Safeguards and Security Sample Clauses
The Safeguards and Security clause establishes requirements for protecting sensitive information, assets, or operations from unauthorized access, disclosure, or harm. It typically outlines specific security measures such as physical controls, cybersecurity protocols, employee training, and regular audits that parties must implement. By setting clear standards for security, this clause helps prevent data breaches, theft, or misuse, thereby reducing risk and ensuring compliance with legal or contractual obligations.
Safeguards and Security. 6.1 You must take all reasonable steps to keep safe all communication channels you have with the Associated Service Provider including any API keys, passwords, PINs or email addresses you use to communicate with the Associated Service Provider. If you become aware that there is a risk that your communication with the Associated Service Provider is no longer secure, you must notify the Associated Service Provider’s customer support as soon as possible.
6.2 You must take all reasonable precautions to prevent fraudulent use of Payment Services.
6.3 We shall contact you via email in the event of suspected or actual fraud or security threats, unless we are of the view that your emails might be compromised, in which case we shall contact you by telephone.
6.4 We may stop or suspend the use of the Associated Service Provider's App based upon:
(a) the security of the Associated Service Provider's App;
(b) suspected unauthorised or fraudulent use of the Associated Service Provider's App.
6.5 We may stop or suspend your ability to use the Associated Service Provider or any Account Information Service Provider or Payment Initiation Service Provider if we have reasonably justified and duly evidenced reasons for same relating to:
(a) unauthorised or fraudulent access to your payment account information by the Associated Service Provider, that Account Information Service Provider or that Payment Initiation Service Provider; and/or
(b) the risk of unauthorised or fraudulent initiation of a Payment. If we do deny access to the Associated Service Provider or any Account Information Service Provider or Payment Initiation Service Provider in accordance with this paragraph 6.4, unless doing so would compromise security or is unlawful, we shall notify you as soon as possible via phone or email in accordance with clause 2.4.
Safeguards and Security. 9.2.1 Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of the information other than as provided for by this Agreement. Such safeguards shall be based on applicable Federal Information Processing Standards (FIPS) Publication 199 protection levels.
9.2.2 Business Associate shall, at a minimum, utilize a National Institute of Standards and Technology Special Publication (NIST SP) 800-53 compliant security framework when selecting and implementing its security controls and shall maintain continuous compliance with NIST SP 800-53 as it may be updated from time to time. The current version of NIST SP 800-53, Revision 5, is available online at; updates will be available online through the Computer Security Resource Center website.
9.2.3 Business Associate shall employ FIPS 140-2 validated encryption of PHI at rest and in motion unless Business Associate determines it is not reasonable and appropriate to do so based upon a risk assessment, and equivalent alternative measures are in place and documented as such. FIPS 140-2 validation can be determined online through the Cryptographic Module Validation Program Search, with information about the Cryptographic Module Validation Program under FIPS 140-2. In addition, Business Associate shall maintain, at a minimum, the most current industry standards for transmission and storage of PHI and other confidential information.
9.2.4 Business Associate shall apply security patches and upgrades, and keep virus software up-to-date, on all systems on which PHI and other confidential information may be used.
9.2.5 Business Associate shall ensure that all members of its workforce with access to PHI and/or other confidential information sign a confidentiality statement prior to access to such data. The statement must be renewed annually.
9.2.6 Business Associate shall identify the security official who is responsible for the development and implementation of the policies and procedures required by 45 CFR Part 164, Subpart C.
Safeguards and Security. 7.2.1. Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent use or disclosure of the information other than as provided for by this Addendum and the Agreement. Such safeguards shall be, at a minimum, at Federal Information Processing Standards (“FIPS”) Publication 199 protection levels. Business Associate shall implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications and other requirements of Subpart C of 45 C.F.R. Part 164, in compliance with 45 C.F.R. § 164.316. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities.
7.2.2. Business Associate shall, at a minimum, utilize an industry-recognized security framework when selecting and implementing its security controls, and shall maintain continuous compliance with its selected framework as it may be updated from time to time. Examples of industry- recognized security frameworks include but are not limited to:
7.2.2.1. NIST SP 800-53 - National Institute of Standards and Technology Special Publication 800-53 7.2.2.2. FedRAMP - Federal Risk and Authorization Management Program 7.2.2.3. PCI - PCI Security Standards Council 7.2.2.4. ISO/ESC 27002 - International Organization for Standardization / International Electrotechnical Commission standard 27002 7.2.2.6. IRS PUB 1075 - Internal Revenue Service Publication 1075
Safeguards and Security. 9.2.1 Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of the information other than as provided for by this Agreement. Such safeguards shall be, at a minimum, at Federal Information Processing Standards (FIPS) Publication 199 protection levels.
9.2.2 Business Associate shall, at a minimum, utilize an industry- recognized security framework when selecting and implementing its security controls, and shall maintain continuous compliance with its selected framework as it may be updated from time to time. Examples of industry-recognized security frameworks include but are not limited to
9.2.2.1 NIST SP 800-53 – National Institute of Standards and Technology Special Publication 800-53 9.2.2.2 FedRAMP – Federal Risk and Authorization Management Program
Safeguards and Security. 19.1 The Client must notify Argentex via telephone or by email using the contact details set out in clause 2.1 on becoming aware of the misappropriation of Argentex Online. This includes:
(a) The loss by the Client or any Authorised Person of their Security Details; and/or
(b) someone other than the Client or an Authorised Person knowing or using their Security Details or otherwise being able to gain access to Argentex Online.
19.2 The Client and each Authorised Person must take all reasonable steps to keep Argentex Online and their Security Details safe and prevent fraudulent use of the Services. This includes:
(a) the Client and each Authorised Person not telling anyone, including Argentex or someone purporting to be Argentex, the Client’s Security Details – we will never ask for Security Details via telephone or email or using any other method (except when the Client is required to enter those details on Argentex Online);
(b) the Client and each Authorised Person notifying Argentex, using one of the methods set out in clause 2.1, as soon as it suspects or knows that someone other than themselves knows their Security Details or can otherwise gain access to Argentex Online;
(c) logging off Argentex Online every time the computer (or other device used to gain access to Argentex Online) is left by the Client or the relevant Authorised Person;
(d) always ensuring that login details and Security Details are not stored by the browser or cached or otherwise recorded by the computer (or other device used to gain access to Argentex Online);
(e) having recognised anti-virus software put on the device that the Client and each Authorised Person use to gain access to Argentex Online and the email account(s) that the Client and each Authorised Person use to communicate with Argentex;
(f) notifying Argentex immediately if a virus is found on the device the Client or any Authorised Person uses to obtain access to Argentex Online and the email account the Client use to communicate with Argentex;
(g) ensuring that the e-mail account(s), phone number, mobile phone number, computer and other network the Client and each Authorised Person use to communicate with Argentex is secure and only accessed by the Client or the relevant Authorised Person as these may be used to reset Security Details;
(h) regularly checking emails so that the Client is aware if there are new Instructions which the Client has not authorised or if new Beneficiary Account details are added to Argentex On...
Safeguards and Security. Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of the information other than as provided for by this Agreement. Such safeguards shall be based on applicable Federal Information Processing Standards (FIPS) Publication 199 protection levels.
Safeguards and Security. 9.1.1 Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of the information other than as provided for by this Agreement. Such safeguards shall be based on applicable Federal Information Processing Standards (FIPS) Publication 199 protection levels.
9.1.2 Business Associate shall, at a minimum, utilize a National Institute of Standards and Technology Special Publication (NIST SP) 800-53 compliant security framework when selecting and implementing its security controls and shall maintain continuous compliance with NIST SP 800- 53 as it may be updated from time to time. The current version of NIST SP 800-53, Revision 5, is available online at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/detail/sp/800-53/rev-5/final; updates will be available online at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/sp800.
9.1.3 Business Associate shall employ FIPS 140-3 validated encryption of PHI at rest and in motion unless Business Associate determines it is not reasonable and appropriate to do so based upon a risk assessment, and equivalent alternative measures are in place and documented as such. FIPS 140-3 validation can be determined online at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/projects/cryptographic-module-validation-program/validated- modules/search. In addition, Business Associate shall maintain, at a minimum, the most current industry standards for transmission and storage of PHI and other confidential information.
9.1.4 Business Associate shall apply security patches and upgrades, and keep virus software up-to- date, on all systems on which PHI and other confidential information may be used.
9.1.5 Business Associate shall ensure that all members of its workforce with access to PHI and/or other confidential information sign a confidentiality statement prior to access to such data. The statement must be renewed annually.
9.1.6 Business Associate shall identify the security official who is responsible for the development and implementation of the policies and procedures required by 45 CFR Part 164, Subpart C.
9.1.7 Remote access to PHI from outside the continental United States, inclusive of remote access to PHI by Business Associate’s support staff in identified support centers, is prohibited.
9.1.8 Business Associate shall only store PHI i...
Safeguards and Security. 11.1 You must notify us via telephone or by email using the contact details set out in clause 1.3 on becoming aware of the misappropriation of the Platform – the misappropriation of the Platform includes:
(a) the loss by you or any Authorised Person of their Password; and/or
(b) someone other than you or the Authorised Person knowing their Password or otherwise being able to gain access to the Platform.
11.2 You and each Authorised Person must take all reasonable steps to keep safe the Platform. This includes:
(a) each Authorised Person not telling anyone, including us or someone purporting to be us, your Password – we will never ask for your Passwords via telephone or email or using any other method (except when you are required to enter same on the Platform);
(b) each Authorised Person and you notifying us, using one of the methods set out in clause 1.3, as soon as it suspects or knows that someone other than themselves knows their Passwords or can otherwise gain access to the Platform.
(c) logging off the Platform every time the computer (or other device used to gain access to the Platform) is left by you or the relevant Authorised Person;
(d) always ensuring that login details and Passwords are not stored by the browser or cached or otherwise recorded by the computer (or other device used to gain access to the Platform);
(e) having recognised anti-virus software put on the device you use to gain access to the Platform and the email account you and each Authorised Person use to communicate with us;
(f) notifying us immediately if a virus is found on the device you or any Authorised Person uses to obtain access to the Platform and the email account you use to communicate with us;
(g) ensuring that the e-mail account(s), phone number, mobile phone number, computer, fax and other network you and each Authorised Person use to communicate with us is secure and only accessed by you or the relevant Authorised Person as these may be used to reset Passwords;
(h) regularly checking the Platform and the Client System so that you are aware if there are new Payment Orders which you have not authorised or if new Beneficiary Account details are added to the Platform or the API which you did not add.
11.3 You must take all reasonable precautions to prevent fraudulent use of Services.
11.4 You must inform us as soon as you become aware that the Client System and/or the API have become compromised. You are fully responsible for the security or the Client System. All Paym...
Safeguards and Security. 9.2.1 Business Associate shall use safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and other confidential data and comply, where applicable, with subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of the information other than as provided for by this Agreement. Such safeguards shall be, at a minimum, at Federal Information Processing Standards (FIPS) Publication 199 protection levels.
9.2.2 Business Associate shall, at a minimum, utilize an industry-recognized security framework when selecting and implementing its security controls, and shall maintain continuous compliance with its selected framework as it may be updated from time to time. Examples of industry-recognized security frameworks include but are not limited to
9.2.2.1 NIST SP 800-53 – National Institute of Standards and Technology Special Publication 800-53 9.2.2.2 FedRAMP – Federal Risk and Authorization Management Program 9.2.2.3 PCI – PCI Security Standards Council 9.2.2.4 ISO/ESC 27002 – International Organization for Standardization / International Electrotechnical Commission standard 27002 9.2.2.5 IRS PUB 1075 – Internal Revenue Service Publication 1075
Safeguards and Security. 11.1. You must notify us via telephone or by email using our contact details set out in Clause 30.2 on becoming aware of the misappropriation of the Online Platform – this will include you and each Authorised Trader notifying us as soon as it suspects or knows that someone other than themselves knows their Access Codes or can otherwise gain access to the Online Platform.
11.2. You and each Authorised Trader must take all reasonable steps to keep safe the Online Platform. This includes:
11.2.1. not telling anyone, including us or someone purporting to be us, your Access Codes – we will never ask for your Access Codes via telephone or email or using any other method (except when you are required to enter same on the Online Platform);
11.2.2. each Authorised Trader and you notifying us, using one of the methods set out in clause 30.2, as soon as it suspects or knows that someone other than themselves knows their Access Codes or can otherwise gain access to the Online Platform.
11.2.3. logging off the Online Platform every time the computer or other device used to gain access to the Online Platform is left by you or the relevant Authorised Trader;
11.2.4. always ensuring that the Access Codes are not stored by the browser or cached or otherwise recorded by the computer or other device used to gain access to the Online Platform;
11.2.5. having recognised anti-virus software on the computer or other device you use to gain access to the Online Platform;
11.2.6. notifying us immediately if a virus is found on the computer or other device you or any Authorised Trader uses to obtain access to the Online Platform;
11.2.7. ensuring that the e-mail account(s), phone number, mobile phone number, computer, fax and other network you and each Authorised Trader use to communicate with us is secure and only accessed by you or the Authorised Trader as these may be used to reset the Access Codes;
11.2.8. regularly checking your emails so that you are aware if there are new Requests which you have not authorised.
11.3. You must take all reasonable precautions to prevent fraudulent use of Services. This includes ensuring that the e-mail account(s), phone numbers, mobile phone numbers and computers you and each Authorised Trader use to communicate with us are secure and only accessed by you or an Authorised Trader.
11.4. You and each Authorised Trader must also regularly check its emails as they may receive emails from us relating to new Requests having been received. T: +▇▇ (▇) ...