Minimum Security Requirements Sample Clauses
The Minimum Security Requirements clause sets out the baseline security standards that a party must maintain when handling data or systems under the agreement. Typically, this clause details specific technical and organizational measures, such as encryption, access controls, or regular security audits, that must be implemented to protect sensitive information. By establishing clear expectations for security practices, this clause helps prevent data breaches and ensures both parties are aligned on safeguarding confidential or personal data.
POPULAR SAMPLE Copied 1 times
Minimum Security Requirements. A General Computing Environment: CalHR and Departments shall comply with all of State Fund's requirements in relation to the security of the State Fund Facilities, including the State Fund computing environment. CalHR and Department Personnel shall execute all documents generally required by State Fund for access to State Fund's computing environment or other restricted access areas. CalHR and Departments agree that any and all security measures may be changed from time-to-time, and further agree to abide by the then-current security measures, as they are provided to CalHR. B System Access: CalHR and Departments represent and warrant to State Fund that they shall not alter any hardware or software security residing on State Fund's hardware or systems, including allowing non-read only access. CalHR and Departments further represent and warrant to State Fund that they shall not allow unauthorized traffic to pass into State Fund's networks. If CalHR or Departments do allow unauthorized traffic to pass into State Fund's networks, State Fund may immediately terminate such access in addition to any other remedies that State Fund may have under this Agreement. C Network Connections: CalHR and Departments agree to allow State Fund to perform network assessments of any CalHR or Department connections to State Fund's networks on a schedule reasonably required by State Fund. In the event a network connection is created between the Parties, Departments agree to maintain an alert status regarding all vulnerabilities and security patches or corrective actions by subscribing to an industry-recognized service, such as CERT or CIAC. CalHR understands that should a State Fund assessment reveal inappropriate or inadequate security based on State Fund’s requirements for security, State Fund may, in addition to other remedies it may have under this Agreement, remove CalHR and Department access to the State Fund network until CalHR and Departments satisfactorily comply with the applicable security requirements. D Electronic Authentication:
(1) Shall align with the standards set out by the national Institute of Standards and Technology (SP 800-63-1).
(2) Shall occur both at registration/issuance of access rights and at the system user’s attempted access.
(3) Shall utilize multifactor (two-level/token minimum) user authentication. E Encryption: Confidential and Personal Information shall be encrypted in transit and at rest.
Minimum Security Requirements. Each insurance policy required hereunder shall be (1) subject to reasonable approval by City that it conforms with the requirements of this Section, and (2) be issued by an insurer rated A–:VII or higher in the then-current A. M. Best’s Key Rating Guide and licensed to do business in the State of Washington unless procured under the provisions of chapter 48.15 RCW (Unauthorized insurers).
Minimum Security Requirements. Each insurance policy required hereunder shall be issued by an insurer rated A-:VIII or higher in the then-current A. M. Best’s Key Rating Guide.
Minimum Security Requirements. To promote the confidentiality, integrity, and availability of EHI and minimize the potential for Breaches of EHI, each Participant shall be required to: (i) maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting EHI; (ii) protect against reasonably anticipated impermissible Uses and Disclosures of EHI; (iii) identify and protect against reasonably anticipated threats to the security or integrity of EHI; and (iv) monitor compliance with such safeguards by its workforce. In determining which administrative, technical and physical safeguards to implement, the Participant shall consider the following: (i) its size, complexity, and capabilities; (ii) its technical, hardware, and software infrastructure; (iii) the costs of security measures; and (iv) the likelihood and possible impact of potential risks to EHI. Each Participant further shall review and modify such safeguards to continue protecting EHI in a changing environment of security threats within a reasonable period of time. Additionally, each Participant shall be required to implement the following minimum security requirements described below.
Minimum Security Requirements. Supplier maintains and enforces the technical and organisational measures as may be set out in the relevant Agreement or agreed in writing between the parties. The following is a description of some of the core technical and organizational security measures implemented by Supplier:
Minimum Security Requirements. (A) General Computing Environment: CalHR and Departments shall comply with all of State Fund's requirements in relation to the security of the State Fund Facilities, including the State Fund computing environment. CalHR and Department Personnel shall execute all documents generally required by State Fund for access to State Fund's computing environment or other restricted access areas. ▇▇▇▇▇ and Departments agree that any and all security measures may be changed from time-to-time, and further agree to abide by the then-current security measures, as they are provided to CalHR.
Minimum Security Requirements. The Supplier shall, and shall procure that any Sub-contractor (as applicable) shall, comply with the Buyer’s security requirements as set out in the Call-Off Contract which include the requirements set out in this Schedule 1, Appendix 1 to the Call-Off Contract (the “Buyer’s Security Requirements”). The Buyer’s Security Requirements include, requirements regarding the confidentiality, integrity and availability of Buyer’s Assets, the Buyer’s Systems Environment and the Supplier’s Systems Environment. Terms used in this Schedule 1, Appendix 1 which are not defined below shall have the meanings given to them in Schedule 6 (Glossary and Interpretations) of the Call-Off Contract.
Minimum Security Requirements. The System shall include the following, minimum security requirements:
1) System shall require a secure login for any administrator or message originator to access the system. The secure login shall be a case-sensitive complex password with the following attributes:
i) Minimum 8 characters ii) Maximum 15 characters
Minimum Security Requirements. The MRTCs Draft 2 requires that QHINs comply with the HIPAA Privacy and Security Rules as it pertains to EHI. Also, QHINs must evaluate their security program for the protection of Controlled Unclassified Information (CUI), and develop and implement an action plan to comply with the security requirements of the most recently published version of the NIST Special Publication 800-171 (Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations). A CUI category includes EHI. This Publication provides principle guidelines to federal government-wide requirements for CUI, and entities which handle EHI are required to demonstrate the security controls and be compliant with the NIST 800-171 requirements of the most recent publication. In addition, as part of its ongoing security risk analysis and risk management program, QHINs shall review the most recently published version of the HIPAA Security Rule Crosswalk to the NIST Cybersecurity Framework. The NIST Cybersecurity Framework is guidance that was developed with industry for organizations to better manage and reduce cybersecurity risks. Additionally, it was designed to ▇▇▇▇▇▇ risk and cybersecurity management communications among both internal and external organizational stakeholders. The NIST Cybersecurity Framework is based on existing standards, guidelines, and practices. To the extent the QHIN’s risk analysis identifies any risks, vulnerabilities, or gaps in the QHIN’s compliance with the HIPAA Privacy and Security Rules or other Applicable Law, the QHIN would be required to assess and implement appropriate security measures consistent with industry standards and best practices that it determines would be reasonable and appropriate to ensure the confidentiality, integrity and availability of the EHI that it creates, receives, maintains or transmits, and provide documentation of any such evaluation. This evaluation would not be required for Participants and Participant Members. QHINs are to evaluate their security program on at least an annual basis. Participants and Participant Members must comply with the HIPAA Privacy and Security Rules and Applicable Law, when applicable. However, regardless of whether they are a Covered Entity or Business Associate, Participants and Participant Members must take reasonable steps to promote the confidentiality, integrity, and availability of EHI, including maintaining reasonable and appropriate administrative, technical, and physic...
Minimum Security Requirements. 2.1 The providers, including their agents and subcontractors, will:
2.1.1 Have, and be able to demonstrate it has, security policies in place at all sites and any sub-contractors where work on behalf of the Provider will be undertaken that ensure the protection and secure handling and storage of sensitive information (including the identities of law enforcement agencies' staff), documents and other material (including electronic and paper formats and online services) to prevent unauthorised access, disclosure or loss;
2.1.2 Have physical security measures in place at premises where work on behalf of the Provider will be undertaken, e.g. measures to prevent, deter, detect and/or delay attempted physical attacks, and to trigger an appropriate response; measures shall include but not restricted to approved locks, robust access control, intruder detection systems as are necessary to prevent undetected / unauthorised access into the building(s);
2.1.3 Regular security risk assessments should be undertaken for all locations at which government work is undertaken. Appropriate physical security controls should be put in place to prevent, detect and respond to security incidents. Risk assessment should incorporate the value of assets, their location and the impact of compromise or loss and the level of threat to assets from different sources.
2.1.4 Communicate its security policies to all individuals with access to the Providers' systems and provide vetting and training to ensure staff compliance with its security policies; Controls should be put in place to ensure that employees understand their personal responsibility to safeguard sensitive assets. As well as to ensure they are adequately screened in order to addresses the risks associated with identity fraud, illegal working and deception generally. Ensure the security roles and responsibilities of your employees’ clearly defined and documented in accordance with your organisation's information security policy?
2.1.5 Encryption of all IT equipment which is used to store Government Security Classified information at OFFICIAL or OFFICAL SENSITIVE levels and networks to minimum FIPS 140.2 standard or equivalent;
2.1.6 Not store, transmit or create any information which is rated at OFFICIAL SENSITIVE or above) on any IT equipment unless approved by the client and are accredited according to HMG Information Assurance Standards 1 & 2; The risks to the confidentiality, integrity and availability of the data, system and...