New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Subsidy Requests and Reporting Requirements 1. The Grantee or Management Company shall complete a CRF Subsidy Request Report - Recap of Tenant Income Certification, which provides a unit-by-unit listing of all units in the Development for whom assistance is being requested and gives detailed information including the occupants’ eligibility, set-aside requirements, amount of household rent paid, utility allowance and amount of CRF Rental Subsidy requested.
2. The CRF Subsidy Request Report - Recap of Tenant Income Certification shall be prepared as of the last day of each calendar month during the period of performance and shall be submitted to XXXXxxxxxxxx@XxxxxxxXxxxxxx.xxx and Florida Housing’s monitoring agent no later than the 15th day of the following month. The December 2020 request will be due on or before December 15th. The Grantee will submit executed Coronavirus Relief Fund Rental Assistance Applications and supporting documentation to Florida Housing’s monitoring agent within 5 days upon the monitoring agent’s request.
Minimum Site Requirements for TIPS Sales (when applicable to TIPS Sale). Cleanup: When performing work on site at a TIPS Member’s property, Vendor shall clean up and remove all debris and rubbish resulting from their work as required or directed by the TIPS Member or as agreed by the parties. Upon completion of work, the premises shall be left in good repair and an orderly, neat, clean and unobstructed condition. Preparation: Vendor shall not begin a project for which a TIPS Member has not prepared the site, unless Vendor does the preparation work at no cost, or until TIPS Member includes the cost of site preparation in the TIPS Sale Site preparation includes, but is not limited to: moving furniture, installing wiring for networks or power, and similar pre‐installation requirements. Registered Sex Offender Restrictions: For work to be performed at schools, Vendor agrees that no employee of Vendor or a subcontractor who has been adjudicated to be a registered sex offender will perform work at any time when students are, or reasonably expected to be, present unless otherwise agreed by the TIPS Member. Vendor agrees that a violation of this condition shall be considered a material breach and may result in the cancellation of the TIPS Sale at the TIPS Member’s discretion. Vendor must identify any additional costs associated with compliance of this term. If no costs are specified, compliance with this term will be provided at no additional charge. Safety Measures: Vendor shall take all reasonable precautions for the safety of employees on the worksite, and shall erect and properly maintain all necessary safeguards for protection of workers and the public. Vendor shall post warning signs against all hazards created by the operation and work in progress. Proper precautions shall be taken pursuant to state law and standard practices to protect workers, general public and existing structures from injury or damage. Smoking: Persons working under Agreement shall adhere to the TIPS Member’s or local smoking statutes, codes, ordinances, and policies.
Health, Safety and Security 14.1 The Employer recognizes a responsibility to provide an environment intended to protect the health, safety and security of Members as they carry out their responsibilities. To that end, the Employer agrees:
(a) to maintain a Joint Health and Safety Committee (the JHSC) with broad representation drawn from all sectors of the University, including at least one (1) person appointed by the Association;
(b) to cooperate with the Association in making every reasonable provision for the safety, health and security of Members;
(c) to take reasonable measures to maintain the security of the buildings and grounds while at the same time maintaining reasonable access for Members who have a need for such access at times other than during regular working hours;
(d) to ensure that the Association has the right to appoint at least one (1) person to any representative committee whose terms of reference specifically include the health, safety or security of Members as they carry out their responsibilities;
(e) to comply with the Occupational Health and Safety Act, R.S.O. 1990, and relevant regulations thereto, as amended from time to time (the “Act”);
(f) that Members may refuse unsafe work pursuant to and in accordance with the relevant provisions of the Act for so doing;
(g) that Members report any known or potential dangers to their Xxxx;
(h) In addition, the Employer agrees:
i) to provide Members with health and safety training, personal protective equipment, and access to health and safety programs, policies and procedures;
ii) to provide resources for the JHSC;
iii) to compensate a CASBU Member who is eligible to be, and serves as, the person appointed by the Association to the JHSC when that service is outside the period of the Member’s contract;
iv) to provide training for the person appointed by the Association to the JHSC directly related to their duties and responsibilities in connection with the JHSC;
v) to recognize a JHSC Member’s right to be present during workplace safety testing and audits and receive written copies of any reports and recommendations from the testing/audits and a copy of a draft report if one is provided to the Employer;
vi) to recognize a JHSC Member’s right to have advance notice when advance notice is given by the Ministry of Labour of any Ministry of Labour inspection and to accompany a Ministry of Labour Inspector during an inspection and receive a copy of any report produced by the inspector.
14.2 The parties agree that all personal communications must adhere to the Personal Harassment and Discrimination Policy and the Nipissing University Acceptable Use Policy. Effective June 10, 2006, universities are subject to the Freedom of Information and Protection of Privacy Act (FIPPA). All records in the custody and control of the University will be subject to FIPPA with exceptions as defined by the Act. Persons may request and have a right to access University information or records. A record is defined under the Act as any record of information however recorded, whether in printed or electronic form, film, or otherwise and includes drafts, post-it notes, margin notes, hard drive files, emails, voice mails, electronic agendas, address books, and recording devices.
14.3 Unless required under FIPPA, and for the purposes of this Article, files are documents under a Member’s control and stored on University property, either in paper or electronic form. Such files do not include the Member’s official file in the Xxxx’x office nor the Personnel File of the Member in the Human Resources office.
14.4 On termination of a Member’s employment for any reason other than cause, the Employer will permit, by appointment only, accompanied access for a period of fifteen (15) working days (or longer with the agreement of the Xxxx) by the former Member or the Member’s executors to the Member’s files, whether in paper or electronic format. The purpose of the allowed access is for transferring required documents to other faculty, the Chair, or the Xxxx. Where files are not required to support continued student academic needs or ongoing operational requirements, the former Member or designate may remove or destroy their personal files. Items that are clearly of a personal nature or are owned by the former Member such as furniture, pictures, books, etc., may be removed at this time.
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
