SECURITY AND PRIVACY SAFEGUARDS Sample Clauses

SECURITY AND PRIVACY SAFEGUARDS. General Security Requirements 1. Administrative Safeguards Access to the data matched and to any data created by the match will be restricted to only those authorized employees and officials who need it to perform their official duties in connection with the uses of the data authorized in this agreement. Further, all personnel who will have access to the data matched and to any data created by the match will be advised of the confidential nature of the data, the safeguards required to protect the data, and the civil and criminal sanctions for noncompliance contained in the applicable Federal laws.
AutoNDA by SimpleDocs
SECURITY AND PRIVACY SAFEGUARDS. 1. SSS and ED will comply with all Federal requirements relating to information security, information systems security, and privacy, including the Federal Information Security Management Act of 2002, as amended by the Federal Information Security Modernization Act of 2014 (FISMA), section 208 of the E-Government Act of 2002, the Privacy Act, OMB Memorandum 08-05, “Implementation of Trusted Internet Connections (TIC)” and all subsequent related memoranda, OMB memoranda related to privacy, and National Institute of Standards and Technology (NIST) directives in the Special Publications (SP) 800 series (e.g., NIST SP 800-53, Rev. 4, and NIST SP 800-37, Rev. 1). Specific security requirements include, but are not limited to, the following: a. Data must be protected at the Moderate system certification criticality level according to Federal Information Processing Standards (FIPS) Publication 199, Standards for Security Categorization of Federal Information and Information Systems. b. SSS’s Registration, Compliance, and Verification System (RCV) and FSA’s Central Processing System (CPS) have completed the security authorization process (formerly called certification and accreditation) within the last three years, using the required NIST guidance, and have an Authorization to Operate (ATO) with the appropriate signatures. c. Electronic files are encrypted using the FIPS 140-2 standard and are interoperable with ED’s personal identity verification logical access control card (PIV LAC) for Government Employees and support contractors authorized to have an HSPD-12 card (HSPD-12 = Homeland Security Presidential Directive #12). d. Electronic files are encrypted while in transit, with the use of FIPS 140-2 product(s) that provide a secure tunnel between SSS and FSA sites. e. SSS and ED information systems reside behind a Trusted Internet Connection (TIC). i. FISMA requirements apply to all Federal contractors, organizations, or entities that possess or use Federal information, or that operate, use, or have access to Federal information systems on behalf of an agency. SSS and ED agree that they are responsible for oversight and compliance of their own contractors and agents. SSS and ED each reserve the right to conduct onsite inspections of any contractor or agent who has access to matched data in order to monitor compliance with FISMA regulations during the lifetime of this agreement. ii. ED and SSS will also comply with the personally identifiable information (PII) bre...
SECURITY AND PRIVACY SAFEGUARDS. 2.1 All eHealth Ontario Products and Services: eHealth Ontario’s security program is based on two standards from the International Organization for Standardization (ISO), as recommended by the Government of Canada: • ISO/IEC 27002:2005, – Code of Practice for Information Security Management, and • ISO/IEC 27001:2005, – Information Security Management Systems – Requirements. and is in compliance with the Personal Health Information Protection Act and the Freedom of Information and Protection of Privacy Act. Security of information and protection of privacy within, and by use of, eHealth Ontario’s products and services is achieved by collaboration of all parties who are partners in providing or using these services. For its part, eHealth Ontario has implemented the following safeguards: (i) Administrative Safeguards • eHealth Ontario regularly reviews and enhances its security policies. Staff and contractors read the relevant policies and sign that they have read and understood them. • eHealth Ontario has mandatory security staff awareness and training programs. • eHealth Ontario Staff and contractors generally have no ability or permission to access personal health information. If access to personal health information is required in the course of providing eHealth Ontario services, individuals are prohibited from using or disclosing such information. • All staff and contractors must sign confidentiality agreements and undergo criminal background checks prior to joining eHealth Ontario. eHealth Ontario has a security screening policy that requires staff to have an appropriate level of clearance for the sensitivity of the information they may access. • Client obligations, for their part in maintaining security, are detailed in individual contracts and Service Level Agreements (SLAs). • eHealth Ontario ensures, through formal contracts/SLAs, that any third party it retains to assist in providing services to health information custodians will comply with the restrictions and conditions necessary for eHealth Ontario to fulfil its legal responsibilities. • eHealth Ontario staff, consultants, suppliers and clients must promptly report any security breaches to eHealth Ontario for investigation. • Security risk assessments are conducted as part of both product/service development and client deployments. Mitigation activities are well established and tracked as part of each assessment. • eHealth Ontario provides a written copy of the results of a security risk assess...
SECURITY AND PRIVACY SAFEGUARDS. ED and DoD will comply with all Federal requirements relating to information security, information systems security, and privacy, including the Federal Information Security Modernization Act of 2014 (FISMA), the E-Government Act of 2002, OMB memoranda related to privacy, and National Institute of Standards and Technology (NIST) directives in the Special Publications (SP) 800 series (e.g., NIST SP 800-53, Rev. 4, and NIST SP 800-37, Rev.
SECURITY AND PRIVACY SAFEGUARDS. General Security Requirements
SECURITY AND PRIVACY SAFEGUARDS eHealth Ontario has implemented strong administrative, physical and technical safeguards, consistent with industry best practices, to protect the information being transferred, processed or stored from theft, loss, unauthorised use, modification, disclosure, destruction and/or damage. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, staff training and confidentiality agreements.
SECURITY AND PRIVACY SAFEGUARDS eHealth Ontario warrants that it has implemented and will maintain strong administrative, physical and technical safeguards, consistent with industry best practices as applicable to health care systems in Ontario, to protect the Personal Health Information being transferred, processed or stored from theft, loss, unauthorised use, modification, disclosure, destruction and/or damage and will ensure its Representatives comply with its privacy and security requirements. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, staff training and confidentiality agreements. Additional information can be found at xxxx://xxx.xxxxxxxxxxxxxx.xx.xx/about.
AutoNDA by SimpleDocs
SECURITY AND PRIVACY SAFEGUARDS 

Related to SECURITY AND PRIVACY SAFEGUARDS

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds' shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer's reasonable requests for information concerning Bank's information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank's discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank's information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer ("Breach of Security"); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank's other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank's ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer's ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, "personal information" shall mean (i) an individual's name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver's license number, (c) state identification card number, (d) debit or credit card number, (e) financial account 22 number, (f) passport number, or (g) personal identification number or password that would permit access to a person's account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual's account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing "personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Network Security and Privacy Liability Insurance During the term of this Contract, Supplier will maintain coverage for network security and privacy liability. The coverage may be endorsed on another form of liability coverage or written on a standalone policy. The insurance must cover claims which may arise from failure of Supplier’s security resulting in, but not limited to, computer attacks, unauthorized access, disclosure of not public data – including but not limited to, confidential or private information, transmission of a computer virus, or denial of service. Minimum limits: $2,000,000 per occurrence $2,000,000 annual aggregate Failure of Supplier to maintain the required insurance will constitute a material breach entitling Sourcewell to immediately terminate this Contract for default.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!