Security Standards. The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.
Security Standards. To the extent Contractor has access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre- employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security Standards. To the extent Contractor has access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication;
Security Standards. To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include, but not be limited to, encryption at rest and multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
Security Standards. 9.2.1. It is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s:
a) Information Security Policy
b) Records Management Policy
c) Data Protection Policy
9.2.2. Each partner will implement and maintain appropriate technical and organisational measures to: • Prevent:
i. unauthorised or unlawful processing of the Personal Data; and
ii. the accidental loss or destruction of, or damage to, the Shared Personal Data; and • ensure a level of security appropriate to:
i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
ii. the nature of the Shared Personal Data to be protected.
9.2.3. Any further specific security measures sought by one party shall be notified to the other party from time to time, which shall implement them where reasonably practicable. The parties shall keep such security measures under review and shall carry out updates as they agree are appropriate throughout the Term.
9.2.4. It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable data protection laws and guidance, and have entered into confidentiality agreements relating to the processing of personal data.
9.2.5. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate data protection training to be competent to comply with the terms of this agreement.
Security Standards. 4.1. We are currently ISO27001 certified, and we undertake to maintain this certification for the Licence Term. ISO27001 certification demands best in class controls across:
4.1.1. Information security policies
4.1.2. Organisation of information security
4.1.3. Human resource security
4.1.4. Asset management
4.1.5. Access control
4.1.6. Cryptography
4.1.7. Physical and environmental security
4.1.8. Operations security
4.1.9. Communications security
4.1.10. System acquisition, development and maintenance
4.1.11. Supplier relationships
4.1.12. Information security incident management
4.1.13. Information security aspects of business continuity management
4.1.14. Compliance; with internal requirements, such as policies, and with external requirements, such as laws
4.2. Nothing in clause 4 to this Schedule 6 (or otherwise) shall prevent Us from replacing the ISO27001 certification with a certification of equivalent or enhanced standing.
Security Standards. 3.1.1 TCP shall implement reasonable security procedures consistent with industry standards to protect Client Data from unauthorized access, including without limitation (i) industry-standard encryption of data at rest within TCP’s data centers; (ii) web application firewalls; (iii) virus detection and anti-virus software; (iv) authentication techniques, such as user names and passwords, or authorization formats, which limit access to particular TCP personnel; and (v) additional security controls consistent with SOC 2 Type II reporting standards.
3.1.2 The Parties shall implement administrative, technical and physical security procedures consistent with industry standards and applicable data protection laws to protect Client Data from unauthorized access, including by adopting access policies that prevent the internal sharing or inadvertent communication of login credentials.
3.1.3 Client is responsible for reviewing the information made available by TCP relating to data security and making an independent determination as to whether the TCP Services meet Client’s requirements and obligations under applicable data protection laws. Client acknowledges that data security measures taken by TCP are subject to technical progress and development and TCP may update or modify such security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the TCP Services.
Security Standards. “Security Standards” shall mean the Security Standards at 45 CFR parts 160, 162 and 164, as amended by the HITECH Act and HIPAA Regulations and Guidance.
Security Standards a. Partner shall implement and maintain commercially reasonable and appropriate physical, technical and organizational security measures to protect Personal Data against accidental or unlawful destruction; accidental loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed; all other unlawful forms of Processing; including (as appropriate): (i) the pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
b. To the extent that Partner Processes Special Categories of Data, the security measures referred to in this Data Protection Addendum shall also include, at a minimum (i) routine risk assessments of Partner’s information security program, (ii) regular testing and monitoring to measure and confirm the effectiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while “at rest” and during transmission (whether sent by e-mail, fax, or otherwise), and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone).
Security Standards. 0.0.0. Xx is expected that partners of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security. Partners are at liberty to request copies of each other’s: • Information Security Policy • Records Management Policy • Data Protection Policy
7.2.2. Each partner will implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss or destruction of, or damage.
7.2.3. Each partner will ensure that employees or agents who have access to personal data have undergone appropriate Data Protection training to be competent to comply with the terms of this agreement.
