INFORMATION SECURITY TRAINING Sample Clauses

The Information Security Training clause requires that individuals who have access to sensitive or confidential information receive appropriate training on how to protect that information. Typically, this means employees, contractors, or third parties must complete regular training sessions covering topics such as password management, recognizing phishing attempts, and proper data handling procedures. By mandating such training, the clause helps ensure that all relevant personnel are aware of security best practices, thereby reducing the risk of data breaches and ensuring compliance with organizational or legal information security standards.
INFORMATION SECURITY TRAINING. In addition to any training covered under paragraph (e) of HHSAR 352.239-72, the contractor shall comply with the below training: a. Mandatory Training 1. All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information as defined at HHSAR 304.1300(a)(4), shall complete the NIH Computer Security Awareness Training course at ▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH- specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement.‌‌ 2. The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request. b. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about “NIH Information Security Awareness and Training Policy," at: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇/InfoSecurity/Policy/Documents/Final- InfoSecAwarenessTrainPol.doc.‌‌ The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request.
View SourceView Similar (15)
INFORMATION SECURITY TRAINING. In addition to any training covered under paragraph (e) of HHSAR 352.239-72, the contractor shall comply with the below training:
View SourceView Similar (4)
INFORMATION SECURITY TRAINING. The contractor shall comply with the below training: 1. Mandatory Training a. All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information, shall complete the NIH Computer Security Awareness Training course at ▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement. b. The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request. 2. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about “NIH Information Security Awareness and Training Policy” at: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇/InfoSecurity/Policy/Documents/Final- InfoSecAwarenessTrainPol.doc. The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request.
View SourceView Similar (2)
INFORMATION SECURITY TRAINING. 6.1 The Supplier shall ensure that all employees, subcontractors, and third-party users involved in operating or processing ALCON Data are adequately trained and informed about applicable laws (including data protection laws), information security threats and their implications, and their respective responsibilities and obligations. They shall be equipped with appropriate tools to support the organization’s security policies during their duties. 6.2 When transmitting or transferring ALCON Data and/or Personal Data, the Supplier shall ensure that its personnel use the company’s or organization’s official email accounts and prohibit the use of personal email accounts for transmitting ALCON Data. 6.3 If any Supplier Personnel receives the following, the Supplier shall ensure that they comply with any applicable ALCON information security policies and participate in ALCON training (at no cost to ALCON): (i) Identification badges (or other access mechanisms) issued by ALCON to allow entry into ALCON premises; (ii) Personalized ALCON network access accounts (e.g., ALCON5-2-1 account); (iii) ALCON laptops; (iv) ALCON email accounts; and/or (v) Any other type of access to the ALCON Environment. If the identity or role of any Supplier Personnel or subcontractor personnel changes in a manner that may affect their ability to access the ALCON Environment, the Supplier shall notify ALCON without undue delay. Such changes may include, but are not limited to, termination of employment, changes in job scope, or cessation of subcontractor engagement.
View Source
INFORMATION SECURITY TRAINING 
View Source

Related to INFORMATION SECURITY TRAINING

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • INFORMATION SECURITY SCHEDULE All capitalized terms not defined in this Information Security Schedule (this “Security Schedule”) shall have the meanings ascribed to them in the Transfer Agency and Service Agreement by and between DST and each of the funds listed on Exhibit A thereto (each such fund, or series thereof, severally, and not jointly, the “Fund”) dated March 1, 2022 (the “Agreement”). DST and Fund hereby agree that DST shall maintain and comply with an information security policy (“Security Policy”) that satisfies the requirements set forth below; provided, that, because information security is a highly dynamic space (where laws, regulations and threats are constantly changing), DST reserves the right to make changes to its information security controls at any time and at the sole discretion of DST in a manner that it believes does not materially reduce the protection it applies to Fund Data. From time to time, DST may subcontract services performed under the Agreement (to the extent provided for under the Agreement) or provide access to Fund Data or its network to a subcontractor or other third party; provided, that, such subcontractor or third party implements and maintains security measures DST believes are at least as stringent as those described in this Security Schedule. For the purposes of this Schedule “prevailing industry practices and standards” refers to standards among financial institutions, including mutual funds, and third parties providing financial services to financial institutions.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • Personal Information security breach a) Each Party shall notify the other party in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal information and to restore the integrity of the affected personal information as quickly as is possible. The Parties shall also be required to provide each other with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal information. b) The Parties shall provide on-going updates on the progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Parties must notify the South African Police Service; and/or the State Security Agency and the Information Regulator and the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Parties undertake to co‑operate in any investigations relating to security which is carried out by or on behalf of the other including providing any information or material in its possession or control and implementing new security measures.

  • Information Regarding Collateral (a) Level 3 and the Borrower will furnish to the Collateral Agent prompt written notice of any change (i) in any Loan Party’s corporate name or in any trade name used to identify it in the conduct of its business or in the ownership of its properties, (ii) in any Loan Party’s identity or corporate structure or (iii) in any Loan Party’s Federal Taxpayer Identification Number. Each of Level 3 and the Borrower agrees not to effect or permit any change referred to in the preceding sentence unless all filings (or arrangements therefor satisfactory to the Collateral Agent) have been made under the Uniform Commercial Code or otherwise that are required in order for the Collateral Agent to continue at all times following such change to have a valid, legal and perfected security interest in all the Collateral. Each of Level 3 and the Borrower also agrees promptly to notify the Collateral Agent if any material portion of the Collateral is damaged or destroyed. (b) Each year, at the time of delivery of the certificate pursuant to paragraph (c) of Section 5.01, Level 3 shall deliver to the Collateral Agent certificates of an authorized officer of Level 3 (i) setting forth the information required pursuant to (A) the Annual Perfection Certificate and (B) until such time as the Collateral Permit Condition is satisfied with respect to Level 3 LLC, the Annual Loan Proceeds Note Perfection Certificate, or confirming that there has been no change in such information since the dates of the Effective Date Perfection Certificate or the Effective Date Loan Proceeds Note Perfection Certificate, as the case may be, or the date of the most recent certificates delivered pursuant to this Section and (ii) certifying that all Uniform Commercial Code financing statements (excluding fixture filings) or other appropriate filings, recordings or registrations, including all refilings, rerecordings and reregistrations, containing a description of the Collateral required to be set forth therein have been filed of record in each United States governmental, municipal or other appropriate office in each jurisdiction identified pursuant to clause (i) above to the extent necessary to perfect and continue the perfection of the security interests under the applicable Security Documents for a period of not less than 18 months after the date of such certificate (except as noted therein with respect to any continuation statements to be filed within such period).