System Security Plan Clause Samples

System Security Plan. The Contractor shall complete the State’s System Security Plan template within ninety (90) Calendar Days after execution of the Contract. After approval by the Department, the Plan shall be updated annually and resubmitted to the Department for review. (Link to DHHS template: ▇▇▇▇▇://▇▇▇▇▇.▇▇.▇▇▇/ncdit/documents/files/NC%20DIT%20SSP%20Template.20180112.docx)
View SourceView Similar (2)
System Security Plan. C.8.10.5.1 The contractor shall, upon request, provide to the Government, a system security plan (or extract thereof) and any associated plans of action developed to satisfy the adequate security requirements of DFARS 252.204-7012, and in accordance with NIST Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations in effect at the time the solicitation is issued or as authorized by the contracting officer, to describe the contractors unclassified information system(s)/network(s) where covered defense information associated with the execution and performance of this contract is processed, is stored, or transmits. The contractor shall report IAW CDRL A010. C.8.10.5.2 The contractor shall, upon request, provide the Government with access to the system security plan(s) (or extracts thereof) and any associated plans of action for each of the contractors tier one level subcontractor(s), vendor(s), and/or supplier(s), and the subcontractors tier one level subcontractor(s), vendor(s), and/or supplier(s), who process, store, or transmit covered defense information associated with the execution and performance of this contract. The contractor shall report IAW CDRL A010.
View SourceView Similar (2)
System Security Plan. Servicer shall work with the Department to complete a System Security Plan that is at least in material compliance with the Statewide Information Security Plan: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/das/OSCIO/Documents/StatewideInformationSecurityPlan.pdf dated August 1, 2018, which may be amended from time to time. A template of a System Security Plan is attached as Appendix D, which shall be used in the development process. The final System Security Plan shall be developed and finalized by Servicer, and approved by the Department, within the first 6-12 months post Agreement execution.
View Source
System Security Plan. The Contractor must develop and implement a security plan that provides an overview of the security requirements for the information system. If a security plan does not exist, the Contractor must provide a description of the security controls planned for meeting those requirements. The security plan must be reviewed periodically and revised to address system/organizational changes or problems.
View Source
System Security Plan. The Contractor shall develop a Technical Report – Study/Services, POAM and Systems Security Plan (SSP) (CDRL A007) that implements the security requirements of DFARS 252.204-7012. In accordance with DFARS 252.204-7012, the SSP shall implement, at a minimum, all security requirements in NIST 800-171 (Rev. 1) standards 3.1 to 3.14; or ensure that any unimplemented security requirements have been adjudicated by an authorized representative of the DoD CIO to be non-applicable or to have an alternative, but equally effective, security measure in its place. The SSP shall provide proof of such adjudication by DoD CIO. Further, the SSP shall contain a description of the system boundary, the operational environment, how the specific security requirements are currently implemented, and the relationships with or connections to other systems. The POAM shall detail how and when the Contractor will meet all security requirements of SP 800-171 that are not fully implemented except for the requirements noted in the specific bullets below, which must be fully implemented in the SSP. The Contractor shall permit the Government to validate information in the SSP every three years, on an ad hoc basis with no notice to the Contractor, other than to coordinate any necessary security requests, but not more than five business days, or upon replacement or rotation of the Government program manager. The SSP shall:  Fully implement Multi-factor authentication, including authentication and authorization of users in a manner that is auditable  Implement FIPS 140-2 validation encryption at a minimum of Level 1  Employ the principle of least privilege or “need to know”  Require the Contractor to review, in a manner that can be audited, user privileges at least annually  Require monitoring and controlling remote access sessions and includes mechanisms to audit the session and methods
View Source

Related to System Security Plan

  • Security Plan The Business Continuity Plan and the Disaster Recovery Plan may be combined into one document. Additionally, at the beginning of each State Fiscal Year, if the MCO modifies the following documents, it must submit the revised documents and corresponding checklists for HHSC’s review and approval:

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Service Plan 2.1 The Customer shall use the following applicable Service Plan and services during the Term: a) the Service Plan specified in the Sales and Services Agreement or a service plan with monthly fee above the Service Plan amount specified in the Sales and Agreement (not applicable to SIM Only service plan & SuperCare Unbundled Smartphone Plan); and any of the services (“Selected Services”) specified in the Company’s web site “Terms and Conditions” relating to this offer and the aggregate monthly fee (after deduction of any rebate) of such Selected Services is equal to or above the amount specified in the Sales and Services Agreement (if applicable); or b) A Service Plan within the “iPhone SuperCare Smartphone Plans” (applicable to upgrade to a higher monthly fee during the Term) as specified in the Company’s web site “Terms and Conditions” relating to this plan group. 2.2 Service Plan with specified data usage 2.2.1 Whenever the local data usage of the Customer under the relevant Service Plan nearly reaches the specified local data usage (“Specified Data Usage”) the Company will notify the Customer by SMS. The Customer may by return SMS purchase a top-up at the charge as specified in the SMS received (“Top Up”). If the Customer does not wish to purchase the Top Up, local data service under the relevant Service Plan will be automatically suspended when the data usage has reached the Specified Data Usage. The Customer may purchase the Top Up at that time or wait until the beginning of the next bill month for the new Specified Data Usage allowance under the relevant Service Plan. Any unused top-up local mobile data can be carried forward for free and can be used before the end of the next bill month. This is only applicable to designated service plans (1GB or above) with an “Advise & Consent” mechanism for the purchase of top-up data. 2.2.2 Where the Customer has registered more than one Service Plan in an Account, the Company will notify Customer's primary service number (i.e. the first registered service number) by SMS whenever a Top Up is confirmed. 2.3 Applicable to Customer who stacks a new iPhone Contract: 2.3.1 Under Term (i.e. outstanding months under unexpired Previous Contract Term + iPhone Contract Term), the monthly fee and entitlement of new iPhone Contract takes effect immediately and will apply until the expiration of the new iPhone Contract. 2.3.2 If Customer has an existing contract of FUP Unlimited Data Plan stacks a new iPhone Contract, Customer is required to sign a new contract for FUP Unlimited Data Plan. The monthly fee of new FUP Unlimited Data Plan specified in the Sales and Services Agreement takes effect simultaneously when the new iPhone Contract commences and will apply until the expiration of the Term. 2.3.3 (If applicable) If the Customer has a Multi-SIM Plan under an unexpired Previous Contract Term stacks a new iPhone Contract, the monthly fee and service entitlement under the unexpired Previous Contract Term will be superseded and replaced by the monthly fee and service entitlement of the prevailing Multi-SIM Plan at the time of the stacking of the new iPhone Contract (“New Multi-SIM Plan”). The New Multi-SIM Plan shall take effect simultaneously when the new iPhone Contract commences and will apply until the expiration of the Previous Contract Term of the Multi-SIM Plan. 2.4 This Service Plan is charged on a monthly basis. The monthly charges for the first month will be charged on a pro-rata basis from the service effective date to the first bill date. The monthly charges are payable in advance and non-refundable under whatever circumstances. 2.5 This Service Plan is not applicable to 2G phones / connected devices or any phones / connected devices which have manually opted for 2G network. However, if customers opt for FUP unlimited data, in addition to the above conditions, the plan will also not applicable to other connected devices (including but not limited to USB modem / pocket wi-fi / TV box). 2.6 Offer detail Credit offer Credit Amount Wi-Fi Service Plan* full credit back during the Term WiFi Service monthly fee $60 *Customer is required to register for WiFi service 2.7 If the Customer does not notify the Company of termination of the WiFi services specified above prior to the expiry of the Term, the Company shall automatically charge the Customer for the free services specified above at the prevailing monthly fee after the expiry of the Term. 2.8 The Customer shall use Credit Card auto pay to settle monthly fee during the Term. If the Customer does not settle his monthly payment by credit card autopay or uses a 3rd party credit card for payment, a prepayment is required (if applicable).

  • Emergency Mode Operation Plan Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic County PHI or PI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this Agreement for more than twenty-four (24) hours.