Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. Measures: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. • SAP does not allow the installation of software that has not been approved by SAP. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.
System Access Control Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. Measures: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy • All personnel access SAP’s systems with a unique identifier (user ID). • SAP has procedures in place so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication.
Access Control Supplier will maintain an appropriate access control policy that is designed to restrict access to Accenture Data and Supplier assets to authorized Personnel. Supplier will require that all accounts have complex passwords that contain letters, numbers, and special characters, be changed at least every 90 days, and have a minimum length of 8 characters.
Contractor Employees 10.1 Details of any individuals employed by contractors working in the school.
Information about Contractor Employees 23.1. The Authority may by notice require the Contractor to disclose such information as the Authority may require relating to those of the Contractor’s employees carrying out activities under or connected with the Framework Agreement.
Contractor Key Personnel The Contractor shall assign a Corporate OASIS SB Program Manager (COPM) and Corporate OASIS SB Contract Manager (COCM) as Contractor Key Personnel to represent the Contractor as primary points-of-contact to resolve issues, perform administrative duties, and other functions that may arise relating to OASIS SB and task orders solicited and awarded under OASIS SB. Additional Key Personnel requirements may be designated by the OCO at the task order level. There is no minimum qualification requirements established for Contractor Key Personnel. Additionally, Contractor Key Personnel do not have to be full-time positions; however, the Contractor Key Personnel are expected to be fully proficient in the performance of their duties. The Contractor shall ensure that the OASIS SB CO has current point-of-contact information for both the COPM and COCM. In the event of a change to Contractor Key Personnel, the Contractor shall notify the OASIS SB CO and provide all Point of Contact information for the new Key Personnel within 5 calendar days of the change. All costs associated with Contractor Key Personnel duties shall be handled in accordance with the Contractor’s standard accounting practices; however, no costs for Contractor Key Personnel may be billed to the OASIS Program Office. Failure of Contractor Key Personnel to effectively and efficiently perform their duties will be construed as conduct detrimental to contract performance and may result in activation of Dormant Status and/or Off-Ramping (See Sections H.16. and H.17.).
Contractor Certification for Contractor Employees Introduction Texas Education Code Chapter 22 requires entities that contract with school districts to provide services to obtain criminal history record information regarding covered employees. Contractors must certify to the district that they have complied. Covered employees with disqualifying criminal histories are prohibited from serving at a school district. Definitions: Covered employees: Employees of a contractor or subcontractor who have or will have continuing duties related to the service to be performed at the District and have or will have direct contact with students. The District will be the final arbiter of what constitutes direct contact with students. Disqualifying criminal history: Any conviction or other criminal history information designated by the District, or one of the following offenses, if at the time of the offense, the victim was under 18 or enrolled in a public school: (a) a felony offense under Title 5, Texas Penal Code; (b) an offense for which a defendant is required to register as a sex offender under Chapter 62, Texas Code of Criminal Procedure; or (c) an equivalent offense under federal law or the laws of another state. I certify that: NONE (Section A) of the employees of Contractor and any subcontractors are covered employees, as defined above. If this box is checked, I further certify that Contractor has taken precautions or imposed conditions to ensure that the employees of Contractor and any subcontractor will not become covered employees. Contractor will maintain these precautions or conditions throughout the time the contracted services are provided. OR SOME (Section B) or all of the employees of Contractor and any subcontractor are covered employees. If this box is checked, I further certify that: (1) Contractor has obtained all required criminal history record information regarding its covered employees. None of the covered employees has a disqualifying criminal history. (2) If Contractor receives information that a covered employee subsequently has a reported criminal history, Contractor will immediately remove the covered employee from contract duties and notify the District in writing within 3 business days. (3) Upon request, Contractor will provide the District with the name and any other requested information of covered employees so that the District may obtain criminal history record information on the covered employees. (4) If the District objects to the assignment of a covered employee on the basis of the covered employee's criminal history record information, Contractor agrees to discontinue using that covered employee to provide services at the District. Noncompliance or misrepresentation regarding this certification may be grounds for contract termination. None Texas Business and Commerce Code § 272 Requirements as of 9-1-2017 SB 807 prohibits construction contracts to have provisions requiring the contract to be subject to the laws of another state, to be required to litigate the contract in another state, or to require arbitration in another state. A contract with such provisions is voidable. Under this new statute, a “construction contract” includes contracts, subcontracts, or agreements with (among others) architects, engineers, contractors, construction managers, equipment lessors, or materials suppliers. “Construction contracts” are for the design, construction, alteration, renovation, remodeling, or repair of any building or improvement to real property, or for furnishing materials or equipment for the project. The term also includes moving, demolition, or excavation. BY RESPONDING TO THIS SOLICITATION, AND WHEN APPLICABLE, THE PROPOSER AGREES TO COMPLY WITH THE TEXAS BUSINESS AND COMMERCE CODE § 272 WHEN EXECUTING CONTRACTS WITH TIPS MEMBERS THAT ARE TEXAS GOVERNMENT ENTITIES. 7 5 Texas Government Code 2270 Verification Form Texas Government Code 2270 Verification Form Texas 2017 House Xxxx 89 has been signed into law by the governor and as of September 1, 2017 will be codified as Texas Government Code § 2270 and 808 et seq. The relevant section addressed by this form reads as follows: Texas Government Code Sec. 2270.002. PROVISION REQUIRED IN CONTRACT. A governmental entity may not enter into a contract with a company for goods or services unless the contract contains a written verification from the company that it: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the contract engaged by: ESC Region 8/The Interlocal Purchasing System (TIPS) 0000 Xxxxxxx 000 Xxxxx Xxxxxxxxx,XX,00000 I verify by this writing that the above-named company affirms that it (1) does not boycott Israel; and (2) will not boycott Israel during the term of this contract, or any contract with the above-named Texas governmental entity in the future. I further affirm that if our company’s position on this issue is reversed and this affirmation is no longer valid, that the above-named Texas governmental entity will be notified in writing within one (1) business day and we understand that our company’s failure to affirm and comply with the requirements of Texas Government Code 2270 et seq. shall be grounds for immediate contract termination without penalty to the above-named Texas governmental entity. AND Our company is not listed on and we do not do business with companies that are on the the Texas Comptroller of Public Accounts list of Designated Foreign Terrorists Organizations per Texas Gov't Code 2270.0153 found at xxxxx://xxxxxxxxxxx.xxxxx.xxx/purchasing/docs/foreign-terrorist.pdf I swear and affirm that the above is true and correct. YES
Physical Access Control Unauthorized persons are prevented from gaining physical access to premises, buildings or rooms where data processing systems that process and/or use Personal Data are located.
Data Access Access to Contract and State Data The Contractor shall provide to the Client Agency access to any data, as defined in Conn. Gen Stat. Sec. 4e-1, concerning the Contract and the Client Agency that are in the possession or control of the Contractor upon demand and shall provide the data to the Client Agency in a format prescribed by the Client Agency and the State Auditors of Public Accounts at no additional cost.
