Safeguarding County Data. Safeguarding Procedures. Service Provider shall establish and maintain environmental, safety and facility procedures, data security procedures and other safeguards against the destruction, loss, unauthorized access or alteration of County Data in the possession or under the control of Service Provider that are (i) no less rigorous than those maintained by County as of the Commencement Date (or implemented by County in the future to the extent deemed necessary by County), including the security and control requirements under this Agreement, (ii) no less rigorous than those maintained by Service Provider for its own information of a similar nature, (iii) no less rigorous than accepted security standards in the industry (such as ISO/IEC 27001:2013, 17799 and/or BS 7799) and (iv) adequate to meet the requirements of County’s privacy, security and records retention policies and applicable laws. After the Commencement and as requested by County, Service Provider shall evaluate the then-current County security policy and shall prepare and submit for County review and approval recommendations with respect to changes or modifications to such policy. Service Provider shall maintain and enforce the then-current County security policy until any changes or modifications are approved in writing by County for implementation. County shall have the right to establish backup security for County Data and to keep backup copies of the County Data in County’s possession at County’s expense, if County so chooses. If requested, Service Provider shall provide County with downloads of County Data, as requested by County, to enable County to maintain such backup security or backup copies of County Data. Service Provider shall remove all County Data from any media taken out of service and shall destroy or securely erase such media in accordance with County standards and the Policy and Procedures Manual. No media on which County Data is stored may be used or re-used to store data of any other customer of Service Provider or to deliver data to a third party, including another Service Provider customer, unless securely erased in accordance with the County standards and the Policy and Procedures Manual. In the event Service Provider discovers or is notified of a breach or potential breach of security relating to County Data, Service Provider shall, in addition to any other obligations it may have under this Agreement, expeditiously (a) notify County of such breach or potential breach, (b...
Safeguarding County Data. Supplier shall develop security policies and procedures as provided in Sections 7.3 (Safety Procedures),
