Administrative Controls. The Contractor must have the following controls in place:
a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Contractor staff for violating that policy.
b. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data.
c. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data.
Administrative Controls. VENDOR shall establish, document and maintain adequate administrative, financial, and internal controls to ensure that only allowable and reasonable costs are expended under this AGREEMENT.
Administrative Controls. The Contractor must have the following controls in place:
a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Contractor staff for violating that policy.
b. Security awareness training for all employees, presented at least annually, which informs Contractor staff of their responsibilities under the Contractor’s security policy. If the Contractor does not have an appropriate security awareness course, any of their staff who will work with the Data or systems housing the Data, must successfully complete the DSHS Information Security Awareness Training, which can be taken on this web page: xxxxx://xxx.xxxx.xx.xxx/fsa/central- contract-services/it-security-awareness-training.
c. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data.
d. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data.
Administrative Controls. The Indian Nation must have the following controls in place:
a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Indian Nation staff for violating that policy.
b. If the Data shared under this agreement is classified as Category 4, the Indian Nation must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data.
c. If Confidential Information shared under this agreement is classified as Category 4, the Indian Nation must have a documented risk assessment for the system(s) housing the Category 4 Data.
Administrative Controls i. We will, to the extent legally permitted and in accordance with Our internal policies and processes, perform industry standard background checks on Our employees and subcontractors with access to Customer Data.
ii. Our employees are required to gain and maintain certification within Our security awareness and training program.
Administrative Controls. Recovery shall establish, document and maintain adequate administrative, financial, and internal controls to ensure that only allowable and reasonable costs are expanded under this AGREEMENT.
Administrative Controls. Recovery Healthcare Corporation shall establish, document and maintain adequate administrative, financial, and internal controls to ensure that only allowable and reasonable costs are expanded under this AGREEMENT.
Administrative Controls. The Contractor must have the following controls in place:
Administrative Controls. The Contractor must have the following controls in place:
a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Contractor staff for violating that policy.
b. Any data center security controls must meet or exceed those expected by the Federal Information Security Management Act (FISMA) for low to moderate impact systems as described in FIPS 199 and 200, and in the most current release of National Institute of Standards and Technology (NIST) Special Publications SP800- 53, including all other referenced NIST publications.
c. Contractor warrants that all data collected, processed, routed, and/or stored by or through the service, or third-party service providers, remains at all times within the United States.
d. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data.
e. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data.
Administrative Controls. Institute Members shall create and enforce policies and procedures, and implement training and certification programs and requirements, related to their employees and/or independent contractors, which will be reviewed and authorized by the Proprietary Information Committee on an annual basis. Recommended administrative controls may include (without limitation): Onboarding checklists and exit interview policies and procedures that make joining and departing employees aware of their obligations to Institute related to confidentiality and trade secrets; vetting new employees to ensure that they are not bound by contractual obligations, such as non-competes and intellectual property agreements, with former employers that are in conflict with Institute objectives; work from home policies and procedures; social media and internet usage policies and procedures, cellular/smart phone usage policies; annual trade secret audits; employment and/or independent contractor agreements that include confidentiality, non-analysis, non-compete, and patent assignment clauses; mandatory training of all employees and independent contractors on the protection of confidential proprietary information and trade secrets; and penalties for non- compliance or disclosure by employees and/or independent contractors.
