Standard: Security Controls Clause Samples
The 'Standard: Security Controls' clause establishes the minimum security measures that must be implemented to protect sensitive data and systems. It typically outlines specific requirements such as access controls, encryption standards, regular security assessments, and incident response protocols that parties must follow. By clearly defining these expectations, the clause helps ensure that all parties maintain a consistent level of security, thereby reducing the risk of data breaches and ensuring compliance with relevant regulations.
Standard: Security Controls. The Non-Exchange Entity is required to establish and implement operational, technical, administrative, and physical safeguards that are consistent with any applicable laws and ensure that:
i. PII is only used by or disclosed to those authorized to receive or view it;
ii. PII is protected against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of such information;
iii. PII is protected against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law; and
iv. PII is securely destroyed or disposed of in an appropriate and reasonable manner and in accordance with retention schedules.
Standard: Security Controls. The FFE shall adopt and implement the Security Control standards cited in the MARS-E document suite for protecting the confidentiality, integrity, and availability of PII.
i. Implementation Specifications:
1. Implementation specifications for each Security Control are provided in the MARS-E document suite.