Information Security Reviews Sample Clauses

Information Security Reviews. Jamf will independently review its approach to managing information security and its implementation (i.e., control objectives, controls, policies, processes, and procedures for information security) at planned intervals or when significant changes occur.
View SourceView Similar (7)
Information Security Reviews. The Company has: (i) regularly conducted vulnerability testing, risk assessments, and external audits of, and tracks security incidents related to, the Company’s systems and products (collectively, “Information Security Reviews”); (ii) timely corrected any material exceptions or vulnerabilities identified in such Information Security Reviews; (iii) made available true and accurate copies of all Information Security Reviews; and (iv) timely installed software security patches and other fixes to identified technical information security vulnerabilities. The Company provides its employees with regular training on privacy and data security matters.
View SourceView Similar (2)
Information Security Reviews. The Provider’s approach to managing information security and its implementation (i.e., control objectives, controls, policies, processes, and procedures for information security) shall be reviewed independently at planned intervals or when significant changes occur.
View SourceView Similar (2)
Information Security Reviews. During the Term, County may perform information security reviews on any County Systems, Assets, or facilities used by Vendor to provide the Services hereunder (“Reviews”). The Reviews may include physical inspection, external scan, internal scan, code review, process reviews, and reviews of system configurations. The Reviews may be conducted, at County’s discretion and at County’s expense, by County, another Affiliate, or their designees, including third party consultants or other providers retained by County. The Reviews may include unannounced penetration, vulnerability assessments, and security tests, as it relates to the receipt, maintenance, use, or retention of County’s Confidential Information or County Data in which case County shall provide contemporaneous notice to Vendor. Vendor hereby grants permission to County to perform the Reviews per the agreed upon scope and methodology; provided, however, that any such Review shall be conducted by County, another Affiliate or their designees, as applicable. To the fullest extent permitted by law, Vendor hereby waives the benefit of any state or federal law which may provide a cause of action against County and its Affiliates based upon Reviews permitted under this Section 29.5 (Information Security Reviews) and conducted pursuant to the agreed upon scope and methodology. Should any Review result in the discovery of material security risks to the County Systems, Equipment, Software, networks, or facilities used by Vendor to provide the Services, County shall promptly notify Vendor of such risks, and Vendor shall respond to County in writing within three (3) days with Vendor’s plan to take reasonable measures to promptly correct, repair, or modify the applicable County System, Assets, or facility to effectively eliminate such risks at no cost to County. Upon County’s approval, Vendor shall implement such plan as quickly as practicable. Should Vendor fail to take reasonable measures to remedy the identified risk, County may terminate this Agreement for cause effective immediately.
View SourceView Similar (2)
Information Security Reviews. The Contractor’s information security arrangements should be independently reviewed (audited) and reported to its management. The Contractor’s management are required to routinely review Personnel, Equipment, system’s compliance with security policies, procedures etc., and shall initiate and pursue all required corrective actions where necessary. 1. If any dispute arises out of or in connection with this agreement or the performance, validity or enforceability of it (“dispute”), then, subject to paragraph 2 below, and except as expressly provided in this contract, the parties shall follow the dispute resolution procedure set out below: a party shall give to the other written notice of the Dispute, setting out its nature and full particulars (“Dispute Notice”), together with relevant supporting documentation; on service of the Dispute Notice, the authorised representatives of each party shall, within 10 days of a written request from one party to the other, meet in a good faith effort to resolve the dispute; if the Supplier Manager and LU Manager are for any reason unable to resolve the Dispute within 30 days of service of the Dispute Notice, the Dispute shall be referred to the Chief Executive Officer/Managing Director of the Supplier (or if no such post exists, an individual with an equivalent level of authority) (“Senior Supplier Representative”) and the Vice Chancellor of LU who shall attempt in good faith to resolve it; if the Senior Supplier Representative and the Vice Chancellor of LU are for any reason unable to resolve the Dispute within 30 days of it being referred to them, the parties will attempt to settle the Dispute by mediation in accordance with the CEDR Model Mediation Procedure. Unless otherwise agreed between the parties, the mediator shall be nominated by CEDR. To initiate the mediation, a party must give notice in writing (“ADR notice”) to the other party requesting a mediation. A copy of the request shall be sent to CEDR Solve. The mediation shall start no later than 30 days after the date of the ADR notice. No party may commence any court proceedings in relation to any dispute arising out of this Agreement until it has attempted to settle the dispute by mediation, and either the mediation has terminated or the other party has failed to participate in the mediation, provided that the right to issue proceedings is not prejudiced by a delay. 2. If any technical dispute arises out of or in connection with this agreement (including interpr...
View SourceView Similar (2)
Information Security Reviews. The Consultant’s information security arrangements should be independently reviewed (audited) and reported to its management. The Consultant’s management are required to routinely review Personnel, Equipment, system’s compliance with security policies, procedures etc., and shall initiate and pursue all required corrective actions where necessary.
View Source
Information Security Reviews. 18.2.1 Independent review of information security Yes - In Place
View Source
Information Security Reviews. The Supplier is formally certified to ISO 27001 (the international standard for information security man- agement). The scope of the certificate (Certificate No: IS 636555) applies to the ISMS relating to the Supplier’s common processes used to handle, process and store a client's confidential information, in- cluding Protectively Marked Material, in order for the Supplier to carry out client engagements. The Supplier is subject to six monthly independent surveillance visits by our auditors and is scheduled to undergo a complete re-inspection in Q4 2019. 4 Document Sign-Off The following people have been assigned with sign-off responsibility for this document: Responsibility Name Sign-off Date Supplier Security representative XXXXXXXX [insert date] Other sign off as required XXXXXXXX [insert date] Other sign off as required XXXXXXXX [insert date] Buyer Security representative XXXXXXXX [insert date] Schedule 2: Call-Off Contract charges [REDACTED] [REDACTED] Schedule 3: Collaboration agreement Not used Schedule 4: Alternative clauses Not used . Schedule 5: Guarantee Not used Schedule 6: Glossary and interpretations In this Call-Off Contract the following expressions mean: Expression Meaning Additional Services Any services ancillary to the G-Cloud Services that are in the scope of Framework Agreement Clause 2 (Services) which a Buyer may request. Admission Agreement The agreement to be entered into to enable the Supplier to participate in the relevant Civil Service pension scheme(s). Application The response submitted by the Supplier to the Invitation to Tender (known as the Invitation to Apply on the Platform). Audit An audit carried out under the incorporated Framework Agreement clauses. Background IPRs For each Party, IPRs: ● owned by that Party before the date of this Call-Off Contract (as may be enhanced and/or modified but not as a consequence of the Services) including IPRs contained in any of the Party's Know-How, documentation and processes ● created by the Party independently of this Call-Off Contract, or For the Buyer, Crown Copyright which isn’t available to the Supplier otherwise than under this Call-Off Contract, but excluding IPRs owned by that Party in Buyer software or Supplier software. Buyer The contracting authority ordering services as set out in the Order Form. Buyer Data All data supplied by the Buyer to the Supplier including Personal Data and Service Data that is owned and managed by the Buyer.
View Source
Information Security Reviews. We will independently review our approach to managing information security and its implementation (i.e., control objectives, controls, policies, processes, and procedures for information security) at planned intervals or when significant changes occur.
View Source

Related to Information Security Reviews

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • System Security Review All systems processing and/or storing County PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Personal Information security breach a) Each Party shall notify the other party in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal information and to restore the integrity of the affected personal information as quickly as is possible. The Parties shall also be required to provide each other with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal information. b) The Parties shall provide on-going updates on the progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Parties must notify the South African Police Service; and/or the State Security Agency and the Information Regulator and the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Parties undertake to co‑operate in any investigations relating to security which is carried out by or on behalf of the other including providing any information or material in its possession or control and implementing new security measures.