We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

System Security Plan Sample Clauses

System Security PlanThe Contractor shall complete the State’s System Security Plan template within ninety (90) days after execution of the Contract. After approval by the Department, the Plan shall be updated annually and resubmitted to the Department for review. (Link to DHHS template: xxxxx://xxxxx.xx.xxx/ncdit/documents/files/NC%20DIT%20SSP%20Template.201 80112.docx)
System Security Plan. C.8.10.5.1 The contractor shall, upon request, provide to the Government, a system security plan (or extract thereof) and any associated plans of action developed to satisfy the adequate security requirements of DFARS 252.204-7012, and IAW NIST Special Publication (SP) 800- 171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations in effect at the time the solicitation is issued or as authorized by the contracting officer, to describe the contractors unclassified information system(s)/network(s) where covered defense information associated with the execution and performance of this contract is processed, is stored, or transmits. The contractor shall report IAW CDRL A010. C.8.10.5.2 The contractor shall, upon request, provide the Government with access to the system security plan(s) (or extracts thereof) and any associated plans of action for each of the contractors tier one level subcontractor(s), vendor(s), and/or supplier(s), and the subcontractors tier one level subcontractor(s), vendor(s), and/or supplier(s), who process, store, or transmit covered defense information associated with the execution and performance of this contract. The contractor shall report IAW CDRL A010.
System Security Plan. The Contractor must develop and implement a security plan that provides an overview of the security requirements for the information system. If a security plan does not exist, the Contractor must provide a description of the security controls planned for meeting those requirements. The security plan must be reviewed periodically and revised to address system/organizational changes or problems.
System Security PlanThe Contractor shall develop a Technical Report – Study/Services, POAM and Systems Security Plan (SSP) (CDRL A007) that implements the security requirements of DFARS 252.204-7012. In accordance with DFARS 252.204-7012, the SSP shall implement, at a minimum, all security requirements in NIST 800-171 (Rev. 1) standards 3.1 to 3.14; or ensure that any unimplemented security requirements have been adjudicated by an authorized representative of the DoD CIO to be non-applicable or to have an alternative, but equally effective, security measure in its place. The SSP shall provide proof of such adjudication by DoD CIO. Further, the SSP shall contain a description of the system boundary, the operational environment, how the specific security requirements are currently implemented, and the relationships with or connections to other systems. The POAM shall detail how and when the Contractor will meet all security requirements of SP 800-171 that are not fully implemented except for the requirements noted in the specific bullets below, which must be fully implemented in the SSP. The Contractor shall permit the Government to validate information in the SSP every three years, on an ad hoc basis with no notice to the Contractor, other than to coordinate any necessary security requests, but not more than five business days, or upon replacement or rotation of the Government program manager. The SSP shall:  Fully implement Multi-factor authentication, including authentication and authorization of users in a manner that is auditable  Implement FIPS 140-2 validation encryption at a minimum of Level 1  Employ the principle of least privilege or “need to know”  Require the Contractor to review, in a manner that can be audited, user privileges at least annually  Require monitoring and controlling remote access sessions and includes mechanisms to audit the session and methods
System Security Plan. Servicer shall work with the Department to complete a System Security Plan that is at least in material compliance with the Statewide Information Security Plan: xxxxx://xxx.xxxxxx.xxx/das/OSCIO/Documents/StatewideInformationSecurityPlan.pdf dated August 1, 2018, which may be amended from time to time. A template of a System Security Plan is attached as Appendix D, which shall be used in the development process. The final System Security Plan shall be developed and finalized by Servicer, and approved by the Department, within the first 6-12 months post Agreement execution.

Related to System Security Plan

  • Security Plan The Business Continuity Plan and the Disaster Recovery Plan may be combined into one document. Additionally, at the beginning of each State Fiscal Year, if the MCO modifies the following documents, it must submit the revised documents and corresponding checklists for HHSC’s review and approval:

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Service Plan 2.1 The Customer shall use the following applicable Service Plan and services during the Term: a) the Service Plan specified in the Sales and Services Agreement or a service plan with monthly fee above the Service Plan amount specified in the Sales and Agreement (not applicable to SIM Only service plan & SuperCare Unbundled Smartphone Plan); and any of the services (“Selected Services”) specified in the Company’s web site “Terms and Conditions” relating to this offer and the aggregate monthly fee (after deduction of any rebate) of such Selected Services is equal to or above the amount specified in the Sales and Services Agreement (if applicable); or b) A Service Plan within the “iPhone SuperCare Smartphone Plans” (applicable to upgrade to a higher monthly fee during the Term) as specified in the Company’s web site “Terms and Conditions” relating to this plan group. 2.2 Service Plan with specified data usage 2.2.1 Whenever the local data usage of the Customer under the relevant Service Plan nearly reaches the specified local data usage (“Specified Data Usage”) the Company will notify the Customer by SMS. The Customer may by return SMS purchase a top-up at the charge as specified in the SMS received (“Top Up”). If the Customer does not wish to purchase the Top Up, local data service under the relevant Service Plan will be automatically suspended when the data usage has reached the Specified Data Usage. The Customer may purchase the Top Up at that time or wait until the beginning of the next bill month for the new Specified Data Usage allowance under the relevant Service Plan. Any unused top-up local mobile data can be carried forward for free and can be used before the end of the next bill month. This is only applicable to designated service plans (1GB or above) with an “Advise & Consent” mechanism for the purchase of top-up data. 2.2.2 Where the Customer has registered more than one Service Plan in an Account, the Company will notify Customer's primary service number (i.e. the first registered service number) by SMS whenever a Top Up is confirmed. 2.3 Applicable to Customer who stacks a new iPhone Contract: 2.3.1 Under Term (i.e. outstanding months under unexpired Previous Contract Term + iPhone Contract Term), the monthly fee and entitlement of new iPhone Contract takes effect immediately and will apply until the expiration of the new iPhone Contract. 2.3.2 If Customer has an existing contract of FUP Unlimited Data Plan stacks a new iPhone Contract, Customer is required to sign a new contract for FUP Unlimited Data Plan. The monthly fee of new FUP Unlimited Data Plan specified in the Sales and Services Agreement takes effect simultaneously when the new iPhone Contract commences and will apply until the expiration of the Term. 2.3.3 (If applicable) If the Customer has a Multi-SIM Plan under an unexpired Previous Contract Term stacks a new iPhone Contract, the monthly fee and service entitlement under the unexpired Previous Contract Term will be superseded and replaced by the monthly fee and service entitlement of the prevailing Multi-SIM Plan at the time of the stacking of the new iPhone Contract (“New Multi-SIM Plan”). The New Multi-SIM Plan shall take effect simultaneously when the new iPhone Contract commences and will apply until the expiration of the Previous Contract Term of the Multi-SIM Plan. 2.4 This Service Plan is charged on a monthly basis. The monthly charges for the first month will be charged on a pro-rata basis from the service effective date to the first bill date. The monthly charges are payable in advance and non-refundable under whatever circumstances. 2.5 This Service Plan is not applicable to 2G phones / connected devices or any phones / connected devices which have manually opted for 2G network. However, if customers opt for FUP unlimited data, in addition to the above conditions, the plan will also not applicable to other connected devices (including but not limited to USB modem / pocket wi-fi / TV box). 2.6 Offer detail Credit offer Credit Amount Wi-Fi Service Plan* full credit back during the Term WiFi Service monthly fee $60 *Customer is required to register for WiFi service 2.7 If the Customer does not notify the Company of termination of the WiFi services specified above prior to the expiry of the Term, the Company shall automatically charge the Customer for the free services specified above at the prevailing monthly fee after the expiry of the Term. 2.8 The Customer shall use Credit Card auto pay to settle monthly fee during the Term. If the Customer does not settle his monthly payment by credit card autopay or uses a 3rd party credit card for payment, a prepayment is required (if applicable).

  • Emergency Mode Operation Plan Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic County PHI or PI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this Agreement for more than twenty-four (24) hours.

  • System Security Review All systems processing and/or storing County PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Safety Plan Developer’s safety plan specifically adapted for the Project. Developer's Safety Plan shall comply with all provisions regarding Project safety, including all applicable provisions in these Construction Provisions.

  • Business Continuity Plan The Warrant Agent shall maintain plans for business continuity, disaster recovery, and backup capabilities and facilities designed to ensure the Warrant Agent’s continued performance of its obligations under this Agreement, including, without limitation, loss of production, loss of systems, loss of equipment, failure of carriers and the failure of the Warrant Agent’s or its supplier’s equipment, computer systems or business systems (“Business Continuity Plan”). Such Business Continuity Plan shall include, but shall not be limited to, testing, accountability and corrective actions designed to be promptly implemented, if necessary. In addition, in the event that the Warrant Agent has knowledge of an incident affecting the integrity or availability of such Business Continuity Plan, then the Warrant Agent shall, as promptly as practicable, but no later than twenty-four (24) hours (or sooner to the extent required by applicable law or regulation) after the Warrant Agent becomes aware of such incident, notify the Company in writing of such incident and provide the Company with updates, as deemed appropriate by the Warrant Agent under the circumstances, with respect to the status of all related remediation efforts in connection with such incident. The Warrant Agent represents that, as of the date of this Agreement, such Business Continuity Plan is active and functioning normally in all material respects.

  • Management Plan The Management Plan is the description and definition of the phasing, sequencing and timing of the major Individual Project activities for design, construction procurement, construction and occupancy as described in the IPPA.