Security of Information. Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password ex...
Security of Information. Unless otherwise specifically authorized by the DOH IT Security Officer, Contractor receiving confidential information under this contract assures that: It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rul...
Security of Information a. Chapter agrees to secure all APS data ensuring protections from unauthorized access, use, or disclosure.
b. APS data must be secured in a controlled, secure environment, protected from unauthorized access, use, or disclosure.
c. Access to APS data will be restricted to only those who need to know that information in order to perform their job function.
d. Chapter contact will notify APS of any known data breach that impacts APS member data.
Security of Information. Unless otherwise specifically authorized by the DOH IT Security Officer, Contractor receiving confidential information under this contract assures that:
Security of Information. No data transmission over the Internet can be guaranteed as totally secure. Whilst we strive to protect such information we do not warrant and cannot ensure the security of information which you transmit to us. Accordingly, any information which you transmit to us is transmitted at your own risk.
Security of Information. We take reasonable precautions to protect Our users’ information. Please note, however, that electronic transmissions via the Internet are not necessarily secure from interception, and We do not guarantee the security or confidentiality of transmissions. Except as may be otherwise provided in a specific agreement for services, We undertake no responsibility or liability for the deletion or failure to store any information or communications submitted through any of Our Online Platforms.
Security of Information. 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement.
17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall:
(a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3;
(b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information;
(c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training;
(d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information;
(e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply;
(f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities;
(g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and
(h) ensure any use of diagnostic tools is securely controlled.
17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer.
17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information.
17.5 The Receiving Party shall ensure that the implementation and management of security of the Disclosing Party’s Information:
(a) reduces the risk of misuse of the other party’s systems and/or Information, which could potentially caus...
Security of Information. Without limiting the foregoing, Supplier agrees to maintain security measures to comply with the above obligations and to ensure that access granted will not impair the integrity and availability of HP Systems. Upon reasonable notice, HP may audit Supplier to verify Supplier’s compliance with these obligations.
Security of Information. 29.1 The County is required to notify its customers if any electronically stored information or written document that contains personal information has been subject to a security breach. Any Contractor of the County who becomes aware of any potential breach of a document or electronic file containing personal information of client of the County will immediately notify the Contract Administrator, who will work with the County Public Information Officer to notify the affected persons. A breach occurs when any unauthorized individual or entity gains access to personal information or when unintended disclosure of personal information is made, for example loss or theft of a electronic device containing personal information, loss or theft of a paper document containing personal information, unauthorized access to a network containing personal information, or a document containing personal information being sent to the wrong address.
29.2 No County Contractor will print a person’s full Social Security Number (SSN) on any document that will be sent through the mail, without a written request from the person whose SSN will be printed on the document, except as required by law. The Contractor will use only the last 4 digits of a SSN on all documents unless there is a compelling business reason to use the entire SSN. If a document contains a full SSN, the Contractor will take steps to protect the document from unauthorized disclosure. Contractors will not provide copies of a document containing a full SSN to anyone other than the person whose SSN is listed on the document, except as allowed by State or Federal law. The Contractor may provide a copy of a document to a third party with the SSN redacted if the document is otherwise allowed to be released. No Contractor will publicly post or display a document containing a full SSN.
29.3 Any County Contractor that collects personal information must develop, implement and maintain reasonable safeguards to protect the security and confidentiality of the information. Employees of the Contractor with access to personal information must take reasonable steps to prevent a breach of the information. Reasonable steps include locking file cabinets, monitoring who has access to areas containing personal information, locking computer workstations if leaving the area, and maintaining physical control over files, computer workstations, thumb drives, cds or other media which contains personal information. Contractors must also ensure ...
Security of Information. Customer acknowledges that the Provider Information includes personally identifiable information (“PII”) and that it is Customer’s obligation to keep all such PII secure by taking all commercially reasonable means to ensure that access is limited only to those authorized individuals or organizations. Accordingly, Customer shall
(a) restrict access to the Provider Technologies and Provider Information to those law enforcement personnel who have a need to know or are otherwise expressly authorized as part of their official duties; (b) ensure that its employees
(i) obtain or use Provider Information solely and exclusively for lawful purposes and (ii) transmit or disclose any such Information only as permitted or required by Applicable Rules ; (c) use commercially reasonable efforts to monitor and prevent against unauthorized access to or use of the Provider Technologies and Provider Information (whether in electronic form or hard copy); (d) notify Provider immediately of any such unauthorized access or use of the Provider Technologies or Information that Customer discovers or otherwise becomes aware of; and (e) unless otherwise required by Applicable Rules, delete or otherwise purge all Provider Information stored electronically or on hard copy by Customer within ninety (90) days of initial receipt or, if a longer period is authorized or required by Applicable Rules, upon expiration of such longer period.
