Security Policies and Documentation Sample Clauses

Security Policies and Documentation. Seller shall implement and document security policies and standards in accordance with industry best practices (e.g., aligned with the intent of NERC CIP-003-6 R1) and consistent with Company’s security policies and standards. Seller shall submit documentation describing the approach, methodology, and design to provide physical and cyber security (i.e., aligned with the intent of NERC CIP-003-6 R2) with its submittal of the design drawings pursuant to Section 1(c) (Design Drawings, Bill of Materials, Relay Settings and Fuse Selection) of Attachment B (Facility Owned by Seller) which shall be at least sixty (60) Days prior to the Acceptance Test. The design shall meet industry standards and best practices, consistent with the National Institute of Standards and Technology ("NIST") guidelines as indicated in Special Publication 800-53 Rev. 4 "Security and Privacy Controls for Federal Information Systems and Organizations" and Special Publication 800-82 Rev. 2 "Guide to Industrial Control Systems (ICS) Security". The system shall be designed with the criteria to meet applicable compliance requirements and identify areas that are not consistent with NIST guidelines and recommendations. The cybersecurity documentation shall include a block diagram of the control system with all external connections clearly described. Seller shall provide such additional information as Company may reasonably request as part of a security posture assessment. Company shall be notified in advance when there is any condition that would compromise physical or cyber security. Seller shall, at the request of Company or, in the absence of any request from Company, at least annually, provide Company with updated documentation and diagrams including a record of changes.
Sample 1
AutoNDA by SimpleDocs

Related to Security Policies and Documentation

  • SECURITY POLICIES AND NOTIFICATIONS State Security Policies and Procedures The Contractor and its personnel shall review and be familiar with all State security policies, procedures and directives currently existing or implemented during the term of the Contract, including ITS Policy NYS-P03-002 Information Security Policy (or successor policy). Security Incidents Contractor shall address any Security Incidents in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy (or successor policy), including the New York State Cyber Incident Reporting Procedures incorporated therein or in such successor policy.

  • Security Policies IBM maintains privacy and security policies that are communicated to IBM employees. IBM requires privacy and security training to personnel who support IBM data centers. We have an information security team. IBM security policies and standards are reviewed and re-evaluated annually. IBM security incidents are handled in accordance with a comprehensive incident response procedure.

  • Security Policy As part of PCI DSS, the Card Organizations require that you have a security policy that covers the security of credit card information.

  • Personnel Requirements and Documentation Grantee will;

  • Technical Documentation Prior to commencement of the Tests on Completion, the Contractor shall supply to the Engineer the technical documentation as specified in the Employer’s Requirements. The Works or Section shall not be considered to be completed for the purposes of taking- over under sub-clause 10.1 [Taking Over of the Works and Sections] until the Engineer has received the technical documentation as defined in this sub-clause 5.7, the "history file" including design calculations and certain certification as well as any other documents required to meet the CE Marking requirements.

  • Records and Documentation The Sub-Recipient agrees to make available to AAAPP staff and/or any party designated by the AAAPP any and all contract related records and documentation. The Sub-Recipient shall ensure the collection and maintenance of all program related information and documentation on any such system designated by the AAAPP. Maintenance includes valid exports and backups of all data and systems according to AAAPP standards.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Security Policy for Contractors 1. The Department for Work and Pensions treats its information as a valuable asset and considers that it is essential that information must be protected, together with the systems, equipment and processes which support its use. These information assets may include data, text, drawings, diagrams, images or sounds in electronic, magnetic, optical or tangible media, together with any Personal Data for which the Department for Work and Pensions is the Data Controller.

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

  • Software and Documentation Licensee may make as many copies of the Software necessary for it to use the Software as licensed. Each copy of the Software made by Licensee must contain the same copyright and other notices that appear on the original copy. Licensee will not modify the Documentation. Documentation may: (a) only be used to support Licensee’s use of the Software; (b) not be republished or redistributed to any unauthorized third party; and (c) not be distributed or used to conduct training for which Licensee, or any other party, receives a fee. Licensee will not copy any system schema reference document related to the Software.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!