Security of State Information The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 3 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes.
11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses.
11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.
Documents & Data; Licensing of Intellectual Property This Agreement creates a non-exclusive and perpetual license for City to copy, use, modify, reuse, or sublicense any and all copyrights, designs, and other intellectual property embodied in plans, specifications, studies, drawings, estimates, and other documents or works of authorship fixed in any tangible medium of expression, including but not limited to, physical drawings or data magnetically, electronically or otherwise recorded or stored, which are prepared or caused to be prepared by Consultant under this Agreement (“Documents & Data”). All Documents & Data shall be and remain the property of City, and shall not be used in whole or in substantial part by Consultant on other projects without the City's express written permission. Within thirty (30) days following the completion, suspension, abandonment or termination of this Agreement, Consultant shall provide to City reproducible copies of all Documents & Data, in a form and amount required by City. City reserves the right to select the method of document reproduction and to establish where the reproduction will be accomplished. The reproduction expense shall be borne by City at the actual cost of duplication. In the event of a dispute regarding the amount of compensation to which the Consultant is entitled under the termination provisions of this Agreement, Consultant shall provide all Documents & Data to City upon payment of the undisputed amount. Consultant shall have no right to retain or fail to provide to City any such documents pending resolution of the dispute. In addition, Consultant shall retain copies of all Documents & Data on file for a minimum of five (5) years following completion of the Project, and shall make copies available to City upon the payment of actual reasonable duplication costs. In addition, before destroying the Documents & Data following this retention period, Consultant shall make a reasonable effort to notify City and provide City with the opportunity to obtain the documents.
Selection of Subcontractors, Procurement of Materials and Leasing of Equipment The contractor shall not discriminate on the grounds of race, color, religion, sex, national origin, age or disability in the selection and retention of subcontractors, including procurement of materials and leases of equipment. The contractor shall take all necessary and reasonable steps to ensure nondiscrimination in the administration of this contract.
a. The contractor shall notify all potential subcontractors and suppliers and lessors of their EEO obligations under this contract.
b. The contractor will use good faith efforts to ensure subcontractor compliance with their EEO obligations.
Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.
Solicitations for Subcontracts, Including Procurements of Materials and Equipment In all solicitations either by competitive bidding or negotiation made by the Engineer for work to be performed under a subcontract, including procurements of materials or leases of equipment, each potential subcontractor or supplier shall be notified by the Engineer of the Engineer's obligations under this contract and the Regulations relative to nondiscrimination on the grounds of race, color, or national origin.
Security Technology When the service is accessed using a supported web browser, Secure Socket Layer (“SSL”), or equivalent technology shall be employed to protect data from unauthorized access. The service security measures shall include server authentication and data encryption. Provider shall host data pursuant to the DPA in an environment using a firewall that is periodically updated according to industry standards.
Solicitations for Subcontracts, Including Procurement of Materials and Equipment In all solicitations either by competitive bidding or negotiation made by the Local Government for work to be performed under a subcontract, including procurement of materials or leases of equipment, each potential subcontractor or supplier will be notified by the Local Government of the Local Government’s obligations under this Agreement and the Acts and Regulations relative to Nondiscrimination on the grounds of race, color, or national origin.
Inspection Testing Authorization and Right of Access 2.1 Equipment Testing and Inspection 2.2 Authorization Required Prior to Parallel Operation
Security of All Software Components Supplier will inventory all software components (including open source software) used in Deliverables, and provide such inventory to Accenture upon request. Supplier will assess whether any such components have any security defects or vulnerabilities that could lead to a Security Incident. Supplier will perform such assessment prior to providing Accenture with access to such software components and on an on-going basis thereafter during the term of the Agreement. Supplier will promptly notify Accenture of any identified security defect or vulnerability and remediate same in a timely manner. Supplier will promptly notify Accenture of its remediation plan. If remediation is not feasible in a timely manner, Supplier will replace the subject software component with a component that is not affected by a security defect or vulnerability and that does not reduce the overall functionality of the Deliverable(s).
