Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Access to Financial Information Buyer’s representatives shall have access to, and Seller and its Affiliates shall cooperate with Buyer and furnish upon request, all financial and other information relating to the Hotel’s operations to the extent necessary to enable Buyer’s representatives to prepare audited financial statements in conformity with Regulation S-X of the Securities and Exchange Commission (the “SEC”) and other applicable rules and regulations of the SEC and to enable them to prepare a registration statement, report or disclosure statement for filing with the SEC on behalf of Buyer or its Affiliates, whether before or after Closing and regardless of whether such information is included in the Records to be transferred to Buyer hereunder. Seller shall also provide to Buyer’s representative a signed representation letter in form and substance reasonably acceptable to Seller sufficient to enable an independent public accountant to render an opinion on the financial statements related to the Hotel. Buyer will reimburse Seller for costs reasonably incurred by Seller to comply with the requirements of the preceding sentence to the extent that Seller is required to incur costs not in the ordinary course of business for third parties to provide such representation letters. The provisions of this Section shall survive Closing or termination of this Contract.
Compliance with Safeguarding Customer Information Requirements The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616, and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Seller information regarding the implementation of such security measures upon the reasonable request of the Seller.
Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse.
B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.
Operator’s Security Contact Information Xxxxxxx X. Xxxxxxx Named Security Contact xxxxxxxx@xxxxxxxxx.xxx Email of Security Contact (000) 000-0000 Phone Number of Security Contact
Financial Information, etc The Borrower will furnish, or will cause to be furnished, to the Administrative Agent and each Lender copies of the following financial statements, reports and information:
(a) promptly when available and in any event within 90 days after the close of each Fiscal Year
(i) a balance sheet at the close of such Fiscal Year, and statements of operations, of shareholders' equity and of cash flows for such Fiscal Year, of the Borrower and its Consolidated Subsidiaries certified without Impermissible Qualification by independent public accountants of recognized standing selected by the Borrower and reasonably acceptable to the Required Lenders,
(ii) a Compliance Certificate calculated as of the close of such Fiscal Year,
(iii) a projected financial statement of the Borrower and its Consolidated Subsidiaries for the following Fiscal Year, and
(iv) the report filed by the Borrower with the SEC on Form 10-K for such Fiscal Year;
(b) promptly when available and in any event within 45 days after the close of each of the first three Fiscal Quarters of each Fiscal Year
(i) a balance sheet at the close of such Fiscal Quarter and statements of operations, of income and of cash flows for the period commencing at the close of the previous Fiscal Year and ending with the close of such Fiscal Quarter, of the Borrower and its Consolidated Subsidiaries certified by the chief accounting or financial Authorized Officer of the Borrower,
(ii) a Compliance Certificate calculated as of the close of such Fiscal Quarter, and
(iii) the report filed by the Borrower with the SEC on Form 10-Q for each such Fiscal Quarter;
(c) promptly upon receipt thereof and upon request of the Administrative Agent or any Lender, copies of all management letters submitted to the Borrower by independent public accountants in connection with each annual or interim audit made by such accountants of the books of the Borrower or any Subsidiary;
(d) promptly upon the incorporation or acquisition thereof, information regarding the creation or acquisition of any new Subsidiary;
(e) promptly when available and in any event within ten days of publication, all material filings with the SEC;
(f) within 45 days after the close of each Fiscal Quarter, an Applicable Margin Determination Ratio Certificate; and
(g) such other information with respect to the financial condition, business, property, assets, revenues and operations of the Borrower and Subsidiaries as the Administrative Agent or any Lender may from time to time reasonably request.
EDD Independent Contractor Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the state.” The term is further defined by the California Employment Development Department to refer specifically to independent Contractors. An independent Contractor is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
