SECURITY RISK ANALYSIS AND ASSESSMENT Sample Clauses

SECURITY RISK ANALYSIS AND ASSESSMENT. This section is about your electronic systems. If you DO NOT store Texas HHS Confidential Information in electronic systems (e.g., laptop, personal computer, mobile device, database, server, etc.), select the "No Electronic Systems" box and respond "Yes" for all questions in this section.
Sample 1Sample 2Sample 3See All (10)
AutoNDA by SimpleDocs
SECURITY RISK ANALYSIS AND ASSESSMENT. This section is about your electronic systems. If you DO NOT store HHS Confidential Information in electronic systems (e.g., laptop, personal computer, mobile device, database, server, etc.), select the "No Electronic Systems" box and respond "yes" for all questions in this section. Item #1. Answer "yes" if your business does not "offshore" or use, disclose, create, receive, transmit or maintain HHS Confidential Information outside of the United States. If you are not certain, contact your provider of technology services (application, cloud, data center, network, etc.) and request confirmation that they do not off‐shore their data. Item #2. Answer "yes" if your business uses a person or company who is knowledgeable in IT security to maintain or oversee the configurations of your business's computing systems and devices. You may be that person, or you may hire someone who can provide that service for you. Item #3. Answer "yes" if your business monitors and manages access to HHS Confidential Information (i.e., reviews systems to ensure that access is limited to Authorized Users; has formal processes for granting, validating, and reviews the need for remote access to Authorized Users to HHS Confidential Information, etc.). If you are the only employee, answer "yes" if you have implemented a process to periodically evaluate the need for accessing HHS Confidential Information to fulfill your Authorized Purposes. Item #4. Answer "yes" if your business has implemented a system for changing the password a system initially assigns to the user (also known as the default password), and requires users to change their passwords at least every 90 days, and prohibits the creation of weak passwords for all computer systems that access or store HHS Confidential Information (e.g., a strong password has a minimum of 8 characters with a combination of uppercase, lowercase, special characters, and numbers, where possible). If your business uses a Microsoft Windows system, refer to the Microsoft website on how to do this, see example: xxxx://xxxxxxx.xxxxxxxxx.xxx/en‐us/windows/change‐password‐policy‐ settings#1TC=windows‐7 Item #5. Answer "yes" if your business assigns a unique user name and private password to each of your employees, your subcontractors, your volunteers, your trainees and any other persons under your direct control who will use, disclose, create, receive, transmit or maintain HHS Confidential Information. Item #6. Answer "yes" if your business locks the access...
Sample 1

Related to SECURITY RISK ANALYSIS AND ASSESSMENT

  • Periodic Risk Assessment Provider further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.

  • Disturbance Analysis Data Exchange The Parties will cooperate with one another and the NYISO in the analysis of disturbances to either the Large Generating Facility or the New York State Transmission System by gathering and providing access to any information relating to any disturbance, including information from disturbance recording equipment, protective relay targets, breaker operations and sequence of events records, and any disturbance information required by Good Utility Practice.

Time is Money Join Law Insider Premium to draft better contracts faster.