Written Information Security Program. At all times during the term of the Agreement, Vendor will implement and maintain a written information security program (“WISP”), which must include appropriate administrative, technical, physical, and operational safeguards to maintain the security, privacy, availability, integrity, and confidentiality of University Data in use, in motion, and at rest. Vendor will implement and maintain a formalized risk governance plan, policy, and a continuous risk assessment process demonstrating Vendor’s ability to identify, quantify, prioritize, and mitigate risks. If requested by University, Vendor will (and/or cause subcontractors to) certify its compliance with the requirements of this ISPA and provide written responses to any reasonable questions submitted to Vendor by University. Vendor agrees to conduct and provide to University a Data Protection Impact Assessment (“DPIA”) or an independent audit report, if reasonably requested by University. Vendor agrees to implement and maintain administrative, technical, physical, and operational safeguards in accordance with industry best practices at a level sufficient to secure University Data. Vendor agrees to maintain the following enterprise controls for any Networks or Systems that host, Process, or provide access to University Data: Asset and Information Management. Vendor will maintain and enforce policies and controls that include, without limitation, asset inventory/management, encryption (in transit and at rest), storage of data on portable hardware, and third party access to and use of University Data.
Written Information Security Program a. At all times during the term of the Agreement, Vendor will implement and maintain a written information security program (“WISP”), which must include appropriate administrative, technical, physical, and operational safeguards to maintain the security, privacy, availability, integrity, and confidentiality of University Data in use, in motion, and at rest.
b. Vendor will implement and maintain a formalized risk governance plan, policy, and a continuous risk assessment process demonstrating Vendor’s ability to identify, quantify, prioritize, and mitigate risks. If requested by University, Vendor will (and/or cause subcontractors to) certify its compliance with the requirements of this ISPA and provide written responses to any reasonable questions submitted to Vendor by University. Vendor agrees to conduct and provide to University a Data Protection Impact Assessment (“DPIA”) or an independent audit report, if reasonably requested by University.
Written Information Security Program. The Contractor shall ensure that it maintains a written information security Program (WISP) incompliance with the terms of this Agreement and the requirements set forth in, M.G.L. c. 93H, to the extent that the PI subject to this Agreement meets the definition of “Personal Information”, as such term is defined by such statute.
Written Information Security Program. The Agent acknowledges and agrees that Agent and Agent Personnel are bound by the Agency’s Written Information Security Program adopted as per the terms of the Agency Agreement and agrees to comply with the terms of such program.
Written Information Security Program. Agency shall maintain a written program of administrative, technical and physical safeguards to protect against Security Incidents that involve Confidential Information in the custody or control of the Agency or Agency Personnel. Appropriate safeguards shall include, but are not limited to, policies and procedures that are designed to: 1) protect the security of Confidential Information; 2) protect against any
Written Information Security Program. The Contractor shall ensure that it maintains a written information security Program (WISP) in compliance with the terms of this Agreement, including, but not limited to, M.G.L. c. 93H.
Written Information Security Program. For detailed information, please contact Xxxx Xxx Xxxx at xxxxxxxx@xxxxxx.xxx.
Written Information Security Program. Unizin shall maintain a written information security program to govern the protection of all Personal Information that Unizin receives, interacts with, stores, views, processes, accesses, uses, creates, maintains, transmits, disposes of, or otherwise handles on behalf of University, pursuant to which it shall apply industry standard best practices and the requirements of each applicable law to all covered Personal Information.”
10. Section 6.4(A) of the Renewal MSA is hereby deleted in its entirety and amended to state as follows:
(A) Data Use and Disclosure. All relevant vendors, service providers and other entities (“Unizin’s Third Party Service Providers”) to which Unizin provides Personal Information shall be required to enter into written agreements with Unizin that require Unizin’s Third Party Service Providers to protect such Personal Information as required by law and in a manner substantially similar to that described in Unizin’s written information security program. Unizin may use, disclose, or redisclose de-identified data only as permitted by applicable law. Unizin acknowledges that, for purposes of this Agreement only, University has designated Unizin as a “School Official,” as that term is used FERPA, with a “legitimate educational interest” in any University data or Personal Information that is protected by FERPA and, therefore, Unizin agrees that, with respect to all University data that is protected by FERPA that Unizin accesses, receives, stores, and/or controls, Unizin will comply with all obligations that FERPA imposes on a School Official. Unizin warrants that, except as required by law, Unizin will not use or re-disclose Personal Information derived from Educational Records subject to FERPA for any purpose other than the purposes for which that data was obtained. All Education Records received by Unizin from an Entity subject to FERPA will be used and maintained under the direct control of that Entity. The term “Education Records” shall have the meaning of such term as set forth in the Family Education Rights and Privacy Act of 1974, as amended, 20 U.S.C. §1232g (2016); 37 C.F.R. Part 99 (2016).”
Written Information Security Program. Unizin will maintain a written information security program to govern the protection of all Personal Information the University maintains, pursuant to which it applies industry standard best practices and the requirements of each applicable law to all covered Personal Information.
Written Information Security Program. Each party shall maintain, in writing, reasonable security procedures and practices (“Written Information Security Program” or “WISP”) that are necessary to protect Personal Information within its control from unauthorized access, destruction, use, modification, or disclosure.
