Written Information Security Policy. Contractor shall establish and maintain a formal, documented, mandated, company-wide information security program, including security policies, standards, and procedures (collectively “Information Security Policy”), and communicate the Information Security Policy to all of its respective employees and contractors in a relevant, accessible, and understandable form. Contractor shall regularly review and evaluate the Information Security Policy to ensure its operational effectiveness, compliance with all applicable laws and regulations, and to address new threats and risks. Upon execution of this Agreement and thereafter within three (3) business days of City’s request, Contractor shall make available for City’s review Contractor’s Information Security Policy and any related SOC audits, information security certifications, or other evidence that Contractor has in place appropriate policies and procedures regarding information protection and security.
Appears in 5 contracts
Samples: Professional Services Agreement, Agreement, Professional Services Agreement