Security of Data a. Each of the parties shall: i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons; ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party. b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission. c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message. d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall: i. immediately investigate the cause, effect and extent of such breach; ii. report the results of the investigation to the other party; and iii. use all reasonable endeavours to rectify the cause of such breach. e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. (b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. (c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay. (d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
Security of Vendor Facilities All Vendor and Vendor Staff facilities in which Citizens Confidential Information is located or housed shall be maintained in a reasonably secure manner. Within such facilities, all printed materials containing Citizens Confidential Information should be kept locked in a secure office, file cabinet, or desk (except when materials are being used).
Security of Access Code You may use one (1) or more access codes with your electronic fund transfers. The access codes issued to you are for your security purposes. Any access codes issued to you are confidential and should not be disclosed to third parties or recorded on or with the card. You are responsible for safekeeping your access codes. You agree not to disclose or otherwise make your access codes available to anyone not authorized to sign on your accounts. If you authorize anyone to use your access codes, that authority shall continue until you specifically revoke such authority by notifying the Credit Union. You understand that any joint owner you authorize to use an access code may withdraw or transfer funds from any of your accounts. If you fail to maintain the security of these access codes and the Credit Union suffers a loss, we may terminate your EFT services immediately.
Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.
Security of State Information The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 3 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security of Information Unless otherwise specifically authorized by the DOH Chief Information Security Officer, Contractor receiving confidential information under this contract assures that: • Encryption is selected and applied using industry standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program against all information stored locally and off-site. Information must be encrypted both in-transit and at rest and applied in such a way that it renders data unusable to anyone but authorized personnel, and the confidential process, encryption key or other means to decipher the information is protected from unauthorized access. • It is compliant with the applicable provisions of the Washington State Office of the Chief Information Officer (OCIO) policy 141, Securing Information Technology Assets, available at: xxxxx://xxxx.xx.xxx/policy/securing-information-technology-assets. • It will provide DOH copies of its IT security policies, practices and procedures upon the request of the DOH Chief Information Security Officer. • DOH may at any time conduct an audit of the Contractor’s security practices and/or infrastructure to assure compliance with the security requirements of this contract. • It has implemented physical, electronic and administrative safeguards that are consistent with OCIO security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting access to specifically authorized individuals and services through the use of: o Documented access authorization and change control procedures; o Card key systems that restrict, monitor and log access; o Locked racks for the storage of servers that contain Confidential Information or use AES encryption (key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated by the National Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation Program (CMVP); o Documented patch management practices that assure all network systems are running critical security updates within 6 days of release when the exploit is in the wild, and within 30 days of release for all others; o Documented anti-virus strategies that assure all systems are running the most current anti-virus signatures within 1 day of release; o Complex passwords that are systematically enforced and password expiration not to exceed 120 days, dependent user authentication types as defined in OCIO security standards; o Strong multi-factor authentication mechanisms that assure the identity of individuals who access Confidential Information; o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for Confidential Information, until administrator reset; o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard algorithms validated by NIST CMVP; o Firewall rules and network address translation that isolate database servers from web servers and public networks; o Regular review of firewall rules and configurations to assure compliance with authorization and change control procedures; o Log management and intrusion detection/prevention systems; o A documented and tested incident response plan Any breach of this clause may result in termination of the contract and the demand for return of all personal information.
Creation, Perfection and Priority of Security Interests The representations and warranties regarding creation, perfection and priority of security interests in the Purchased Property, which are attached to this Agreement as Appendix B, are true and correct to the extent that they are applicable.
Perfection and Protection of Security Interest (a) The Borrower shall, at its expense, perform all steps requested by the Agent at any time to perfect, maintain, protect, and enforce the Agent’s Liens, including: (i) executing, delivering and/or recording of filing financing or continuation statements, and amendments thereof, in form and substance reasonably satisfactory to the Agent; (ii) delivering to the Agent the originals of all instruments, documents, and chattel paper, and all other Collateral of which the Agent determines it should have physical possession in order to perfect and protect the Agent’s security interest therein, duly pledged, endorsed or assigned to the Agent without restriction; (iii) placing notations on the Borrower’s books of account to disclose the Agent’s security interest; and (iv) taking such other steps as are deemed necessary or desirable by the Agent to maintain and protect the Agent’s Liens. To the extent permitted by applicable law, the Agent may file, without the Borrower’s signature, one or more financing statements disclosing the Agent’s Liens. The Borrower agrees that a carbon, photographic, photostatic, or other reproduction of this Agreement or of a financing statement is sufficient as a financing statement. (b) If any Collateral is at any time in the possession or control of any warehouseman, bailee or any of the Borrower’s agents or processors, then the Borrower shall notify the Agent thereof and shall, at the request of Agent, notify such Person of the Agent’s security interest in such Collateral and instruct such Person to hold all such Collateral for the Agent’s account subject to the Agent’s instructions. If at any time any Collateral is located in any operating facility of the Borrower not owned by the Borrower, then the Borrower shall, at the request of the Agent, obtain written landlord lien waivers or subordinations, in form and substance reasonably satisfactory to the Agent, of all present and future Liens to which the owner or lessor of such premises may be entitled to assert against the Collateral. (c) From time to time, the Borrower shall, upon the Agent’s request, execute and deliver confirmatory written instruments pledging to the Agent, for the ratable benefit of the Agent and the Lenders, the Collateral with respect to the Borrower, but the Borrower’s failure to do so shall not affect or limit any security interest or any other rights of the Agent or any Lender in and to the Collateral with respect to the Borrower. So long as this Agreement is in effect and until all Obligations have been fully satisfied, the Agent’s Liens shall continue in full force and effect in all Collateral (whether or not deemed eligible for the purpose of calculating the Availability or as the basis for any advance, loan, extension of credit, or other financial accommodation). (d) Except with respect to Collateral delivered to the Agent pursuant to this Section 6.2, the Borrower shall immediately following the execution or receipt of a Contract, stamp on the Contract the following words: “This document is subject to a security interest in favor of Bank of America, N.A., as agent”.
Perfection and Priority of Liens Receipt by the Administrative Agent of the following: (i) searches of Uniform Commercial Code filings and tax and judgment liens in the jurisdiction of formation of each Loan Party and each other jurisdiction reasonably required by the Administrative Agent, disclosing no Liens other than Permitted Liens; (ii) UCC financing statements for each appropriate jurisdiction as is necessary, in the Administrative Agent’s discretion, to perfect the Administrative Agent’s security interest in the Collateral; (iii) all certificates evidencing any certificated Equity Interests pledged to the Administrative Agent pursuant to the Security Agreement, together with duly executed in blank and undated stock powers attached thereto; (iv) searches of ownership of, and Liens on, United States registered intellectual property of each Loan Party in the appropriate governmental offices, disclosing no Liens other than (A) Permitted Liens and (B) Liens to be released on the Initial Borrowing Date; and (v) duly executed notices of grant of security interest in substantially the form required by the Security Agreement as are necessary, in the Administrative Agent’s sole discretion, to perfect the Administrative Agent’s security interest in the United States registered intellectual property of the Loan Parties; provided that, to the extent any Collateral is not or cannot be provided and/or perfected on the Initial Borrowing Date (other than the pledge and perfection of the security interests in the Equity Interests of the Parent’s material, wholly owned Domestic Subsidiaries (except with respect to certificated Equity Interests in the Target and its Subsidiaries, which shall be delivered with duly executed in blank and undated stock powers attached thereto not later than 2 Business Days after the Initial Borrowing Date) and assets with respect to which a lien may be perfected by the filing of a UCC financing statement) after the Loan Parties’ use of commercially reasonable efforts to do so, then the delivery of such Collateral and/or the perfection of a security interest in such Collateral shall not constitute a condition precedent to the availability of the Comdata Facilities on the Initial Borrowing Date but instead shall be delivered and/or perfected within thirty (30) days after the Initial Borrowing Date (or such longer period as the Administrative Agent agrees in its sole discretion).