Common use of Security and Privacy Compliance Clause in Contracts

Security and Privacy Compliance. 2.1. Subrecipient shall keep all GLO Data received under the Contract and any documents related thereto strictly confidential. 2.2. Subrecipient shall comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. 2.3. Subrecipient shall implement administrative, physical, and technical safeguards to protect GLO Data that are no less rigorous than accepted industry practices including, without limitation, the guidelines in the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework Version 1. 1. All such safeguards shall comply with applicable data protection and privacy laws. 2.4. Subrecipient will legally bind any contractor(s)/subcontractor(s) to the same requirements stated herein and obligations stipulated in the Contract and documents related thereto. Subrecipient shall ensure that the requirements stated herein are imposed on any contractor/subcontractor of Subrecipient’s subcontractor(s). 2.5. With the exception of contractors and subcontractors as they are addressed in Section 2.4, Subrecipient will not share GLO Data with any third parties, except as necessary for Subrecipient’s performance under the Contract and upon the express written consent of the GLO’s Information Security Officer or his/her authorized designee. 2.6. Subrecipient will ensure that initial privacy and security training, and annual training, thereafter, is completed by its employees or contractor/subcontractors that have access to GLO Data or who create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle PII and/or SPI on behalf of the GLO. Subrecipient shall maintain and, upon request, provide documentation of training completion.

Security and Privacy Compliance. 2.1. Subrecipient shall keep all GLO Data received under the Contract and any documents related thereto strictly confidential. 2.2. Subrecipient shall comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. 2.3. Subrecipient shall implement administrative, physical, and technical safeguards to protect GLO Data that are no less rigorous than accepted industry practices including, without limitation, the guidelines in the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework Version 1. 11.1. All such safeguards shall comply with applicable data protection and privacy laws. 2.4. Subrecipient will legally bind any contractor(s)/subcontractor(s) to the same requirements stated herein and obligations stipulated in the Contract and documents related thereto. Subrecipient shall ensure that the requirements stated herein are imposed on any contractor/subcontractor of Subrecipient’s subcontractor(s). 2.5. With the exception of contractors and subcontractors as they are addressed in Section 2.4, Subrecipient will not share GLO Data with any third parties, except as necessary for Subrecipient’s performance under the Contract and upon the express written consent of the GLO’s Information Security Officer or his/her authorized designee. 2.6. Subrecipient will ensure that initial privacy and security training, and annual training, thereafter, is completed by its employees or contractor/subcontractors that have access to GLO Data or who create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle PII and/or SPI on behalf of the GLO. Subrecipient shall maintain and, upon request, provide documentation of training completion.