Data Security Audit Standards. Upon request, but no more than once annually, Azenta will provide its data center’s SOC audit report to Customer.
Data Security Audit Standards Sample Clauses
Related to Data Security Audit Standards
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.
Project Monitoring Reporting and Evaluation The Recipient shall furnish to the Association each Project Report not later than forty-five (45) days after the end of each calendar semester, covering the calendar semester.
Financial Management System Subrecipient shall establish and maintain a sound financial management system, based upon generally accepted accounting principles. Contractor’s system shall provide fiscal control and accounting procedures that will include the following: i. Information pertaining to tuition rates, payments, and educational assistance payments; and
Monitoring and Risk Assessment of Securities Depositories Prior to the placement of any assets of the Fund with a non-U.S. Securities Depository, the Custodian: (a) shall provide to the Fund or its authorized representative an assessment of the custody risks associated with maintaining assets within such Securities Depository; and (b) shall have established a system to monitor the custody risks associated with maintaining assets with such Securities Depository on a continuing basis and to promptly notify the Fund or its Investment Adviser of any material changes in such risk. In performing its duties under this subsection, the Custodian shall use reasonable care and may rely on such reasonable sources of information as may be available including but not limited to: (i) published ratings; (ii) information supplied by a Subcustodian that is a participant in such Securities Depository; (iii) industry surveys or publications; (iv) information supplied by the depository itself, by its auditors (internal or external) or by the relevant Foreign Financial Regulatory Authority. It is acknowledged that information procured through some or all of these sources may not be independently verifiable by the Custodian and that direct access to Securities Depositories is limited under most circumstances. Accordingly, the Custodian shall not be responsible for errors or omissions in its duties hereunder provided that it has performed its monitoring and assessment duties with reasonable care. The risk assessment shall be provided to the Fund or its Investment Advisor by such means as the Custodian shall reasonably establish. Advices of material change in such assessment may be provided by the Custodian in the manner established as customary between the Fund and the Custodian for transmission of material market information.
Child Abuse Reporting Requirement Grantee will: a. comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. b. develop, implement and enforce a written policy that includes at a minimum the System Agency’s Child Abuse Screening, Documenting, and Reporting Policy for Grantees/Providers and train all staff on reporting requirements. c. use the System Agency Child Abuse Reporting Form located at xxxxx://xxx.xxxx.xxxxx.xx.xx/Contact Us/report abuse.asp as required by the System Agency. d. retain reporting documentation on site and make it available for inspection by the System Agency.
Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.
Security Standards The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.
Certification Regarding Lobbying Applicable to Grants Subgrants, Cooperative Agreements, and Contracts Exceeding $100,000 in Federal Funds Submission of this certification is a prerequisite for making or entering into this transaction and is imposed by section 1352, Title 31, U.S. Code. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with the awarding of a Federal contract, the making of a Federal grant, the making of a Federal loan, the entering into a cooperative agreement, and the extension, continuation, renewal, amendment, or modification of a Federal contract, grant, loan, or cooperative agreement.
COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.
