NIST Cybersecurity Framework The U.S. Department of Commerce National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1.
Protection of Site from encroachments On and after signing the memorandum and/or subsequent memorandum referred to in Clause 8.2, and until the issue of the Completion Certificate, the Contractor shall maintain a round-the-clock xxxxx over the Site and shall ensure and procure that no encroachment takes place thereon. During the Construction Period, the Contractor shall protect the Site from any and all occupations, encroachments or Encumbrances, and shall not place or create nor permit any Sub-contractor or other person claiming through or under the Agreement to place or create any Encumbrance or security threat over all or any part of the Site or the Project Assets, or on any rights of the Contractor therein or under this Agreement, save and except as otherwise expressly set forth in this Agreement. In the event of any encroachment or occupation on any part of the Site, the Contractor shall report such encroachment or occupation forthwith to the Authority and undertake its removal at its own cost and expenses.
Security Cameras Security cameras have been installed throughout the Facility; however, they will not routinely be used in areas where there is an expectation of privacy, such as restrooms or patient care areas.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
Operator’s Security Contact Information Xxxxxxx X. Xxxxxxx Named Security Contact xxxxxxxx@xxxxxxxxx.xxx Email of Security Contact (000) 000-0000 Phone Number of Security Contact
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
RECOVERY FROM THIRD PARTIES 11.1 If
11.1.1 the Seller makes a payment in respect of a Warranty Claim by the Purchaser (the “Damages Payment”);
11.1.2 any member of the Purchaser’s Group recovers from a third party (including pursuant to any insurance policy) any sum in cash or in kind which compensates it in respect of the Loss which is the subject matter to that Warranty Claim (the “Third Party Sum”);
11.1.3 the receipt of that Third Party Sum was not taken into account in calculating the Damages Payment; and
11.1.4 the aggregate of the Third Party Sum and the Damages Payment exceeds the amount required to compensate the Purchaser in full for the Loss or Liability which gave rise to the Warranty Claim in question, such excess being the “Excess Recovery”, then the Purchaser shall, promptly on receipt of the Third Party Sum by any member of the Purchaser’s Group, repay to the Seller an amount equal to the lower of (i) the Excess Recovery and (ii) the Damages Payment, after deducting (in either case) all additional Tax and any costs incurred by the Purchaser or the relevant member of the Purchaser’s Group in recovering that Third Party Sum.
11.2 If, before the Seller pays any amount in respect of any Warranty Claim under this Agreement, any EDS Entity is entitled to recover (whether by payment, discount, credit, relief, insurance or otherwise) from a third party a sum which indemnifies or compensates any relevant member of the Purchaser’s Group (in whole or in part) in respect of the Loss or Liability which is the subject matter of the Warranty Claim, the Purchaser shall procure that, before steps are taken against the Seller, the Purchaser will make reasonable efforts to enforce recovery against the third party and any actual recovery shall reduce or satisfy, as applicable, such Warranty Claim to the extent of such recovery, provided that the Seller first indemnifies the Purchaser’s Group and the EDS Entities against any Tax that may be suffered on receipt of any sum recovered thereunder, together with any costs or expenses incurred in recovering such sum.
Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.
Security Agreement under Uniform Commercial Code It is the intention of the parties hereto that this Mortgage shall constitute a Security Agreement within the meaning of Article 9 of the Uniform Commercial Code of the State of New York. Notwithstanding the filing of a financing statement covering any of the Mortgaged Property in the records normally pertaining to personal property, all of the Mortgaged Property, for all purposes and in all proceedings, legal or equitable, shall be regarded, at Mortgagees' option (to the extent permitted by law) as part of the Real Estate whether or not any such item is physically attached to the Real Estate or serial numbers are used for the better identification of certain items. The mention in any such financing statement of any of the Mortgaged Property shall never be construed as in any way derogating from or impairing this declaration and it is the hereby stated intention of the parties that such mention in protection of Mortgagee in the event any court shall at any time hold that notice of Mortgagee's priority of interest, to be effective against any third party, including the federal government and any authority or agency thereof, must be filed in the Uniform Commercial Code records. Mortgagor and Borrower hereby agree that each shall execute and hereby authorizes Mortgagee to file any financing and continuation statements which Mortgagee shall determine in its sole discretion are necessary or advisable in order to perfect it security interest in the Equipment and Personalty covered by this Mortgage, and Borrower shall pay any expenses incurred by Mortgagee in connection with the preparation, execution and filing of such statements that may be filed by Mortgagee, or, if paid by Mortgagee, such amounts, together with interest at the Default Rate, shall be added to the Indebtedness, payable on demand, and shall be secured by this Mortgage.
