Applicable Security Control Framework Compliance Sample Clauses

The 'Applicable Security Control Framework Compliance' clause requires parties to adhere to specific security standards or frameworks relevant to their operations or the services provided. In practice, this means that an organization must implement and maintain security controls that align with recognized frameworks such as ISO 27001, NIST, or similar, and may be required to demonstrate compliance through audits or certifications. This clause ensures that both parties maintain a consistent and adequate level of information security, reducing the risk of data breaches and ensuring regulatory or contractual obligations are met.
Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. These controls must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data to a need to know basis and provide clear separation of duties. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
View SourceView Similar (13)
Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. The respondent must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data, on a need to know basis, provide clear separation of duties, and adheres to least privilege principles. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and DocuSign Envelope ID: EFF9FDB8-6B01-4D41-8B0D-67E05D712EF5 responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
View Source

Related to Applicable Security Control Framework Compliance

  • Regulation M Compliance The Company has not, and to its knowledge no one acting on its behalf has, (i) taken, directly or indirectly, any action designed to cause or to result in the stabilization or manipulation of the price of any security of the Company to facilitate the sale or resale of any of the Securities, (ii) sold, bid for, purchased, or, paid any compensation for soliciting purchases of, any of the Securities, or (iii) paid or agreed to pay to any Person any compensation for soliciting another to purchase any other securities of the Company, other than, in the case of clauses (ii) and (iii), compensation paid to the Company’s placement agent in connection with the placement of the Securities.

  • Compliance Control Services (1) Support reporting to regulatory bodies and support financial statement preparation by making the Fund's accounting records available to the Trust, the Securities and Exchange Commission (the “SEC”), and the independent accountants. (2) Maintain accounting records according to the 1940 Act and regulations provided thereunder. (3) Perform its duties hereunder in compliance with all applicable laws and regulations and provide any sub-certifications reasonably requested by the Trust in connection with any certification required of the Trust pursuant to the ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Act of 2002 (the “SOX Act”) or any rules or regulations promulgated by the SEC thereunder, provided the same shall not be deemed to change USBFS’s standard of care as set forth herein. (4) Cooperate with the Trust’s independent accountants and take all reasonable action in the performance of its obligations under this Agreement to ensure that the necessary information is made available to such accountants for the expression of their opinion on the Fund’s financial statements without any qualification as to the scope of their examination.

  • AML Compliance The Dealer Manager represents to the Company that it has established and implemented anti-money laundering compliance programs in accordance with applicable law, including applicable FINRA Conduct Rules, Exchange Act Regulations and the USA PATRIOT Act, specifically including, but not limited to, Section 352 of the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 (the “Money Laundering Abatement Act,” and together with the USA PATRIOT Act, the “AML Rules”) reasonably expected to detect and cause the reporting of suspicious transactions in connection with the offering and sale of the Offered Shares. The Dealer Manager further represents that it is currently in compliance with all AML Rules, specifically including, but not limited to, the Customer Identification Program requirements under Section 326 of the Money Laundering Abatement Act, and the Dealer Manager hereby covenants to remain in compliance with such requirements and shall, upon request by the Company, provide a certification to the Company that, as of the date of such certification (a) its AML Program is consistent with the AML Rules and (b) it is currently in compliance with all AML Rules, specifically including, but not limited to, the Customer Identification Program requirements under Section 326 of the Money Laundering Abatement Act.

  • Additional Compliance If any Proposed Key Holder Transfer is not consummated within forty-five (45) days after receipt of the Proposed Transfer Notice by the Company, the Key Holders proposing the Proposed Key Holder Transfer may not sell any Transfer Stock unless they first comply in full with each provision of this Section 2. The exercise or election not to exercise any right by any Investor hereunder shall not adversely affect its right to participate in any other sales of Transfer Stock subject to this Section 2.2.

  • HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.