Security Standards and Controls Sample Clauses

Security Standards and Controls. (a) Voya will establish and maintain: (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of confidential Information; and (ii) Appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all applicable Laws relating to personal information security. (b) In addition, Voya will implement and maintain the following information security controls: (i) Privileged access rights will be restricted and controlled; (ii) An inventory of assets relevant to the lifecycle of information will be maintained; (iii) Network security controls will include, at a minimum, firewall and intrusion prevention services; (iv) Detection, prevention and recovery controls to protect against malware will be implemented; (v) Information about technical vulnerabilities of Voya’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) Detailed event logs recording user activities, exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed as needed;and (vii) Development, testing and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment.
View SourceView Similar (3)
Security Standards and Controls. (a) Administrator will establish, maintain and periodically review (no less frequently than annually): (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of Confidential Information; and (ii) appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all Applicable Laws relating to personal information security. (b) Policies designed to protect the privacy of individuals will, where practical, be embedded into the design, and specifications of Administrator’s technologies, business practices, and physical infrastructures using industry standard practices designed to minimize privacy risks to individuals (commonly referred to as “privacy by design”). (c) Without limiting the generality of the foregoing, Administrator will implement and maintain the following information security controls: (i) privileged access rights will be restricted and controlled; (ii) an inventory of assets relevant to the lifecycle of information will be maintained; (iii) network security controls will include, at a minimum, firewall and IDS services; (iv) detection, prevention and recovery controls to protect against malware will be implemented; (v) information about technical vulnerabilities of Administrator’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) detailed event logs recording user activities, access attempts and information security events will be retained and regularly reviewed, if produced; (vii) development, testing, and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment; and (viii) within a cloud environment, the network will be segregated so that data including Confidential Information is separated from all other customers’ data using perimeter security mechanisms such as firewalls.
View SourceView Similar (2)
Security Standards and Controls. Administrator will establish, maintain and periodically review (no less frequently than annually):
View Source
Security Standards and Controls. Supplier will establish and maintain (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of Confidential Information; and (ii) appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of applicable laws relating to personal information security. In addition, Supplier will implement and maintain the following information security controls: a) privileged access rights will be restricted and controlled; b) an inventory of assets will be maintained; c) network security controls will include, at a minimum, firewall and IDS services; d) detection and prevention controls to protect against malware will be implemented; e) information about technical vulnerabilities of Supplier’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; f) detailed event logs recording user exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed;
View Source

Related to Security Standards and Controls

  • Security Standards The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.

  • Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: ▇▇▇▇://▇▇▇.▇▇▇▇▇▇-▇▇▇▇▇.▇▇▇/508.htm.

  • Compliance with Texas Privacy Laws and Regulations In performing their respective obligations under the Agreement, the LEA and the Provider shall comply with all Texas laws and regulations pertaining to LEA data privacy and confidentiality, including but not limited to the Texas Education Code Chapter 32, and Texas Government Code Chapter 560.

  • Human and Financial Resources to Implement Safeguards Requirements The Borrower shall make available necessary budgetary and human resources to fully implement the EMP and the RP.

  • Safety Standards Performance of the Contract for all commodities or contractual services must comply with requirements of the Occupational Safety and Health Act and other applicable State of Florida and federal requirements.