Safeguarding of State Data Sample Clauses

Safeguarding of State Data. (i) Contractor shall maintain a comprehensive data security program, which shall include reasonable and appropriate technical, organizational and security measures against the destruction, loss, unauthorized access or alteration of State Data in the possession of Contractor, and which shall be (A) no less rigorous than those maintained (or required to be maintained) by State or the relevant state agency (or required or implemented by State or the relevant state agency in the future to the extent deemed necessary by State or such state agency and communicated to Contractor), (B) no less rigorous than those maintained by Contractor for its own information of a similar nature, (C) no less rigorous than accepted security standards in the industry (including but not limited to the Payment Card Industry’s Data Security Standard (PCI DSS)), and (D) (without limiting the Parties' obligations under Section 18Compliance with Laws) compliant with all applicable State Rules and State Standards, including the requirements of State's and the relevant state agency’s then-current privacy, security and records retention policies (such as Internal Revenue Service guidelines contained within IRS Publication 1075 (found at xxxx://xxx.xxx.xxx/pub/irs-pdf/p1075.pdf). Contractor acknowledges and agrees that certain state agencies are legally prohibited from disclosing or allowing access to certain State Data, including disclosures to and access by the State Information Technology Services Division (SITSD), other state agencies and Contractor. The content and implementation of such data security program and associated technical, organizational and security measures shall be fully documented by Contractor in the Operating Manual, including the process state agencies shall follow to identify State Data they are legally prohibited from disclosing and the confidentiality requirements of state agencies. Contractor shall permit legislative auditors and State security personnel to review such documentation and/or to inspect Contractor’s compliance with these provisions in accordance with this Section 26.3(b)(i). State acknowledges that elements of Contractor’s data security program involve customized services offerings regarding the specific means and levels of security protection selected by a customer (regarding, for example, desired levels of host and network intrusion detection services, methods for monitoring and limiting access to data, extent of desired encryption, etc.), and ...
Sample 1
AutoNDA by SimpleDocs

Related to Safeguarding of State Data

  • Safeguarding requirements and procedures (1) The Contractor shall apply the following basic safeguarding requirements and procedures to protect covered contractor information systems. Requirements and procedures for basic safeguarding of covered contractor information systems shall include, at a minimum, the following security controls: (i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). (ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute. (iii) Verify and control/limit connections to and use of external information systems. (iv) Control information posted or processed on publicly accessible information systems. (v) Identify information system users, processes acting on behalf of users, or devices. (vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. (vii) Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. (viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. (ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. (x) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. (xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. (xii) Identify, report, and correct information and information system flaws in a timely manner. (xiii) Provide protection from malicious code at appropriate locations within organizational information systems. (xiv) Update malicious code protection mechanisms when new releases are available. (xv) Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

  • Compliance with Safeguarding Customer Information Requirements The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616, and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Seller information regarding the implementation of such security measures upon the reasonable request of the Seller.

  • Provide Data in Compliance with Applicable Laws LEA shall provide Student Data for the purposes of obtaining the Services in compliance with all applicable federal, state, and local privacy laws, rules, and regulations, all as may be amended from time to time.

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Compliance with Federal and State Work Authorization and Immigration Laws The Contractor and all subcontractors, suppliers and consultants must comply with all federal and state work authorization and immigration laws, and must certify compliance using the form set forth in Section 7 (“Georgia Security and Immigration Compliance Act Affidavits”). The required certificates must be filed with the Owner and copied maintained by the Contractor as of the beginning date of this contract and each subcontract, supplier contract, or consultant contract, and upon final payment to the subcontractor or consultant. State officials, including officials of the Georgia Department of Audits and Accounts, officials of the Owner, retain the right to inspect and audit the Project Site and employment records of the Contractor, subcontractors and consultants without notice during normal working hours until Final Completion, and as otherwise specified by law and by Rules and Regulations of the Georgia Department of Audits and Accounts.

  • COMPLIANCE WITH GOVERNMENTAL RULES AND REGULATIONS; RECORDS The Trust assumes full responsibility for its compliance with all securities, tax, commodities and other laws, rules and regulations applicable to it.

  • Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.

  • Compliance with Texas Privacy Laws and Regulations In performing their respective obligations under the Agreement, the LEA and the Provider shall comply with all Texas laws and regulations pertaining to LEA data privacy and confidentiality, including but not limited to the Texas Education Code Chapter 32, and Texas Government Code Chapter 560.

  • COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!