Security and Risk Requirements Clause Samples

Security and Risk Requirements a) A documented process exists to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of confidential information, including PHI and ePHI, as part of the System Development Life Cycle. b) Security controls are considered throughout the System Development Life Cycle.
View SourceView Similar (2)
Security and Risk Requirements a) The System Development Life Cycle must include a documented process to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of confidential information, including PHI and ePHI. b) Security controls must be considered throughout the System Development Life Cycle.
View Source
Security and Risk Requirements. The System Development Life Cycle must include a documented process to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of confidential information, including PHI and ePHI. Security controls must be considered throughout the System Development Life Cycle. Security Design & Architecture Security controls must be designed to eliminate single points of failure. Systems must be designed to use a common security architecture. Production, test, and development environments must be physically and/or logically separated. Application Role Design and Access Privileges Application security controls must be designed to ensure users can access only information they have an authorized business need for. Access must be controlled by a common access methodology or single sign on wherever feasible. Secure Coding Guidelines Secure coding principles and practices must be documented and followed. Web application controls must be configured to prevent printing or downloading data to unauthorized workstation and/or mobile devices. Production information must not be used in development and test environments unless such environments are secured to the same level as production, or data has been de-identified as specified in HIPAA (45 CFR 164.514). Secure Build New server and network equipment deployment procedures must ensure implementation of security configuration settings. Security Testing All security controls must be tested prior to implementing new systems or upgrades into production. Where feasible, automated tools must be used for code review. Roll-out and Go-live Management To retain separation of duties, staff other than developers must be responsible for moving systems or applications into the production environment. All non-standard access paths must be removed prior to being moved into production. Application Security Administration Development staff must receive management approval to access production systems. Technical staff must not have access to production data, programs, or applications unless such access is required to perform their jobs. Antivirus (AV) & Malware protection Documented policies and procedures for guarding against, detecting, and reporting malicious software must exist. Intrusion Detection and Prevention Intrusion detection and prevention systems must be implemented for critical components of the network. Network Access Controls Documented policies and proc...
View Source
Security and Risk Requirements a) A documented process exists to conduct an accurate and thorough assessment and mitigation of potential risks and vulnerabilities as part of the System Development Life Cycle. b) Security controls are considered and implemented throughout the System Development Life Cycle. c) Production and non-production environments must be separated. d) Non-production environments must not contain production data.
View Source

Related to Security and Risk Requirements

  • Policy Requirements All of the policies of insurance referred to in this Article XIII shall be written in form reasonably satisfactory to Landlord and any Facility Mortgagee and issued by insurance companies with a minimum policyholder rating of “A-” and a financial rating of “VII” in the most recent version of Best’s Key Rating Guide, or a minimum rating of “BBB” from Standard & Poor’s or equivalent. If Tenant obtains and maintains the general liability insurance described in Section 13.1(e) above on a “claims made” basis, Tenant shall provide continuous liability coverage for claims arising during the Term. In the event such “claims made” basis policy is canceled or not renewed for any reason whatsoever (or converted to an “occurrence” basis policy), Tenant shall either obtain (a) “tail” insurance coverage converting the policies to “occurrence” basis policies providing coverage for a period of at least three (3) years beyond the expiration of the Term, or (b) an extended reporting period of at least three (3) years beyond the expiration of the Term. Tenant shall pay all of the premiums therefor, and deliver certificates thereof to Landlord prior to their effective date (and with respect to any renewal policy, prior to the expiration of the existing policy), and in the event of the failure of Tenant either to effect such insurance in the names herein called for or to pay the premiums therefor, or to deliver such certificates thereof to Landlord, at the times required, Landlord shall be entitled, but shall have no obligation, to effect such insurance and pay the premiums therefor, in which event the cost thereof, together with interest thereon at the Overdue Rate, shall be repayable to Landlord upon demand therefor. Tenant shall obtain, to the extent available on commercially reasonable terms, the agreement of each insurer, by endorsement on the policy or policies issued by it, or by independent instrument furnished to Landlord, that it will give to Landlord thirty (30) days’ (or ten (10) days’ in the case of non-payment of premium) written notice before the policy or policies in question shall be altered, allowed to expire or cancelled. Notwithstanding any provision of this Article XIII to the contrary, Landlord acknowledges and agrees that the coverage required to be maintained by Tenant may be provided under one or more policies with various deductibles or self-insurance retentions by Tenant or its Affiliates, subject to Landlord’s approval not to be unreasonably withheld. Upon written request by ▇▇▇▇▇▇▇▇, Tenant shall provide Landlord copies of the property insurance policies when issued by the insurers providing such coverage.

  • Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

  • E-Verify Requirements To the extent applicable under ARIZ. REV. STAT. § 41- 4401, the Contractor and its subcontractors warrant compliance with all federal immigration laws and regulations that relate to their employees and their compliance with the E-verify requirements under ARIZ. REV. STAT. § 23-214(A). Contractor’s or its subcontractor’s failure to comply with such warranty shall be deemed a material breach of this Agreement and may result in the termination of this Agreement by the City.

  • SECURITY CLEARANCE REQUIREMENTS ‌ The OCO must tailor security requirements (both facility and employee), clauses, provisions, and other applicable terms and conditions specific to each task order’s solicitation and award. Only those Contractors that meet the required security clearance levels on individual task order solicitations are eligible to compete for such task orders. In general, all necessary facility and employee security clearances shall be at the expense of the Contractor. In some cases, Government offices that conduct background investigations do not have a means for accepting direct compensation from Contractors and instead charge customer agencies for the background investigations. In these cases, the Contractor shall be flexible in establishing ways of reimbursing the Government for these expenses. The individual task order should specify the terms and conditions for reimbursement, if any, for obtaining security clearances. The Contractor shall comply with all security requirements in task orders awarded under OASIS SB.

  • Compliance With Insurance Requirements Borrower will comply with all Insurance requirements and will not permit any condition to exist on the Mortgaged Property that would invalidate any part of any Insurance coverage required under this Loan Agreement.