Organization of Information Security Sample Clauses

Organization of Information Security. ● Processor has appointed a Security Officer responsible for coordinating and monitoring the security rules and procedures. ● The Security Officer is bound by confidentiality obligations.

Organization of Information Security a. Assigning security responsibilities to appropriate Medallia individuals or groups to facilitate protection of the Medallia Products environment and associated assets.

Organization of Information Security. Duty of Confidentiality. Provider’s personnel with access to customer data are subject to confidentiality obligations.

Organization of Information Security. ● Information Security governance and data protection compliance for the Company are the responsibility of ▇▇▇▇▇▇▇’s Vice President of Operations. ● MaxMind has established an Information Security team, with security responsibilities shared across various business units. ● Confidentiality and nondisclosure agreements are required when sharing sensitive, proprietary personal, or otherwise confidential information between MaxMind and a third-party. ● A formal process is in place to manage third parties with access to organizational data, information systems, or data centers. All such third parties commit contractually to maintaining confidentiality of all confidential information.

Organization of Information Security. Maintain an information security organization to coordinate the implementation of security for Red Hat.

Organization of Information Security. C.2.2.1. The data processor's information security organization must be structured in a way that allows for effective management and achievement of information security objectives. Furthermore, the data processor shall: a. retain suitably qualified personnel, with clearly defined roles and responsibilities, within its information security organization, to coordinate the implementation of security procedures for the data processor’s organization. b. determine requirements for sensitivity, protection and disclosure of information, and shall review such requirements annually. c. segregate duties, roles and responsibilities, to prevent unauthorized use of the data processor’s business critical information assets.

Organization of Information Security. 3.1. The Manufacturer must initiate and control the implementation of its information security policy and procedures and must require that its policy and procedures be reviewed, tested and updated on a regular basis. 3.2. If the Agreement requires the Manufacturer to have an annual IT Security Certification (a “Certification”) performed, then the following requirements must be met: a. The Certification must assess the Manufacturer’s application of the information security principles of confidentiality, integrity and availability to the Altria Data. b. Within 30 days after the completion of the Certification, the Manufacturer must develop and execute a remediation plan to remove the vulnerabilities identified in the Certification. If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager a copy of the remediation plan and status updates of the remediation plan, including a certification that the remediation plan has been successfully completed. 3.3. If the Agreement requires the Manufacturer to have an annual IT Security Vulnerability Assessment (an “Assessment”) performed, then the following requirements must be met: a. The Assessment must comply with standards that are at least as stringent as those included in the then-current version of the National Institute of Standards and Technology (MST) standard 800-115 Technical Guide to Information Security Testing and Assessment, and must, at a minimum, include a review of the Manufacturer’s: (i) external computer networks, (it) internal computer networks (including wireless networks), (iii) information security architecture, which is a consistent set of principles, policies and standards that sets the direction and vision for the secure development and operation of an organization’s business information systems so as to ensure alignment with and support for the business needs, (iv) physical security, and (v) Internet accessible web applications. b. Within 30 days after the completion of each Assessment, the Manufacturer must develop and execute a remediation plan to remove the vulnerabilities identified in the Assessment If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager a summary of the Assessment and the remediation plan. If requested by the Supplier Manager, the Manufacturer must provide to the Supplier Manager status updates of the remediation plan, including a certification that the remediation plan has been successfully completed.

Organization of Information Security. You must define and assign information security responsibilities within the organization. You can assign the responsibility for information security to a single role or multiple roles, but you must provide a single contact point for any information security communication between you and the Four Media Network GmbH.

Organization of Information Security. ▪ Office Depot has designated information security staff whose primary responsibility is to manage and enforce information security within the organization. This staff includes a Chief Information Security Officer who governs and leads the Information Security Program.