Information Security Audits Clause Samples

POPULAR SAMPLE Copied 1 times
Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied.
View SourceView Similar (19)
Information Security Audits. Contractor must contract with an independent third-party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program.  If services include collecting electronic payments on behalf of the City (including credit card payments), the Office of the Treasurer and Tax Collector requires the following language. Any deviation from the above requirements shall be approved in writing by the City and County of San Francisco Office of the Treasurer and Tax Collector. If the services do not include collecting electronic payments on behalf of the City then delete the body text and replace with “Reserved. (Payment Card Industry (“PCI”) Requirements.)” Payment Card Industry (“PCI”) Requirements. Contractors providing services and products that handle, transmit or store cardholder data, are subject to the following requirements: Applications shall be compliant with the Payment Application Data Security Standard (PA-DSS) and validated by a Payment Application Qualified Security Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must then be listed on the PCI Councils list of PA-DSS approved and validated payment applications. Gateway providers shall have appropriate Payment Card Industry Data Security Standards (PCI DSS) certification as service providers (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇.▇▇▇▇▇). Compliance with the PCI DSS shall be achieved through a third-party audit process. The Contractor shall comply with Visa Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP) programs. For any Contractor that processes PIN Debit Cards, payment card devices supplied by Contractor shall be validated against the PCI Council PIN Transaction Security (PTS) program. For items 13.4.1 to 13.4.3 above, Contractor shall provide a letter from their qualified security assessor (QSA) affirming their compliance and current PCI or PTS compliance certificate. Contractor shall be responsible for furnishing City with an updated PCI compliance certific...
View SourceView Similar (2)
Information Security Audits. During the term of this Agreement, and for one (1) year following termination:
View SourceView Similar (7)
Information Security Audits. Contractor must contract with an independent third party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with City. All audit findings must be remedied. Audit Findings. Contractor shall implement reasonably required safeguards as identified by City or by any audit of Contractor’s data privacy and information security program. Protected Health Information. Contractor, all subcontractors, all agents and employees of Contractor, and any subcontractor shall comply with all federal and state laws regarding the transmission, storage and protection of all PHI disclosed to Contractor by City in the performance of this Agreement. Contractor agrees that any failure of Contactor to comply with the requirements of federal and/or state and/or local privacy laws shall be a material breach of the Contract. In the event that City pays a regulatory fine, and/or is assessed civil penalties or damages through private rights of action, based on an impermissible use or disclosure of PHI given to Contractor or its subcontractors or agents by City, Contractor shall indemnify City for the amount of such fine or penalties or damages, including costs of notification. In such an event, in addition to any other remedies available to it under equity or law, City may terminate the Agreement.
View SourceView Similar (6)
Information Security Audits. During the term of this Agreement, and for one (1) year following termination Lender may provide prior written notice to Servicer or the intent to review the summary of the information security program, at Servicer’s Headquarters, upon reasonable notice of not less than 30 days.
View SourceView Similar (2)
Information Security Audits. Provider shall procure no less than annual security audits of the Facilities by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards no later than December, 2008. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 7.1.8. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities in Safeguards or otherwise in any Facilities; and (b) if so, the nature of each vulnerability discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities.
View Source
Information Security Audits. Contractor will provide PCI Level 4 attestation for any Point-of-Sale systems owned and installed by Contractor on-site at customer sites.
View Source
Information Security Audits. Provider shall procure no less than annual security audits of their data centers by an independent third party. Such audits shall meet or exceed SAS 70 Type II standards as the same may be amended, modified, supplemented, or superseded from time to time. In addition, Provider shall also conduct such audits as may be required to maintain compliance with Section 8.8 (Cardholder Information) hereto. Provider shall promptly provide T-Mobile with the results of each such audit; including (a) whether the audit revealed any material vulnerabilities, inadequacies, or insufficiencies in or breaches of Safeguards or otherwise in any Facilities; and (b) if so, the nature of each such vulnerability, inadequacy, insufficiency or breach discovered. If the audit reveals one or more material vulnerabilities, Provider shall, within thirty (30) days, correct each such vulnerability inadequacy, insufficiency or breach at its sole cost and expense and provide written certification to T-Mobile that it has corrected all such vulnerabilities inadequacies, insufficiencies or breaches.
View Source
Information Security Audits. If Contractor will be hosting data on behalf of the City, Contractor must contract with an independent third-party to perform yearly information security audits of their primary and backup Data Centers. The annual audits must include an outside penetration/vulnerability test, and internal penetration and vulnerability tests with the third-party directly on the internal network. The summary results of the audits must be shared with the City. All audit findings must be remedied.
View Source

Related to Information Security Audits

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.