Information Security and Resilience Sample Clauses

Information Security and Resilience. The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇▇▇/uk/ or ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: - ISO27001 - ISO31000 Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the Funder’s Information Asset Owner, where necessary in consultation with the Funder’s Chief Information Security Officer (CISO).
View Source

Related to Information Security and Resilience

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • INFORMATION SECURITY SCHEDULE All capitalized terms not defined in this Information Security Schedule (this “Security Schedule”) shall have the meanings ascribed to them in the Transfer Agency and Service Agreement by and between DST and each of the funds listed on Exhibit A thereto (each such fund, or series thereof, severally, and not jointly, the “Fund”) dated March 1, 2022 (the “Agreement”). DST and Fund hereby agree that DST shall maintain and comply with an information security policy (“Security Policy”) that satisfies the requirements set forth below; provided, that, because information security is a highly dynamic space (where laws, regulations and threats are constantly changing), DST reserves the right to make changes to its information security controls at any time and at the sole discretion of DST in a manner that it believes does not materially reduce the protection it applies to Fund Data. From time to time, DST may subcontract services performed under the Agreement (to the extent provided for under the Agreement) or provide access to Fund Data or its network to a subcontractor or other third party; provided, that, such subcontractor or third party implements and maintains security measures DST believes are at least as stringent as those described in this Security Schedule. For the purposes of this Schedule “prevailing industry practices and standards” refers to standards among financial institutions, including mutual funds, and third parties providing financial services to financial institutions.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Security and Confidentiality Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.

  • UNION SECURITY AND CHECKOFF 5:01 It shall be a condition of continued employment for all employees including probationary employees, as defined in Article 2, to become members and maintain membership in good standing in the Union. 5:02 The Corporation agrees to deduct from the earnings of all employees, including probationary employees, covered by this Agreement, an amount each month as dues and upon completion of the probationary period an amount for the initiation fee. The amount of such dues and initiation fees shall be advised in writing by the I.B.E.W., Local 2351 and changes to such amounts shall be advised not less than four (4) weeks prior to the effective date. Dues collected shall be remitted within ten (10) days after each pay period, to the designated official of the Union along with a statement of the names, in alphabetical order, and amounts deducted from each employee. The statement will also include the names of employees whose wages are insufficient to permit such deduction and the Corporation will only be obligated to make such deduction from the immediate subsequent pay period. Employees on recall status must be members in good standing of the Union in order to be recalled. 5:03 The Union agrees that neither it nor any of its officers or members will engage in Union activities on Corporation time, or Corporation work area, except as provided in this Agreement. 5:04 The Union shall indemnify and save the Corporation harmless against any and all claims, demands, suits or other forms of liability that shall arise from or by reason of action taken or not taken by the Corporation for the purpose of complying with this Article. 5:05 The Corporation will submit monthly to the Union a list of the dates of new hires, terminations and transfers to and from the Bargaining Unit for the previous month. 5:06 The Union agrees to furnish the Corporation with the names of all personnel including officers, representatives, stewards and committee people who are authorized to represent the Union in its relations with the Corporation. 5:07 The Corporation agrees to supply all employees with a copy of the Collective Agreement and will endeavour to do so within one (1) month after receipt from the printer. 5:08 The Corporation shall provide bulletin boards in designated areas for the posting of Union notices dealing with meetings, election of officers, appointments and committees, social affairs and other non-controversial matters dealing with the affairs of the Union. No bulletin shall be posted until approved by the Human Resources Division or the designated Corporate representative.