, money laundering, theft or other acts indicating dishonesty may not be assigned to TRINITY if such assignment would involve access to financial information, private personal information, social security numbers, or other types of confidential or proprietary information as determined by TRINITY. Any individuals who have criminal convictions that suggest that they could pose a threat to the health and safety of children may not be assigned to TRINITY if such assignment would involve access to or interaction with children. For any individuals who will have access to residence halls or other secure areas a criminal background check is required. This group includes, but is not limited to residence hall assistants, supervisors and counselors; Physical Plant and janitorial staff; food services, concessions, and auxiliary services personnel. Any individuals who have a criminal history may not be assigned to TRINITY if such assignment would involve access to residence halls or secure areas. This check must also include a social security trace to ensure identity.
SAFEGUARD STANDARD. The CONTRACTOR agrees that it will protect the Covered Data and Information it receives from or on behalf of MINNESOTA STATE according to commercially acceptable standards and no less rigorously than it protects its own confidential information.
SAFEGUARD STANDARD. Contractor agrees to protect the privacy and security of Protected Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Protected Information. All Protected Information that Customer backs up using the Software will be encrypted using 256-bit AES encryption as described in more detail on the Security Addendum. Contractor shall ensure that its security measures are regularly reviewed and revised to address evolving threats and vulnerabilities while Contractor has responsibility for the Protected Information under the terms of this Appendix. In addition, Contractor will ensure compliance with the requirements of ISO27001 and will ensure that its US data centers are SSAE-16 certified. Prior to execution of the Agreement, and periodically thereafter (no more frequently than annually) at the University's request, Contractor will provide assurance, in the form of a third party audit report or other documentation reasonably acceptable to the University, demonstrating that appropriate information security safeguards and controls are in place.
SAFEGUARD STANDARD. The Parties agree that they will protect the Covered Data and Information pursuant to the Agreement no less rigorously than they protects their own confidential information.
SAFEGUARD STANDARD. Receiving Party agrees that it will protect the Confidential Information that it receives from or on behalf of Arcadia according to commercially acceptable standards and no less rigorously than it protects its own confidential information.
SAFEGUARD STANDARD. A. Contractor shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality (authorized access), integrity and availability of the Protected or Private Information. While Contractor has responsibility for the Protected or Private Information under the terms of its contract or agreement, Contractor shall ensure that such security measures are regularly reviewed and revised to address evolving threats and vulnerabilities.
B. Contractor shall not store, process, transmit, or provide remote support to University Protected or Private Information outside of data centers and support personnel located in the United States without the express prior written approval of the University.
C. All facilities used to store, process, or transmit Protected or Private Information will employ commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved.
D. Contractor warrants that all Protected or Private Information will be encrypted in transmission (including via web interface) and may require encrypted storage at no less than 128-bit level encryption as negotiated by the University.
E. Contractor willuseindustrystandard and up‐to-date securitytools and technologiessuchas antivirus protections, antimalware and ransomware protections, and intrusion prevention and detection methods in providing Services under this Agreement.
F. Contractor will adhere to additional controls in Appendix B should it store, process, or transmit cardholder or sensitive authentication data associated with the contractual requirements of the Payment Card Industry-Data Security Standard (PCI DSS) published by the Payment Card Industry Security Standards Council.
SAFEGUARD STANDARD. ATS agrees to protect the privacy and security of Protected Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. ATS shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Protected Information. ATS shall ensure that such security measures are regularly reviewed by ATS and revised to address evolving threats and vulnerabilities while ATS has responsibility for the Protected Information under the terms of the Agreement.
SAFEGUARD STANDARD. Contractor agrees to protect the privacy and security of University data designated as Protected or Private Information in full compliance with any and all applicable laws, regulations, rules or standards, including, but without limitation, FERPA, HIPAA, GLB, the Federal Trade Commission Red Flags Rule, EAR, ITAR, the Social Security Act, and the PCI DSS. Contractor shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality (authorized access), integrity and availability of the Protected or Private Information. While Contractor has responsibility for the Protected or Private Information under the terms of this agreement, Contractor shall ensure that such security measures are regularly reviewed and revised to address evolving threats and vulnerabilities. All facilities used to store and process Protected or Private Information will employ commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all Protected or Private Information will be encrypted in transmission (including via web interface) and may require encrypted storage at no less than 128-bit level encryption. Contractor will use industry standard and up-‐‐to-‐‐date security tools andtechnologies such as antivirus protections and intrusion detection methods in providing Services under this Agreement. If Contractor is storing, processing, or transmitting cardholder data, or is accepting sensitive authentication data, as defined by the PCI DSS, Contractor agrees to maintain compliance with the current effective version of the PCI DSS throughout the term of the Agreement or Contract with the University. Upon request by the University, Contractor will provide a current PCI DSS Attestation of Compliance. If Contractor is utilizing a Payment Card Industry Security Standards Council (PCI SSC) approved Point-to-Point Encryption (P2PE) solution to accept or process credit card payments, Contractor is responsible for the solution’s proper implementation and operation in compliance with all applicable PCI DSS and PCI SSC requirements. Upon request by the...