INFORMATION SECURITY & DATA PROTECTION Clause Samples

The INFORMATION SECURITY & DATA PROTECTION clause establishes requirements and responsibilities for safeguarding sensitive information and personal data exchanged or processed under the agreement. It typically outlines the security measures parties must implement, such as encryption, access controls, and compliance with relevant data protection laws like GDPR or HIPAA. This clause ensures that both parties take appropriate steps to prevent unauthorized access, loss, or misuse of data, thereby reducing the risk of data breaches and ensuring legal compliance.
INFORMATION SECURITY & DATA PROTECTION. Data Security requirements are described in section 7, Exhibit C, Special Contract Conditions. The following are policies of the Contractor: 13.1 Overall Data Security Regulations. As a financial institution, the Contractor is required to comply with the information security standards of, as applicable, the Gramm ▇▇▇▇▇ ▇▇▇▇▇▇ Act and the regulations issued thereunder the Fair and Accurate Credit Transactions Act and the regulations issued thereunder; the Federal Financial Institutions Examination Council (FFIEC) criteria; the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice; the US Securities and Exchange Commission; FINRA; the NASD; and other federal statutory, national and international legal and regulatory requirements. The Contractor is evaluated regularly for compliance with these obligations by various US and international regulators, including, the US Office of the Comptroller of the Currency, as applicable.
View SourceView Similar (3)
INFORMATION SECURITY & DATA PROTECTION. CSC has approved a security policy and also follows security best practices. For CSC's customers, providers and staff there are detailed security guidelines. Many items in our security policies and guidelines refer to external compliance requirements. CSC has also procedures for risk and security management. For more information, please refer to the following page: ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/security
View SourceView Similar (3)
INFORMATION SECURITY & DATA PROTECTION. In addition to the rules defined in the Data Processing Agreement signed between the Service Provider and the Customer, the following rules for information security and data protection apply for all services covered by this agreement. In accordance to local law, all secrecy and privacy rules defined remain valid after termination of this agreement. The Service Provider agrees: ● it is committed to the eduTEAMS Privacy Policy [1] ● it is committed to the Data protection Code of Conduct [2] The Service Provider is only responsible for data protection of service components within the bounds of the Support Characteristics described in this OLA.
View SourceView Similar (2)
INFORMATION SECURITY & DATA PROTECTION. (a) OTA Insight shall, during the course of the provision of the Product and Service access and/or handle Hyatt Data (including any information not necessarily considered as Data). (b) OTA Insight shall only handle Hyatt Data for the purposes of the provision of the Product and Service to Hyatt and the Participating Hotels. (c) OTA Insight is ISO 27001 certified and complies with any required GDPR regulations (inclusive of the UK GDPR regime). (d) In the event OTA Insight or its agents Process any Personal Information, OTA Insight shall and shall cause its agents and personnel to Process such Personal Information in accordance with Schedule 4-A. (e) Further details on OTA Insight’s information security policy are set out in Schedule 4.
View Source
INFORMATION SECURITY & DATA PROTECTION. The management processes for maintaining Puhti have been certified by the ISO 27001 standard. CSC has approved a security policy and also follows security best practices. For CSC's customers, providers and staff there are detailed security guidelines. Many items in our security policies and guidelines refer to external compliance requirements. CSC has also procedures for risk and security management. For more information, please refer to the following page: ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/security
View Source
INFORMATION SECURITY & DATA PROTECTION. The ePouta Virtual Private Cloud service is a closed environment that meets elevated information security level regulations. CSC has approved a security policy and also follows security best practices. For CSC's customers, partners and staff there are detailed security guidelines. Many items in our security policies and guidelines refer to external compliance requirements. CSC also has procedures for risk and security management. For more information, please refer to the following pages: • ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/security • ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇/web/research/pouta-security
View Source
INFORMATION SECURITY & DATA PROTECTION 
View SourceView Similar (4)

Related to INFORMATION SECURITY & DATA PROTECTION

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Confidentiality and Data Protection We are a data controller for the information you provide to us including individual, identification and financial details, policy history and special category data (such as medical or criminal history). Details of our legal basis for processing your information, along with details of any third party recipient whom it may be necessary to share your personal data with in order to fulfil the contract, retention period for data held, security of your data, your rights under the UK General Data Protection Regulations (UK GDPR) including the right to complain can be found in our full ‘Privacy Notice’ attached to these terms of business and/or on our website at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇.

  • Personal Information security breach a) Each Party shall notify the other party in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal information and to restore the integrity of the affected personal information as quickly as is possible. The Parties shall also be required to provide each other with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal information. b) The Parties shall provide on-going updates on the progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Parties must notify the South African Police Service; and/or the State Security Agency and the Information Regulator and the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Parties undertake to co‑operate in any investigations relating to security which is carried out by or on behalf of the other including providing any information or material in its possession or control and implementing new security measures.