Passwords and Employee Access Provider shall secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Article 4.3 of NIST 800-63-3. Provider shall only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data shall have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records shall pass criminal background checks.
Information Safeguards Business Associate will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of and to prevent non-permitted use or disclosure of PHI created for or received from Recipient or its Subsidiaries. These safeguards must be appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities. Business Associate agrees that these safeguards will meet any applicable requirements set forth by the U.S. Department of Health and Human Services, including (as of the effective date or as of the compliance date, whichever is applicable) any requirements set forth in the final HIPAA security regulations. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate resulting from a use or disclosure of PHI by Business Associate in violation of the requirements of this Addendum.
Contractor’s Project Manager and Key Personnel Contractor shall appoint a Project Manager to direct the Contractor’s efforts in fulfilling Contractor’s obligations under this Contract. This Project Manager shall be subject to approval by the County and shall not be changed without the written consent of the County’s Project Manager, which consent shall not be unreasonably withheld. The Contractor’s Project Manager shall be assigned to this project for the duration of the Contract and shall diligently pursue all work and services to meet the project time lines. The County’s Project Manager shall have the right to require the removal and replacement of the Contractor’s Project Manager from providing services to the County under this Contract. The County’s Project manager shall notify the Contractor in writing of such action. The Contractor shall accomplish the removal within five (5) business days after written notice by the County’s Project Manager. The County’s Project Manager shall review and approve the appointment of the replacement for the Contractor’s Project Manager. The County is not required to provide any additional information, reason or rationale in the event it The County is not required to provide any additional information, reason or rationale in the event it requires the removal of Contractor’s Project Manager from providing further services under the Contract.
Business Associate’s Subcontractors and Agents BA shall ensure that any agents and subcontractors that create, receive, maintain or transmit Protected Information on behalf of BA, agree in writing to the same restrictions and conditions that apply to BA with respect to such Protected Information and implement the safeguards required by paragraph 3.4 above with respect to Electronic PHI [45 C.F.R. Section 164.504(e)(2)(ii)(D); 45 C.F.R. Section 164.308(b)] BA shall implement and maintain sanctions against agents and subcontractors that violate such restrictions and conditions and shall mitigate the effects of any such violation [45 C.F.R. Sections 164.530(f) and 164.530(e)(1)].
Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.
Contractor Key Personnel The Contractor shall assign a Corporate OASIS SB Program Manager (COPM) and Corporate OASIS SB Contract Manager (COCM) as Contractor Key Personnel to represent the Contractor as primary points-of-contact to resolve issues, perform administrative duties, and other functions that may arise relating to OASIS SB and task orders solicited and awarded under OASIS SB. Additional Key Personnel requirements may be designated by the OCO at the task order level. There is no minimum qualification requirements established for Contractor Key Personnel. Additionally, Contractor Key Personnel do not have to be full-time positions; however, the Contractor Key Personnel are expected to be fully proficient in the performance of their duties. The Contractor shall ensure that the OASIS SB CO has current point-of-contact information for both the COPM and COCM. In the event of a change to Contractor Key Personnel, the Contractor shall notify the OASIS SB CO and provide all Point of Contact information for the new Key Personnel within 5 calendar days of the change. All costs associated with Contractor Key Personnel duties shall be handled in accordance with the Contractor’s standard accounting practices; however, no costs for Contractor Key Personnel may be billed to the OASIS Program Office. Failure of Contractor Key Personnel to effectively and efficiently perform their duties will be construed as conduct detrimental to contract performance and may result in activation of Dormant Status and/or Off-Ramping (See Sections H.16. and H.17.).
Contractor Parties A Contractor’s members, directors, officers, shareholders, partners, managers, principal officers, representatives, agents, servants, consultants, employees or any one of them or any other person or entity with whom the Contractor is in privity of oral or written contract and the Contractor intends for such other person or entity to Perform under the Contract in any capacity.
Subrecipient’s Project Manager and Key Personnel Subrecipient shall appoint a Project Manager to direct the Subrecipient’s efforts in fulfilling Subrecipient’s obligations under this Contract. This Project Manager shall be subject to approval by the County and shall not be changed without the written consent of the County’s Project Manager, which consent shall not be unreasonably withheld. The Subrecipient’s Project Manager, in consultation and agreement with County, shall be assigned to this project for the duration of the Contract and shall diligently pursue all work and services to meet the project time lines. The County’s Project Manager shall have the right to require the removal and replacement of the Subrecipient’s Project Manager from providing services to the County under this Contract. The County’s Project Manager shall notify the Subrecipient in writing of such action. The Subrecipient shall accomplish the removal within five (5) business days after written notice by the County’s Project Manager. The County’s Project Manager shall review and approve the appointment of the replacement for the Subrecipient’s Project Manager. The County is not required to provide any additional information, reason or rationale in the event it The County is not required to provide any additional information, reason or rationale in the event it requires the removal of Subrecipient’s Project Manager from providing further services under the Contract.
EMPLOYEES, SUBCONTRACTORS AND AGENTS All employees, Subcontractors, or agents of the Contractor performing work under the Contract must be trained staff or technicians who meet or exceed the professional, technical, and training qualifications set forth in the Contract or the Purchase Order, and must comply with all security and administrative requirements of the Authorized User that are communicated to the Contractor. The Commissioner and the Authorized User reserve the right to conduct a security background check or otherwise approve any employee, Subcontractor, or agent furnished by Contractor and to refuse access to or require replacement of any personnel for cause based on professional, technical or training qualifications, quality of work or change in security status or non-compliance with Authorized User’s security or other requirements. Such approval shall not relieve the Contractor of the obligation to perform all work in compliance with the Contract or the Purchase Order. The Commissioner and the Authorized User reserve the right to reject and/or bar from any facility for cause any employee, Subcontractor, or agent of the Contractor.
