Security Framework. The required security framework is provided for in the SECURE ERDS software. The ERDS software shall use a minimum of 128 bit file and image encryption. Industry standard Secure Sockets Layer (SSL) and user login with password that is encrypted shall be employed. User passwords are controlled by the user and at a minimum changed at 90 day intervals to reduce security exposure.
Security Framework. In addition to your obligations set forth in the Security Schedule, you expressly agree to establish, implement and update, as necessary, security policies, procedures, and systems related to the initiation, processing and storage of ACH Origination entries.
Security Framework. Security framework uses an ACL architecture similar to Windows NT. An access control entry allows or denies a player or a group access to game capabilities in service resolution. The set of actions for player in a game include sending and receiving messages and accessing service data such as the collection of current players. The security token is a 32bit value in which every bit represents an allowed action. A security token is associated with a player-game or a group-game pair to form an Access Control Entry (ACE). The collection of all ACEs for a game forms the service's Access Control List (ACL).
Security Framework. Encryption will be a minimum 128bit file and image encryption. Secure Socket Layer (SSL) and user loginlpassword will be employed. User passwords are controlled by the Submitter and should be monitoredlor changed periodically to ensure security. Computers on which documents originate must have all critical operating system patches applied, must have a firewall (hardware or software) installed, and must have up to date virus scan software.
Security Framework. We implement internal security controls that align with the NIST Cybersecurity Framework v1.1. Data Storage Our infrastructure is housed on Amazon Web Services’ (AWS), a highly reliable, secure, and scalable cloud platform. AWS is validated under the following compliance programs, among others: SOC 1, SOC 2, SOC 3, ISO 27001, PCI DSS Level 1, and NIST 800-53. All data is stored within the United States, and all processing servers are based within the United States. Data Encryption Data is encrypted in transit and at rest to provide protection of sensitive data at all critical points in its lifecycle. All data is transmitted over HTTPS connections to and from the ParentSquare application. All passwords are salted and hashed. Data Breaches Upon becoming aware of a data breach, we would fully investigate the incident and notify the customer within two business days, including our plan to remediate the breach. The customer then makes a decision about how or if users are notified.
Security Framework. The required security framework is provided for in the SECURE G2G Portal software. The SECURE G2G Portal software shall use a minimum of 128-bit file and image encryption. Industry standard Secure Sockets Layer (SSL) and user login with password that is encrypted shall be employed. User passwords are controlled by the Government Agency and at a minimum changed at 90-day intervals to reduce security exposure.
Security Framework. The OHAA system will be hosted on the Amazon Virtual Private Cloud (VPC) through Amazon Web Services (AWS). This solution will provide the logically isolated sections for the various provider offices participating. This architecture will ensure physician’s offices have autonomous control over their data and also supports the data sharing capability with minimal impact to the underlying infrastructure. This significantly reduces both capital and operational expense outlays. Amazon Web Services also maintains compliance to HIPAA privacy and security standards through Federal Risk and Authorization Management Program (FedRAMP) and National Institute of Standards and Technology (NIST) 800-53, a higher security standard that maps to the HIPAA security rule. AWS enables covered entities and their business associates subject to HIPAA to securely process, store, and transmit PHI. The elements that will be part of the security framework are: Login To gain access to the OHAA system, the user is identified/ authorized through a multi- factor authentication framework; using a combination of their unique Network Id/password and a secure token. Admin safeguards like filling an access form and getting it approved by the security officer is in place. Access to the OHAA System The OHAA system uses the HTTPS protocol to protect the information sent over the network and the Internet. The user connects using a url that is HTTPS secure to access the OHAA system via the internet. With IPSEC-V4/TLS being used the connection between the various points of communication between the systems in the network path is encrypted. VPN adds an additional layer of encryption by protecting all the information being exchanged. Access Controls File system access controls, implemented via security policies and/or a permissions table, will be in place to ensure that individuals within each state accessing the resources like the file system, documents, images etc. on the servers can be authorized before gaining access. A log is maintained of all the activity of each user that accesses the network/servers. File access controls in place will ensure who gains access to network resources. Internal Networks The firewalls will provide a layer of security starting from the point of entry and throughout the different layers of the system. Based on providing a "Defense in Depth” strategy, the external network and the network perimeter will be monitored using auditing. Penetration testing, vulnerability ana...
Security Framework. The Kentucky Online Gateway (KOG) provides user provisioning and authorization services. Every component of QHI including MEMS shall invoke KOG services prior to executing a user request from within the MEMS solution. The new MEMS solution shall utilize the KOG solution for user provisioning and authorization services.
Security Framework. 2.1 Moorepay has in place structured Security and Compliance Teams. The areas covered by the Security & Compliance teams are: Compliance and Standards; Data Privacy and Protection; Legal and Regulatory compliance matters; Business Continuity and Disaster Recovery; Security Management; Physical Security; and Vendor Security and Compliance Management.
Security Framework. In addition to your obligations set forth in the Security Schedule, you expressly agree to establish, implement and update, as necessary, security policies, procedures, and systems related to the initiation, processing and storage of ACH Origination entries. Provisional Credit. You acknowledge that the NACHA Operating Rules make provisional any credit given for an entry until the financial institution crediting the account specified in the entry receives final settlement. If the financial institution does not receive final settlement, it is entitled to a refund from the credited party and the originator of the entry shall not be deemed to have paid the party.
