New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Originating Switched Access Detail Usage Data A category 1101XX record as defined in the EMI Telcordia Practice BR-010-200- 010.
Data Services In lieu of any other rates or discounts, the Customer will receive a discount equal to 20% for the following Data Services: Access: Standard VBS3Guide local loop charges for DS-0, DS-1 and DS-3 Access Service.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Customer to Provide Certain Information to Bank Upon request, Customer shall promptly provide to Bank such information about itself and its financial status as Bank may reasonably request, including Customer's organizational documents and its current audited and unaudited financial statements.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Meteorological Data Reporting Requirement (Applicable to wind generation facilities only)
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Support and Services ISD and HC agree to the following conditions:
A. HC agrees to the following for both the mathematics and English language arts courses:
i. To share data and provide feedback regarding student success on entry‐level college mathematics and English language arts courses;
ii. To train advisors to recognize and honor course(s) on school district transcripts;
iii. To ensure that eligible students are counseled directly into college level mathematics, English language arts, and all other courses that require mathematics and English language arts college readiness;
B. HC agrees to the following for the college preparatory mathematics courses:
i. To provide the Student Learning Outcomes;
ii. To provide the syllabi for the courses being offered.
iii. To provide regular meetings between the HC faculty and ISD faculty teaching the course.
C. HC agrees to the following for the college preparatory English language arts course:
i. To provide the Student Learning Outcomes for Integrated Reading/Writing (INRW 0303) course;
ii. To provide the syllabi, including types of essays required (i.e., expository, persuasive, and critical analysis).
iii. To provide regular meetings between the HC faculty and ISD faculty teaching the course.
D. ISD agrees to the following for both the mathematics and English language arts courses:
i. To provide highly qualified instructors for the courses being taught;
ii. To identify students who are not college ready as stated in HB 5;
iii. To provide professional development and resources required to teach the mathematics and English language arts courses;
iv. To identify successful completion of the course(s) on the student transcripts as determined by the State of Texas PEIMS number;
v. To provide curriculum for the course that is consistent with HC Student Learning Outcomes;
vi. To provide assistance with admission, enrollment, and financial aid applications;
E. ISD agrees to the following for the college preparatory mathematics course:
i. To teach a math course designed to focus on college mathematics (algebraic or non‐algebraic) concepts;
ii. Require students to meet college readiness scores on the TSI Assessment;
iii. To meet regularly with HC faculty.
F. ISD agrees to the following for the college preparatory English language arts course:
i. To teach an integrated Reading and Writing course that focuses on critical reading and college‐level writing;
ii. Require students to meet college readiness scores on the TSI Assessment;
iii. To meet regularly with HC faculty.
DRUG ABUSE DETECTION AND DETERRENCE 2.18.1 It is the policy of the City to achieve a drug-free workforce and workplace. The manufacture, distribution, dispensation, possession, sale, or use of illegal drugs or alcohol by contractors while on City Premises is prohibited. Contractor shall comply with all the requirements and procedures set forth in the Mayor’s Drug Abuse Detection and Deterrence Procedures for Contractors, Executive Order No. 1-31 (the “Executive Order”), which is incorporated into this Agreement and is on file in the City Secretary’s Office.
2.18.2 Before the City signs this Agreement, Contractor shall file with the Contract Compliance Officer for Drug Testing (“CCODT”):
2.18.2.1 a copy of its drug-free workplace policy;
2.18.2.2 the Drug Policy Compliance Agreement substantially in the form set forth in Exhibit “C”, together with a written designation of all safety impact positions; and
2.18.2.3 if applicable (e.g., no safety impact positions), the Certification of No Safety Impact Positions, substantially in the form set forth in Exhibit “D”.
2.18.3 If Contractor files a written designation of safety impact positions with its Drug Policy Compliance Agreement, it also shall file every 6 months during the performance of this Agreement or on completion of this Agreement if performance is less than 6 months, a Drug Policy Compliance Declaration in a form substantially similar to Exhibit “E”. Contractor shall submit the Drug Policy Compliance Declaration to the CCODT within 30 days of the expiration of each 6-month period of performance and within 30 days of completion of this Agreement. The first 6- month period begins to run on the date the City issues its Notice to Proceed or, if no Notice to Proceed is issued, on the first day Contractor begins work under this Agreement.
2.18.4 Contractor also shall file updated designations of safety impact positions with the CCODT if additional safety impact positions are added to Contractor’s employee work force.
2.18.5 Contractor shall require that its subcontractors comply with the Executive Order, and Contractor shall secure and maintain the required documents for City inspection.
