IT Security Plan Clause Samples

An IT Security Plan clause requires the parties, typically a service provider, to establish and maintain specific measures to protect information technology systems and data from unauthorized access, breaches, or other security threats. This clause often outlines the minimum security standards, such as encryption protocols, access controls, regular security audits, and incident response procedures, that must be implemented and followed. Its core practical function is to ensure that sensitive data is safeguarded throughout the duration of the agreement, thereby reducing the risk of data breaches and ensuring compliance with relevant laws and industry standards.
POPULAR SAMPLE Copied 1 times
IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractors IT Secu- rity Plan shall comply with applicable Fed- eral laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in ac- cordance with Federal and GSA policies and procedures. GSA’s Office of the Chief Infor- mation Officer issued ‘‘CIO IT Security Pro- cedural Guide 09–48, Security Language for Information Technology Acquisitions Ef- forts,’’ to provide IT security standards, poli- cies and reporting requirements. This docu- ment is incorporated by reference in all so- licitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at http:// .▇▇▇.▇▇▇/▇▇▇▇▇▇/▇▇▇▇▇▇▇▇/▇▇▇▇▇. Spe- cific security requirements not specified in ‘‘CIO IT Security Procedural Guide 09–48, Se- curity Language for Information Technology Acquisitions Efforts’’ shall be provided by the requiring activity.
View SourceView Similar (2)
IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractor’s IT Se- curity Plan shall comply with applicable Federal laws that include, but are not lim- ited to, 40 U.S.C. 11331, the Federal Informa- tion Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and DOS policies and procedures, as they may be amended from time to time during the term of this contract that include, but are not limited to: (1) OMB Circular A–130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources; (2) National Institute of Standards and Technology (NIST) Guidelines (see NIST Special Publication 800–37, Guide for the Se- curity Certification and Accreditation of Federal Information Technology Systems (▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/nistpubs/800-37/ SP800-37-final.pdf)); and (3) Department of State information secu- rity sections of the Foreign Affairs Manual (FAM) and Foreign Affairs Handbook (FAH) (▇▇▇▇://▇▇▇▇.▇▇▇▇▇.▇▇▇/Regs/Search.asp), specifi- cally: (i) 12 FAM 230, Personnel Security;
View SourceView Similar (2)
IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be followed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall describe those parts of the contract to which this clause applies. The Contractors IT Security Plan shall comply with applicable Federal laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in accordance with Federal and GSA policies and procedures. GSA’s Office of the Chief Information Officer issued “CIO IT Security Procedural Guide 09–48, Security Language for Information Technology Acquisitions Efforts,” to provide IT security standards, policies and reporting requirements. This document is incorporated by reference in all solicitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/portal/category/25690. Specific security requirements not specified in “CIO IT Security Procedural Guide 09–48, Security Language for Information Technology Acquisitions Efforts” shall be provided by the requiring activity.
View Source
IT Security Plan all Authorized TCP Individuals will comply with the standards, procedures, or policies outlined below for IT security: MCTD will be stored in a UTA-sanctioned data storage location: ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security/approved_storage/index.php. ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security/password/index.php. Use of portable/external storage devices such as flash drives or laptops will comply with UTA’s standards for Security: ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security/usb_security/index.php. In addition, if a portable media or storage device is removed from the approved location (1.a.), it will remain within the Authorized TCP Individual’s “effective controlat all times via the following procedures: 1. An Authorized Individual will keep the items under his/her physical possession or keep it secured in a place such as a hotel safe, a bonded warehouse, or a locked or guarded exhibition facility; 2. An Authorized Individual will take security precautions to protect against unauthorized release of the MCTD: a. use of secure connections when accessing e-mail and other business activities that involve the transmission and use of the technology, b. use of password systems on electronic devices that store technology, and c. use of personal firewalls on electronic devices that store the technology; 3. Authorized Individuals will not ship, transmit, or hand-carry the MCTD outside of the U.S. without first consulting with UT Arlington’s Export Control Officer. If MCTD will be transmitted electronically (with Authorized Individuals or the Supplying Agency), describe how the transmission will take place and how it will be secured (procedures must be approved by Information Security): **UTA’s Information Security Office will review and approve procedures that are deviations, exceptions, or additions to any of the Security Plan referenced above.
View Source

Related to IT Security Plan

  • Security Plan The Business Continuity Plan and the Disaster Recovery Plan may be combined into one document. Additionally, at the beginning of each State Fiscal Year, if the MCO modifies the following documents, it must submit the revised documents and corresponding checklists for HHSC’s review and approval:

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Security Policy As part of PCI DSS, the Card Organizations require that you have a security policy that covers the security of credit card information.

  • Security Policies To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with State Data, the Contractor will have an information security policy that protects its systems and processes and media that may contain State Data from internal and external security threats and State Data from unauthorized disclosure, and will have provided a copy of such policy to the State. The Contractor shall provide the State with not less than thirty (30) days advance written notice of any material amendment or modification of such policies.

  • Equity Plan For purposes of this Agreement, “Equity Plan” means the CS Disco, Inc. 2021 Equity Incentive Plan, as amended from time to time, or any successor plan thereto.