Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Project Implementation Manual The Recipient, through the PCU, shall: (i) take all action required to carry out Parts 1.1, 1.3, 1.4, 2, 3.1(b), 3.2, 3.3 and 4 (ii) of the Project in accordance with the provisions and requirements set forth or referred to in the Project Implementation Manual; (ii) submit recommendations to the Association for its consideration for changes and updates of the Project Implementation Manual as they may become necessary or advisable during Project implementation in order to achieve the objective of Parts 1.1, 1.3, 1.4, 2, 3.1(b), 3.2, 3.3 and 4(ii) of the Project; and (iii) not assign, amend, abrogate or waive the Project Implementation Manual or any of its provisions without the Association’s prior agreement. Notwithstanding the foregoing, if any of the provisions of the Project Implementation Manual is inconsistent with the provisions of this Agreement, the provisions of this Agreement shall prevail and govern.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.
DISTRIBUTION OF CONTRACTOR PRICE LIST AND CONTRACT APPENDICES Contractor shall provide Authorized Users with electronic copies of the Contract, including price lists and Appendices, upon request. Contract Updates will be handled as provided in Appendix C – Contract Modification Procedures.
Interconnection Facilities Engineering Procurement and Construction Interconnection Facilities, Network Upgrades, and Distribution Upgrades shall be studied, designed, and constructed pursuant to Good Utility Practice. Such studies, design and construction shall be based on the assumed accuracy and completeness of all technical information received by the Participating TO and the CAISO from the Interconnection Customer associated with interconnecting the Large Generating Facility.
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes. 11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses. 11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.
Software and Documentation Licensee may make as many copies of the Software necessary for it to use the Software as licensed. Each copy of the Software made by Licensee must contain the same copyright and other notices that appear on the original copy. Licensee will not modify the Documentation. Documentation may: (a) only be used to support Licensee’s use of the Software; (b) not be republished or redistributed to any unauthorized third party; and (c) not be distributed or used to conduct training for which Licensee, or any other party, receives a fee. Licensee will not copy any system schema reference document related to the Software.
Documentation and compliance (a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. (b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. (c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
Implementation Report Within 150 days after the Effective Date, Ensign Group shall submit a written report to OIG summarizing the status of its implementation of the requirements of this CIA (Implementation Report). The Implementation Report shall, at a minimum, include: 1. the name, address, phone number, and position description of the Compliance Officer required by Section III.A, and a summary of other noncompliance job responsibilities the Compliance Officer may have; 2. the names and positions of the members of the Compliance Committee required by Section III.A; 3. the names and positions of the members of the Board of Directors who are responsible for satisfying the Board of Directors compliance obligations described in Section III.A.3; 4. a copy of Ensign Group’s Code of Conduct required by Section III.B.1; 5. the number of individuals required to complete the Code of Conduct certification required by Section III.B.1, the percentage of individuals who have completed such certification, and an explanation of any exceptions (the documentation supporting this information shall be available to OIG upon request); 6. a summary of all Policies and Procedures required by Section III.B (copies of the Policies and Procedures shall be made available to OIG upon request); 7. the following information regarding each type of training required by Section III.C: a. a description of such training, including a summary of the topics covered, the length of sessions, and a schedule of training sessions; b. the number of individuals required to be trained, percentage of individuals actually trained, and an explanation of any exceptions. A copy of all training materials and the documentation supporting this information shall be made available to OIG upon request. 8. a description of the Disclosure Program required by Section III.E; 9. the following information regarding the IRO(s): (a) identity, address, and phone number; (b) a copy of the engagement letter; (c) information to demonstrate that the IRO has the qualifications outlined in Appendix A to this CIA; (d) a summary and description of any and all current and prior engagements and agreements between Ensign Group and the IRO; and (e) a certification from the IRO regarding its professional independence and objectivity with respect to Ensign Group; 10. a description of the process by which Ensign Group fulfills the requirements of Section III.F regarding Ineligible Persons; 11. a list of all of Ensign Group’s locations (including locations and mailing addresses); the corresponding name under which each location is doing business; the corresponding phone numbers and fax numbers; each location’s Medicare and state Medicaid program provider number and/or supplier number(s); and the name and address of each Medicare and state Medicaid program contractor to which Ensign Group currently submits claims; 12. a description of Ensign Group’s corporate structure, including identification of any parent and sister companies, subsidiaries, and their respective lines of business; and
Documentation and Record Keeping 1. Records to be Maintained Subrecipient shall maintain all records required by the Federal regulations specified in 24 CFR 570.506 that are pertinent to the activities to be funded under this Contract. Such records shall include, but not be limited to: a. Records providing a full description of each activity undertaken; b. Records demonstrating that each activity undertaken meets the one of the National Objectives of the CDBG program; c. Records required to determine the eligibility of activities; d. Records required to document the acquisition, improvement, use, or disposition of real property acquired or improved with CDBG assistance; e. Records documenting compliance with the fair housing and equal opportunity components of the CDBG program; f. Financial records as required by federal regulations 24 CFR 570.502, and 24 CFR 84.21-28; and g. Other records necessary to document compliance with Subpart K of 23 CFR.
