System Security Plan (O&M Clause Samples

System Security Plan (O&M. (a) The Concessionaire shall prepare and submit to RTD for RTD's approval a plan (the System Security Plan (O&M) or SSP (O&M)) establishing its approach to security management and threat and vulnerability management. The SSP (O&M) shall be in accordance with applicable Law and the standards of the APTA, FRA and DHS. [CDRL #10-21] No later than five days following RTD's confirmation that the SSP (O&M) complies with the relevant requirements, RTD will submit such plan to the FTA and the FRA and any other Relevant Authority on the Concessionaire's behalf. The Concessionaire shall not amend, modify or vary the SSP (O&M) that RTD has submitted to the FTA, the FRA and any Relevant Authority at any time without the approval of RTD and such Relevant Authority. (b) The SSP (O&M) shall include a detailed security staffing and operations plan (the Security Staffing Plan) setting forth all aspects of security staffing and operations, necessary to achieve compliance with Law and the standards set forth in Section 8.3(a), including: (i) minimum hiring qualifications; (ii) training standards and training programs emphasizing professionalism, courtesy, customer service and ambassadorship; (iii) the roles and responsibilities of the Security Command Center staff; and (iv) patrol duties for security officers (if any). (c) The Security Staffing Plan shall be materially consistent with RTD's current security personnel staffing and security operations, as updated from time to time. (d) The Concessionaire shall at least annually review the SSP (O&M); update the SSP (O&M) to ensure continued compliance with each of the Concessionaire's obligations in this Section 8; and submit such updates to RTD. [CDRL #10-21] RTD will follow the process described in paragraph (a) above with regard to review, approval and submittal to Relevant Authorities on the Concessionaire's behalf of such updates to the SSP (O&M).
View Source

Related to System Security Plan (O&M

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.

  • Security Plan The Business Continuity Plan and the Disaster Recovery Plan may be combined into one document. Additionally, at the beginning of each State Fiscal Year, if the MCO modifies the following documents, it must submit the revised documents and corresponding checklists for HHSC’s review and approval:

  • System Security Review All systems processing and/or storing County PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.