[OPTIONAL IF APPLICABLE] Specific Requirements for Cyber/Data Information Security Insurance Clause Samples

[OPTIONAL IF APPLICABLE] Specific Requirements for Cyber/Data Information Security Insurance. Licensor shall purchase and maintain cyber/information security insurance coverage with combined single limits for each wrongful act of $2,000,000 per occurrence to cover the unauthorized acquisition of personal information such as social security numbers, credit card numbers, financial account information, or other information that uniquely identifies an individual and may be of a sensitive nature in accordance with Section 2-6-1501, MCA through Section 2-6-1503, MCA. If Licensor maintains higher limits than the minimums shown above, the State requires and shall be entitled to coverage for the higher limits maintained by Licensor. Any available insurance proceeds in excess of the specified minimum limits of insurance and coverage shall be available to the State. Such insurance must cover, at a minimum, privacy notification costs, credit monitoring, forensics investigations, legal fees/costs, regulatory fines and penalties, and third party liability settlements or judgments as may be caused by any act, omission, or negligence of Licensor’s officers, agents, representatives, assigns or subcontractors. [NOTE: Most vendors have access to cybersecurity coverage; therefore, agencies should require cybersecurity insurance unless there is no risk to the State. Even on-premise solutions can introduce security vulnerabilities to otherwise secure systems, and agencies should require cybersecurity insurance to reduce financial risk to the State.][NOTE: If occurrence coverage is unavailable or cost-prohibitive, State will accept ‘claims madecoverage provided the following conditions are met: 1) the retroactive date must be shown, and must be before the date of the contract or the beginning of contract work; 2) insurance must be maintained and evidence of insurance must be provided for at least three (3) years after completion of the contract of work; and 3) if coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a retroactive date prior to the contract effective date, Licensor must purchase “extended reportingcoverage for a minimum of three (3) years after completion of work.]
View SourceView Similar (2)

Related to [OPTIONAL IF APPLICABLE] Specific Requirements for Cyber/Data Information Security Insurance

  • Insurance and Fingerprint Requirements Information Insurance If applicable and your staff will be on TIPS member premises for delivery, training or installation etc. and/or with an automobile, you must carry automobile insurance as required by law. You may be asked to provide proof of insurance. Fingerprint It is possible that a vendor may be subject to Chapter 22 of the Texas Education Code. The Texas Education Code, Chapter 22, Section 22.0834. Statutory language may be found at: ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇▇▇.▇▇▇▇▇.▇▇.▇▇/ If the vendor has staff that meet both of these criterion: (1) will have continuing duties related to the contracted services; and (2) has or will have direct contact with students Then you have ”covered” employees for purposes of completing the attached form. TIPS recommends all vendors consult their legal counsel for guidance in compliance with this law. If you have questions on how to comply, see below. If you have questions on compliance with this code section, contact the Texas Department of Public Safety Non-Criminal Justice Unit, Access and Dissemination Bureau, FAST-FACT at ▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.▇▇.▇▇ and you should send an email identifying you as a contractor to a Texas Independent School District or ESC Region 8 and TIPS. Texas DPS phone number is (▇▇▇) ▇▇▇-▇▇▇▇. See form in the next attribute to complete entitled: Texas Education Code Chapter 22 Contractor Certification for Contractor Employees

  • Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.

  • Child Abuse Reporting Requirement Grantee will: a. comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. b. develop, implement and enforce a written policy that includes at a minimum the System Agency’s Child Abuse Screening, Documenting, and Reporting Policy for Grantees/Providers and train all staff on reporting requirements. c. use the System Agency Child Abuse Reporting Form located at ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇.▇▇.▇▇/Contact Us/report abuse.asp as required by the System Agency. d. retain reporting documentation on site and make it available for inspection by the System Agency.

  • How Do I Get More Information? This Notice summarizes the Action, the terms of the Settlements, and your rights and options in connection with the Settlements. More details are in the Settlement Agreements, which are available for your review at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. The Settlement Website also has the Second Amended Complaint and other documents relating to the Settlements. You may also call toll-free ▇-▇▇▇-▇▇▇-▇▇▇▇ or write the Claims Administrator at: Financial Aid Antitrust Settlements, c/o Claims Administrator, ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇▇▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇. To: Settlement Class Member Email Address From: Claims Administrator Subject: Notice of Proposed Class Action Settlement – ▇▇▇▇▇, et al. ▇. ▇▇▇▇▇ University, et al. Please visit ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ for more information. • The Court has preliminarily approved proposed settlements (“Settlements”) with the following ten schools: Brown University, the University of Chicago, the Trustees of Columbia University in the City of New York, Trustees of Dartmouth College, Duke University, Emory University, Northwestern University, ▇▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇ University, Vanderbilt University, and Yale University (collectively the “Settling Universities”). • The Court has also preliminarily approved a class of students who attended one or more of the Settling Universities during certain time periods. This is referred to as the “Settlement Class,” which is defined in more detail below.

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.