Security of State Information Clause Samples

Security of State Information. The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 3 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on a twenty-four (24) hour a day basis.
View SourceView Similar (23)
Security of State Information. To the extent Contractor shall have access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the Contractor represents and warrants that it has implemented and it shall maintain during the term of this Master Agreement the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 4 or higher) and Federal Information Processing
View SourceView Similar (9)
Security of State Information. To the extent Contractor shall have access to, processes, handles, collects, transmits, stores or otherwise deals with State Data, the
View SourceView Similar (2)
Security of State Information. The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) measures to ensure that the State Data shall not be altered or
View Source
Security of State Information. For purposes of the Services performed hereunder, the Contractor shall follow the existing State control framework including industry standard administrative, technical, and physical safeguards and controls consistent with current version of CMS MARS-E (version 2.2), current version of IRS 1075 (Nov. 2021) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. The Contractor will utilize State technical, operational and management measures to include at a minimum: (1) multiple levels of authentication controls to permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) access State information systems through a secure encrypted network connection to State networks where provided by the State ; (4) measures to store in a secure fashion all State Data which shall include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage;
View Source
Security of State Information. The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract commercially reasonable standard (suitable for a company of its size and industry) administrative, technical, and physical safeguards and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection; (3) encryption of electronic State Data while in transit from the Contractor networks to external networks; (4) measures to store in a secure fashion all State Data which may include multiple levels of authentication; (5) dual control procedures, segregation of duties, and pre-employment criminal background checks for employees with responsibilities for or access to State Data; (6) measures to ensure that the State Data shall not be altered or corrupted without the prior written consent of the State; (7) measures to protect against destruction, loss or damage of State Data due to potential environmental hazards, such as fire and water damage; (8) staff training to implement the information security measures; and (9) monitoring of the security of any portions of the Contractor systems that are used in the provision of the services against intrusion on, if available, a twenty-four (24) hour a day basis. Contractor’s obligations regarding the security and safeguarding of State Data, both in this section and elsewhere in this Agreement, shall apply only to State Data that is stored on, transmitted to or from, or processed by means or assets that are owned or controlled by Contractor. RICOH DOES NOT GUARANTY AND DISCLAIMS ANY WARRANTY THAT THE SERVICES OR PRODUCTS SUPPLIED UNDER THIS AGREEMENT ARE SUITABLE TO MEET THE STATE’S DATA SECURITY OBJECTIVES OR REGULATORY REQUIREMENTS. "The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract commercially reasonable standard (suitable for a compan...
View Source
Security of State Information. The Contractor represents and warrants that it has implemented and it shall maintain during the term of this Contract the highest industry standard administrative, technical, and physical safeguards and controls consistent with NIST Special Publication 800-53 (version 3 or higher) and Federal Information Processing Standards Publication 200 and designed to (i) ensure the security and confidentiality of State Data; (ii) protect against any anticipated security threats or hazards to the security or integrity of the State Data; and (iii) protect against unauthorized access to or use of State Data. Such measures shall include at a minimum: (1) access controls on information systems, including controls to authenticate and permit access to State Data only to authorized individuals and controls to prevent the Contractor employees from providing State Data to unauthorized individuals who may seek to obtain this information (whether through fraudulent means or otherwise); (2) industry-standard firewall protection;
View Source
Security of State Information 
View SourceView Similar (236)

Related to Security of State Information

  • Confidentiality of State Information In performance of this Contract, and any exhibit or schedule hereunder, the Party acknowledges that certain State Data (as defined below), to which the Contractor may have access may contain individual federal tax information, personal protected health information and other individually identifiable information protected by State or federal law or otherwise exempt from disclosure under the State of Vermont Access to Public Records Act, 1 V.S.A. § 315 et seq (“State Data”). [In addition to the provisions of this Section, the Contractor shall comply with the requirements set forth in the State’s HIPAA Business Associate Agreement attached hereto as Attachment E]. Before receiving or controlling State Data, the Contractor will have an information security policy that protects its systems and processes and media that may contain State Data from internal and external security threats and State Data from unauthorized disclosure, and will have provided a copy of such policy to the State. State Data shall not be stored, accessed from, or transferred to any location outside the United States. The Contractor agrees that (a) it will use the State Data only as may be necessary in the course of performing duties or exercising rights under this Contract; (b) it will provide at a minimum the same care to avoid disclosure or unauthorized use of State Data as it provides to protect its own similar confidential and proprietary information; (c) it will not publish, reproduce, or otherwise divulge any State Data in whole or in part, in any manner or form orally or in writing to any third party unless it has received written approval from the State and that third party is subject to a written confidentiality agreement that contains restrictions and safeguards at least as restrictive as those contained in this Contract; (d) it will take all reasonable precautions to protect the State’s information; and (e) it will not otherwise appropriate such information to its own use or to the use of any other person or entity. Contractor will take reasonable measures as are necessary to restrict access to State Data in the Contractor’s possession to only those employees on its staff who must have the information on a “need to know” basis. The Contractor shall not retain any State Data except to the extent required to perform the services under this Contract. Contractor shall not access State user accounts or State Data, except in the course of data center operations, response to service or technical issues, as required by the express terms of this Contract, or at State’s written request. Contractor may not share State Data with its parent company or other affiliate without State’s express written consent. The Contractor shall promptly notify the State of any request or demand by any court, governmental agency or other person asserting a demand or request for State Data to which the Contractor or any third party hosting service of the Contractor may have access, so that the State may seek an appropriate protective order.

  • DESTRUCTION OF STATE DATA At any time during the term of this Contract within thirty days of (i) the State’s written request or (ii) termination or expiration of this Contract for any reason, Contractor shall securely dispose of all copies, whether in written, electronic or other form or media, of State Data according to National Institute of Standards and Technology (NIST) approved methods, and certify in writing to the State that such State Data has been disposed of securely. Further, upon the relocation of State Data, Contractor shall securely dispose of such copies from the former data location according to National Institute of Standards and Technology (NIST) approved methods and certify in writing to the State that such State Data has been disposed of securely. Contractor shall comply with all reasonable directions provided by the State with respect to the disposal of State Data.