Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
Accessibility of Information Technology Contractor represents and warrants that any software/ hardware/ communications system/ equipment (collectively “technology”), if any, provided under this Agreement adheres to the standards and/or specifications as may be set forth in the Section 508 of the Rehabilitation Act of 1973 standards guide and is fully compliant with WCAG 2.0 AA standards for accessibility and compliant with any applicable FCC regulations. Technology that will be used on a mobile device must also be navigable with Voiceover on iOS devices in addition to meeting WCAG 2.0 level AA. If portions of the technology or user experience are alleged to be non-compliant or non- accessible at any point, District will provide Contractor with notice of such allegation and Contractor shall use its best efforts to make the technology compliant and accessible. If a state or federal department, office or regulatory agency, or if any other third party administrative agency or organization (“Claimants”), make a claim, allegation, initiates legal or regulatory process, or if a court finds or otherwise determines that technology is non-compliant or non-accessible, Contractor shall indemnify, defend and hold harmless the District from and against any and all such claims, allegations, liabilities, damages, penalties, fees, costs (including but not limited to reasonable attorneys’ fees), arising out of or related to Xxxxxxxxx’ claims. Contractor shall also fully indemnify District for the full cost of any user accommodation that is found to be necessary due to an identifiable lack of accessibility in the Contractor’s technology. If necessary, an independent 3rd party accessibility firm using POUR standards (Perceivable, Operable, Understandable and Robust) may be used to validate the accessibility of the technology.
Use and Protection of Information Recipient agrees to protect such Information of the Discloser provided to Recipient from whatever source from distribution, disclosure or dissemination to anyone except employees of Recipient with a need to know such Information solely in conjunction with Recipient’s analysis of the Information and for no other purpose except as authorized herein or as otherwise authorized in writing by the Discloser. Recipient will not make any copies of the Information inspected by it.
Preservation of Information The Trustee shall preserve, in as current a form as is reasonably practicable, the names and addresses of Certificateholders contained in the most recent list furnished to the Trustee as provided in Section 7.14, and the names and addresses of Certificateholders received by the Trustee in its capacity as Registrar, if so acting. The Trustee may destroy any list furnished to it as provided in Section 7.14, upon receipt of a new list so furnished.
Records Maintenance and Access Grantee must maintain all financial records relating to this Grant in accordance with generally accepted accounting principles. In addition, Grantee must maintain any other records, whether in paper, electronic or other form, pertinent to this Grant in such a manner as to clearly document Grantee’s performance. All financial records and other records, whether in paper, electronic or other form, that are pertinent to this Grant, are collectively referred to as “Records.” Grantee acknowledges and agrees Agency and the Oregon Secretary of State's Office and the federal government and their duly authorized representatives will have access to all Records to perform examinations and audits and make excerpts and transcripts. Grantee must retain and keep accessible all Records for a minimum of six (6) years, or such longer period as may be required by applicable law, following termination of this Grant, or until the conclusion of any audit, controversy or litigation arising out of or related to this Grant, whichever date is later.
Records Maintenance; Access Contractor shall maintain all financial records relating to this Contract in accordance with generally accepted accounting principles. In addition, Contractor shall maintain any other records, books, documents, papers, plans, records of shipments and payments and writings of Contractor, whether in paper, electronic or other form, that are pertinent to this Contract (“Records”) in such a manner as to clearly document Contractor's performance. Contractor acknowledges and agrees that Agency and the Oregon Secretary of State's Office and the federal government and their duly authorized representatives will have access to such financial records and other Records that are pertinent to this Contract, whether in paper, electronic or other form, to perform examinations and audits and make excerpts and transcripts. Contractor shall retain and keep accessible all such financial records and other Records for a minimum of 6 years, or such longer period as may be required by applicable law, following final payment and termination of this Contract, or until the conclusion of any audit, controversy or litigation arising out of or related to this Contract, whichever date is later.
ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.
Supply of Information The Republic agrees to deliver or cause to be delivered to each Stock Exchange copies of such documents as may be reasonably required for the purpose of obtaining such listing.
ACKNOWLEDGEMENT AND PROTECTION OF INTELLECTUAL PROPERTY RIGHTS 1. Licensee acknowledges that all Intellectual Property Rights in the Licensed Material are the property of the Publisher or duly licensed to the Publisher and that this Licence Agreement does not assign or transfer to the Licensee any right, title or interest therein except for the right to access and use the Licensed Material in accordance with the terms and conditions of this Licence Agreement.
2. For the avoidance of doubt, the Publisher hereby acknowledges that any database rights created by the Licensee or the Institutions as a result of Local Hosting, text mining or data mining of the Licensed Material shall be the property of the Licensee, or the Institution.
Security of Vendor Facilities All Vendor and Vendor Staff facilities in which Citizens Confidential Information is located or housed shall be maintained in a reasonably secure manner. Within such facilities, all printed materials containing Citizens Confidential Information should be kept locked in a secure office, file cabinet, or desk (except when materials are being used).
