New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Please see the current Washtenaw Community College catalog for up-to-date program requirements Conditions & Requirements
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Bulk Registration Data Access to Icann Periodic Access to Thin Registration Data. In order to verify and ensure the operational stability of Registry Services as well as to facilitate compliance checks on accredited registrars, Registry Operator will provide ICANN on a weekly basis (the day to be designated by ICANN) with up-to-date Registration Data as specified below. Data will include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN.
Contractor Sales Reporting Vendor Management Fee Contractor Reports Master Contract Sales Reporting. Contractor shall report total Master Contract sales quarterly to Enterprise Services, as set forth below. Master Contract Sales Reporting System. Contractor shall report quarterly Master Contract sales in Enterprise Services’ Master Contract Sales Reporting System. Enterprise Services will provide Contractor with a login password and a vendor number. The password and vendor number will be provided to the Sales Reporting Representative(s) listed on Contractor’s Bidder Profile. Data. Each sales report must identify every authorized Purchaser by name as it is known to Enterprise Services and its total combined sales amount invoiced during the reporting period (i.e., sales of an entire agency or political subdivision, not its individual subsections). The “Miscellaneous” option may be used only with prior approval by Enterprise Services. Upon request, Contractor shall provide contact information for all authorized purchasers specified herein during the term of the Master Contract. If there are no Master Contract sales during the reporting period, Contractor must report zero sales. Due dates for Master Contract Sales Reporting. Quarterly Master Contract Sales Reports must be submitted electronically by the following deadlines for all sales invoiced during the applicable calendar quarter: March 31: April 30 June 30: July 31 September 30: October 31 December 31: January 31 Vendor Management Fee. Contractor shall pay to Enterprise Services a vendor management fee (“VMF”) of 1.50 percent on the purchase price for all Master Contract sales (the purchase price is the total invoice price less applicable sales tax). The sum owed by Contractor to Enterprise Services as a result of the VMF is calculated as follows: Amount owed to Enterprise Services = Total Master Contract sales invoiced (not including sales tax) x .0150. The VMF must be rolled into Contractor’s current pricing. The VMF must not be shown as a separate line item on any invoice unless specifically requested and approved by Enterprise Services. Enterprise Services will invoice Contractor quarterly based on Master Contract sales reported by Contractor. Contractors are not to remit payment until they receive an invoice from Enterprise Services. Contractor’s VMF payment to Enterprise Services must reference this Master Contract number, work request number (if applicable), the year and quarter for which the VMF is being remitted, and the Contractor’s name as set forth in this Master Contract, if not already included on the face of the check. Failure to accurately report total net sales, to submit a timely usage report, or remit timely payment of the VMF, may be cause for Master Contract termination or the exercise of other remedies provided by law. Without limiting any other available remedies, the Parties agree that Contractor’s failure to remit to Enterprise Services timely payment of the VMF shall obligate Contractor to pay to Enterprise Services, to offset the administrative and transaction costs incurred by the State to identify, process, and collect such sums. The sum of $200.00 or twenty-five percent (25%) of the outstanding amount, whichever is greater, or the maximum allowed by law, if less. Enterprise Services reserves the right, upon thirty (30) days advance written notice, to increase, reduce, or eliminate the VMF for subsequent purchases, and reserves the right to renegotiate Master Contract pricing with Contractor when any subsequent adjustment of the VMF might justify a change in pricing. Annual Master Contract Sales Report. Upon request, Contractor shall provide to Enterprise Services a detailed annual Master Contract sales report. Such report shall include, at a minimum: Product description, part number or other Product identifier, per unit quantities sold, and Master Contract price. This report must be provided in an electronic format that can be read by compatible with MS Excel. Small Business Inclusion. Upon Request by Enterprise Services, Contractor shall provide, within thirty (30) days, an Affidavit of Amounts Paid. Such Affidavit of Amounts Paid either shall state, if applicable, that Contractor still maintains its MWBE certification or state that its subcontractor(s) still maintain(s) its/their MWBE certification(s) and specify the amounts paid to each certified MWBE subcontractor under this Master Contract. Contractor shall maintain records supporting the Affidavit of Amounts Paid in accordance with this Master Contract’s records retention requirements.
FORMAT AND CONTENT FOR REGISTRY OPERATOR MONTHLY REPORTING Registry Operator shall provide one set of monthly reports per gTLD, using the API described in draft-‐xxxxxx-‐icann-‐registry-‐interfaces, see Specification 2, Part A, Section 9, reference 5, with the following content. ICANN may request in the future that the reports be delivered by other means and using other formats. ICANN will use reasonable commercial efforts to preserve the confidentiality of the information reported until three (3) months after the end of the month to which the reports relate. Unless set forth in this Specification 3, any reference to a specific time refers to Coordinated Universal Time (UTC). Monthly reports shall consist of data that reflects the state of the registry at the end of the month (UTC).
Anti-Money Laundering and Red Flag Identity Theft Prevention Programs The Trust acknowledges that it has had an opportunity to review, consider and comment upon the written procedures provided by USBFS describing various tools used by USBFS which are designed to promote the detection and reporting of potential money laundering activity and identity theft by monitoring certain aspects of shareholder activity as well as written procedures for verifying a customer’s identity (collectively, the “Procedures”). Further, the Trust and USBFS have each determined that the Procedures, as part of the Trust’s overall Anti-Money Laundering Program and Red Flag Identity Theft Prevention Program, are reasonably designed to: (i) prevent each Fund from being used for money laundering or the financing of terrorist activities; (ii) prevent identity theft; and (iii) achieve compliance with the applicable provisions of the Bank Secrecy Act, Fair and Accurate Credit Transactions Act of 2003 and the USA Patriot Act of 2001 and the implementing regulations thereunder. Based on this determination, the Trust hereby instructs and directs USBFS to implement the Procedures on the Trust’s behalf, as such may be amended or revised from time to time. It is contemplated that these Procedures will be amended from time to time by the parties as additional regulations are adopted and/or regulatory guidance is provided relating to the Trust’s anti-money laundering and identity theft responsibilities. USBFS agrees to provide to the Trust:
(a) Prompt written notification of any transaction or combination of transactions that USBFS believes, based on the Procedures, evidence money laundering or identity theft activities in connection with the Trust or any Fund shareholder;
(b) Prompt written notification of any customer(s) that USBFS reasonably believes, based upon the Procedures, to be engaged in money laundering or identity theft activities, provided that the Trust agrees not to communicate this information to the customer;
(c) Any reports received by USBFS from any government agency or applicable industry self-regulatory organization pertaining to USBFS’ Anti-Money Laundering Program or the Red Flag Identity Theft Prevention Program on behalf of the Trust;
(d) Prompt written notification of any action taken in response to anti-money laundering violations or identity theft activity as described in (a), (b) or (c) immediately above; and
(e) Certified annual and quarterly reports of its monitoring and customer identification activities pursuant to the Procedures on behalf of the Trust. The Trust hereby directs, and USBFS acknowledges, that USBFS shall (i) permit federal regulators access to such information and records maintained by USBFS and relating to USBFS’ implementation of the Procedures, on behalf of the Trust, as they may request, and (ii) permit such federal regulators to inspect USBFS’ implementation of the Procedures on behalf of the Trust.
Trunk Group Architecture and Traffic Routing 5.2.1 The Parties shall jointly establish Access Toll Connecting Trunks between CLEC and CBT by which they will jointly provide Tandem-transported Switched Exchange Access Services to Interexchange Carriers to enable such Interexchange Carriers to originate and terminate traffic from and to CLEC's Customers.
5.2.2 Access Toll Connecting Trunks shall be used solely for the transmission and routing of Exchange Access and non-translated Toll Free traffic (e.g., 800/888) to allow CLEC’s Customers to connect to or be connected to the interexchange trunks of any Interexchange Carrier that is connected to the CBT access Tandem.
5.2.3 The Access Toll Connecting Trunks shall be one-way or two-way trunks, as mutually agreed, connecting an End Office Switch that CLEC utilizes to provide Telephone Exchange Service and Switched Exchange Access Service in the given LATA to an access Tandem Switch CBT utilizes to provide Exchange Access in the LATA.
Pricing for Registry Services (a) With respect to initial domain name registrations, Registry Operator shall provide ICANN and each ICANN accredited registrar that has executed the registry-‐registrar agreement for the TLD advance written notice of any price increase (including as a result of the elimination of any refunds, rebates, discounts, product tying or other programs which had the effect of reducing the price charged to registrars, unless such refunds, rebates, discounts, product tying or other programs are of a limited duration that is clearly and conspicuously disclosed to the registrar when offered) of no less than thirty (30) calendar days. Registry Operator shall offer registrars the option to obtain initial domain name registrations for periods of one (1) to ten (10) years at the discretion of the registrar, but no greater than ten (10) years.
(b) With respect to renewal of domain name registrations, Registry Operator shall provide ICANN and each ICANN accredited registrar that has executed the registry-‐registrar agreement for the TLD advance written notice of any price increase (including as a result of the elimination of any refunds, rebates, discounts, product tying, Qualified Marketing Programs or other programs which had the effect of reducing the price charged to registrars) of no less than one hundred eighty (180) calendar days. Notwithstanding the foregoing sentence, with respect to renewal of domain name registrations: (i) Registry Operator need only provide thirty (30) calendar days notice of any price increase if the resulting price is less than or equal to (A) for the period beginning on the Effective Date and ending twelve (12) months following the Effective Date, the initial price charged for registrations in the TLD, or (B) for subsequent periods, a price for which Registry Operator provided a notice pursuant to the first sentence of this Section 2.10(b) within the twelve (12) month period preceding the effective date of the proposed price increase; and (ii) Registry Operator need not provide notice of any price increase for the imposition of the Variable Registry-‐Level Fee set forth in Section 6.3. Registry Operator shall offer registrars the option to obtain domain name registration renewals at the current price (i.e., the price in place prior to any noticed increase) for periods of one (1) to ten (10) years at the discretion of the registrar, but no greater than ten (10) years.
(c) In addition, Registry Operator must have uniform pricing for renewals of domain name registrations (“Renewal Pricing”). For the purposes of determining Renewal Pricing, the price for each domain registration renewal must be identical to the price of all other domain name registration renewals in place at the time of such renewal, and such price must take into account universal application of any refunds, rebates, discounts, product tying or other programs in place at the time of renewal. The foregoing requirements of this Section 2.10(c) shall not apply for (i) purposes of determining Renewal Pricing if the registrar has provided Registry Operator with documentation that demonstrates that the applicable registrant expressly agreed in its registration agreement with registrar to higher Renewal Pricing at the time of the initial registration of the domain name following clear and conspicuous disclosure of such Renewal Pricing to such registrant, and (ii) discounted Renewal Pricing pursuant to a Qualified Marketing Program (as defined below). The parties acknowledge that the purpose of this Section 2.10(c) is to prohibit abusive and/or discriminatory Renewal Pricing practices imposed by Registry Operator without the written consent of the applicable registrant at the time of the initial registration of the domain and this Section 2.10(c) will be interpreted broadly to prohibit such practices. For purposes of this Section 2.10(c), a “Qualified Marketing Program” is a marketing program pursuant to which Registry Operator offers discounted Renewal Pricing, provided that each of the following criteria is satisfied: (i) the program and related discounts are offered for a period of time not to exceed one hundred eighty (180) calendar days (with consecutive substantially similar programs aggregated for purposes of determining the number of calendar days of the program), (ii) all ICANN accredited registrars are provided the same opportunity to qualify for such discounted Renewal Pricing; and (iii) the intent or effect of the program is not to exclude any particular class(es) of registrations (e.g., registrations held by large corporations) or increase the renewal price of any particular class(es) of registrations. Nothing in this Section 2.10(c) shall limit Registry Operator’s obligations pursuant to Section 2.10(b).
(d) Registry Operator shall provide public query-‐based DNS lookup service for the TLD (that is, operate the Registry TLD zone servers) at its sole expense.
Vendor Certification of Criminal History Texas Education Code Chapter 22 8 Texas Education Code Chapter 22 requires entities that contract with school districts to provide services to obtain DEFINITIONS Covered employees: Employees of a contractor or subcontractor who have or will have continuing duties related to the service to be performed at the District and have or will have direct contact with students. The District will be the final arbiter of what constitutes direct contact with students. Disqualifying criminal history: Any conviction or other criminal history information designated by the District, or one of the following offenses, if at the time of the offense, the victim was under 18 or enrolled in a public school: (a) a felony offense under Title 5, Texas Penal Code; (b) an offense for which a defendant is required to register as a sex offender under Chapter 62, Texas Code of Criminal Procedure; or (c) an equivalent offense under federal law or the laws of another state. Vendor certifies: NONE (Section A): None of the employees of Vendor and any subcontractors are covered employees, as defined above. If this box is checked, I further certify that Contractor has taken precautions or imposed conditions to ensure that the employees of Vendor and any subcontractor will not become covered employees. Contractor will maintain these precautions or conditions throughout the time the contracted services are provided under this procurement. SOME (Section B): Some or all of the employees of Vendor and any subcontractor are covered employees. If this box is checked, I further certify that: (1) Vendor has obtained all required criminal history record information regarding its covered employees. None of the covered employees has a disqualifying criminal history; (2) If Vendor receives information that a covered employee subsequently has a reported criminal history, Vendor will immediately remove the covered employee from contract duties and notify the purchasing entity in writing within 3 business days; (3) Upon request, Vendor will provide the purchasing entity with the name and any other requested information of covered employees so that the purchasing entity may obtain criminal history record information on the covered employees; (4) If the purchasing entity objects to the assignment of a covered employee on the basis of the covered employee's criminal history record information, Xxxxxx agrees to discontinue using that covered employee to provide services at the purchasing entity. Certification Regarding "Choice of Law" Terms with TIPS Members Certification Regarding "Venue" Terms with TIPS Members Certification Regarding "Automatic Renewal" Terms with TIPS Members Certification Regarding "Indemnity" Terms with TIPS Members Certification Regarding "Arbitration" Terms with TIPS Members
