Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
System Access Control Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. Measures: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy • All personnel access SAP’s systems with a unique identifier (user ID). • SAP has procedures in place so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication.
Access Requirements You will be responsible for providing the System to enable you to use an Electronic Service.
Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. Measures: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. • SAP does not allow the installation of software that has not been approved by SAP. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.
EDD Independent Contractor Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the state.” The term is further defined by the California Employment Development Department to refer specifically to independent Contractors. An independent Contractor is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm
Access Control Supplier will maintain an appropriate access control policy that is designed to restrict access to Accenture Data and Supplier assets to authorized Personnel. Supplier will require that all accounts have complex passwords that contain letters, numbers, and special characters, be changed at least every 90 days, and have a minimum length of 8 characters.
System Access CUSTOMER agrees to provide to PROVIDER, at CUSTOMER’S expense, necessary access to the mainframe computer and related information technology systems (the “System”) on which CUSTOMER data is processed during the times (the “Service Hours”) specified in the PSAs, subject to reasonable downtime for utility outages, maintenance, performance difficulties and the like. In the event of a change in the Service Hours, CUSTOMER will provide PROVIDER with at least fifteen (15) calendar days written notice of such change.
Personnel Requirements a. The CONTRACTOR shall secure, at the CONTRACTOR'S own expense, all personnel required to perform this Contract.
Health Requirements This is an active trip that requires you to make a realistic assessment of your health. To enjoy the trips as intended, a minimum level of fitness is required. All Participants are expected to be in active good health, to be comfortable traveling as part of a group, and to be ready to experience cultural differences with grace. Air Journey will require prior notice if any participant has any physical or other condition or disability that would prevent them from participating in active elements of any trip and/or could create a hazard to him or herself or to other members of the group. Air Journey may require guests to produce a doctor’s certificate certifying that they are fit to participate. Any physical condition requiring special attention, diet, or treatment should be reported in writing when the reservation is made. We will make reasonable efforts to accommodate Participants with special needs; however, we cannot accommodate wheelchairs. . Walking and climbing stairs are required in many hotels and airports, and are part of many excursions. If you require a slower pace, extra assistance, or the use of a cane or walking stick, arrangements will be made for private touring at each destination, if necessary, at the discretion of our Journey staff. Any extra cost for such arrangements will be the responsibility of the Participant. If you would like to forego some of the scheduled sightseeing to rejuvenate and relax, please feel free to do so at any time. Acting reasonably, if Air Journey is unable to properly accommodate the need of the person(s) concerned or believes that health and safety may be compromised, Air Journey reserves the right to refuse participation. Air Journey also reserves the right to remove from the trip, at the participant’s own expense, anyone whose physical condition or conduct negatively impacts the enjoyment of the other guests or disrupts the tour. Malaria and other diseases may be present in some of the countries featured in this itinerary; proof of yellow fever inoculation may be required. For the latest recommendations on specific health precautions for the areas you will visit, consult your physician and the Centers for Disease Control. The participant represents that neither he nor she nor anyone traveling with him or her has any physical or other condition or disability that could create a hazard to himself or herself or other members of the tour. Itinerary Changes The itinerary and Journey leaders are subject to modification and change by Air Journey. Every reasonable effort will be made to operate the Journey as planned; however, should unforeseen world events and conditions require our itinerary to be altered, Air Journey reserves the right to do so for the safety and best interest of the group without prior notification or consultation. The operation of these flights is subject to the foreign governments involved granting landing rights for the flight. If the air carrier cannot obtain these rights for any particular flight leg of the Journey, that flight leg will be canceled and alternative arrangements may be made, at the discretion of Air Journey. Every effort will be made to operate tours as planned but alterations may occur after the final itinerary has been issued.
AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS Grantee shall have written, binding agreements with its employees and subcontractors that include provisions sufficient to give effect to and enable Grantee’s compliance with Grantee’s obligations under this Article VI, Intellectual Property.
