Password Security You are responsible for maintaining adequate security and control of any and all User IDs, Passwords, hints, personal identification numbers (PINs), or any other codes that you use to access the Account. Do not discuss, compare, or share information about your account number or password unless you are willing to give them full use of your money. Any loss or compromise of the foregoing information and/or your personal information may result in unauthorized access to your Account by third-parties and the loss or theft of any funds held in your Account and any associated accounts, including your Account. Checks and electronic withdrawals are processed by automated methods, and anyone who obtains your account number or access device could use it to withdraw money from your account, with or without your permission. You are responsible for keeping your email address and telephone number up to date in order to receive any notices or alerts that we may send you. We assume no responsibility for any loss that you may sustain due to compromise of your account login credentials due to no fault of ours and/or your failure to follow or act on any notices or alerts that we may send to you. If you believe your Account information has been compromised, or that someone has transferred or may transfer money from your account without your permission, contact us immediately, through Synapse, at xxxx@xxxxxxxxx.xxx or call at +0(000) 000-0000. You agree to promptly review all Account and transaction records and other Communications that we make available to you and to promptly report any discrepancy to us.
Access and Records
A. County, the State of California and the United States Government and/or their representatives, shall have access, for purposes of monitoring, auditing, and examining, to Subrecipient’s activities, books, documents and papers (including computer records and emails) and to records of Subrecipient’s subcontractors, consultants, contracted employees, bookkeepers, accountants, employees and participants related to this Contract. Subrecipient shall insert this condition in each Contract between Subrecipient and a subcontractor that is pursuant to this Contract shall require the subcontractor to agree to this condition. Such departments or representatives shall have the right to make excerpts, transcripts and photocopies of such records and to schedule on site monitoring at their discretion. Monitoring activities also may include, but are not limited to, questioning employees and participants and entering any premises or onto any site in which any of the services or activities funded hereunder are conducted or in which any of the records of Subrecipient are kept. Subrecipient shall make available its books, documents, papers, financial records, etc., within three (3) days after receipt of written demand by Director which shall be deemed received upon date of sending. In the event Subrecipient does not make the above referenced documents available within the County of Orange, California, Subrecipient agrees to pay all necessary and reasonable expenses incurred by County, or County’s designee, in conducting any audit at the location where said records and books of account are maintained.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Personnel Security 6.1 Staff recruitment in accordance with government requirements for pre- employment checks;
6.2 Staff training and awareness of Departmental security and any specific contract requirements.
Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.
Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole.
(b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data.
(c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments.
(d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data.
(e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Access and Retention of Records County agrees to provide the State Arresting Agencies, the Legislative Auditor, or their authorized agents with access to any records necessary to determine contract compliance. County agrees to create and retain records supporting the services rendered for a period of eight years after either the completion date of the Agreement or the conclusion of any claim, litigation, or exception relating to the Agreement taken by the State of Montana or third party.
Access to Properties and Records (a) CCE shall, and shall cause TPC to, afford to ETP and ETP’s accountants, counsel and representatives full reasonable access during normal business hours throughout the period prior to the Closing Date (or the earlier termination of this Agreement pursuant to Article VII hereof) to all of the properties, books, contracts, commitments and records (including all environmental studies, reports and other environmental records and all pipeline cost-of-service and rate-related studies, reports and records related to TPC and, during such period, shall furnish to ETP all information concerning the business, properties, Liabilities and personnel related to TPC as ETP may request, provided, however, that no investigation or receipt of information pursuant to this Section 5.2 shall affect any representation or warranty of CCE or the conditions to the obligations of ETP. To the extent not located at the offices or properties of TPC as of the Closing Date, as promptly as practicable thereafter, CCE shall deliver, or cause its appropriate Affiliates to deliver to ETP all of the books of accounts, minute books, record books and other records (including safety, health, environmental, maintenance and engineering records and drawings) pertaining to the business operations of TPC and all financial and accounting records related to TPC. Such delivery shall include all work papers, pleadings, testimony, exhibits, spread sheets, research, drafts, memoranda, correspondence and other documents related to the TPC Rate Case (“TPC Rate Case Work Product”). TPC Rate Case Work Product has been and will be prepared in contemplation of litigation, and the use of TPC Rate Case Work Product has been and will be under the control of TPC’s attorneys. Notwithstanding anything to the contrary contained in this Agreement, CCE shall not be obligated to provide to ETP any documents or records relating to litigation and regulatory matters in which TPC is involved to the extent that CCE reasonably believes such documents or records are subject to the attorney-client or other applicable privilege in circumstances in which TPC is not the sole client unless the parties entitled to such attorney-client or other applicable privilege shall consent thereto and enter into an appropriate joint defense agreement for the purpose of preservation of such attorney-client or other applicable privilege.
(b) The information contained herein, in the CCE Disclosure Letter or heretofore or hereafter delivered to ETP or its authorized representatives in connection with the transactions contemplated by this Agreement shall be held in confidence by ETP and its representatives in accordance with the Confidentiality Agreement until the Closing Date with respect to information relating to TPC. Following the Closing Date, CCE shall keep confidential all information related to the business and properties of TPC to the same extent as ETP is obligated to keep such information confidential in accordance with the terms of the Confidentiality Agreement (without regard to the preceding sentence) prior to the Closing Date.
Data Protection and Security A. In this Agreement the following terms shall have the meanings respectively ascribed to them:
Cybersecurity (i)(x) There has been no security breach or other compromise of or relating to any of the Company’s or any Subsidiary’s information technology and computer systems, networks, hardware, software, data (including the data of its respective customers, employees, suppliers, vendors and any third party data maintained by or on behalf of it), equipment or technology (collectively, “IT Systems and Data”) and (y) the Company and the Subsidiaries have not been notified of, and has no knowledge of any event or condition that would reasonably be expected to result in, any security breach or other compromise to its IT Systems and Data; (ii) the Company and the Subsidiaries are presently in compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Data and to the protection of such IT Systems and Data from unauthorized use, access, misappropriation or modification, except as would not, individually or in the aggregate, have a Material Adverse Effect; (iii) the Company and the Subsidiaries have implemented and maintained commercially reasonable safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and Data; and (iv) the Company and the Subsidiaries have implemented backup and disaster recovery technology consistent with industry standards and practices.
