Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Security Controls Annually, upon Fund’s reasonable request, Transfer Agent shall provide Fund’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent’s Security Policy and an opportunity to discuss Transfer Agent’s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent’s information technology management team. Transfer Agent shall review its Security Policy annually.
Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.
Implementation of and Reporting on the Project A. The Grantee shall implement and complete the Project in accordance with Exhibit A and with the plans and specifications contained in its Grant Application, which is on file with the State and is incorporated by reference. Modification of the Project shall require prior written approval of the State.
Administrative Controls The Contractor must have the following controls in place:
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Subsidy Requests and Reporting Requirements 1. The Grantee or Management Company shall complete a CRF Subsidy Request Report - Recap of Tenant Income Certification, which provides a unit-by-unit listing of all units in the Development for whom assistance is being requested and gives detailed information including the occupants’ eligibility, set-aside requirements, amount of household rent paid, utility allowance and amount of CRF Rental Subsidy requested.
Audit Controls P. Contractor agrees to an annual system security review by the County to assure that systems processing and/or storing Medi-Cal PII are secure. This includes audits and keeping records for a period of at least three (3) years. A routine procedure for system review to catch unauthorized access to Medi-Cal PII shall be established by the Contractor.
Safeguards Monitoring and Reporting 8. The Borrower shall do the following or cause the Project Executing Agency to do the following:
PERFORMANCE MONITORING AND REPORTING Performance indicators
