Economic Impact Assessment guidelines Sample Clauses

Economic Impact Assessment guidelines. In this section we provide guidelines on how to assign values to the consequence indicators in a risk model. For a given company, assessing the economic impact of a cyber incident is a difficult problem, due to the large number of factors potentially affecting the outcome, such as: a) the type of industry; b) the geographical location where the company operates; c) the company size; d) internal policies, etc.. If a sufficient amount of economic losses data (internal and/or external) were available, the consequence indicators could be derived from quantitative analysis of such data. However, in general few companies systematically collect such data and, if they do, they tend to not disclose such data due to their sensitivity. Therefore, there is very little publicly available data regarding cyber losses at this moment. When the General Data Protection Regulation (GDPR) [29] takes effect, Data Breaches will be notified to Authority and User, and probably more data will be available. Since a sufficient amount of data is likely to be unavailable, to obtain an economic assessment for a given company we propose a scenario analysis approach of the type used in operational risk management [26]. This combines the following elements:  expert opinion from company members (management, IT); this provides information regarding the company’s financial situation and main assets, internal policies, availability of qualified personnel, etc.  expert opinion from an external consultant, non-publicly available data;  publicly available studies and surveys, such as Ponemon’s or ENISA reports [24][25]; this provides an overview of the main global drivers of the impacts, such as the industry type and geographical location, most common and most expensive attack types. The main steps involved in an scenario analysis are:  analysis of the company’s financial situation and the main ICT infrastructure to choose the types of attacks to be analyzed and the loss types involved.  building a questionnaire to quantify the loss types based on the information gathered in step 1.  questionnaire interviews with the company’s management and/or internal experts.  estimating consequence parameters from the information contained in the answers.
Sample 1
AutoNDA by SimpleDocs

Related to Economic Impact Assessment guidelines

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures. 2. Each Party shall seek to enhance the acceptance of the results of conformity assessment procedures conducted in the territories of other Parties with a view to increasing efficiency, avoiding duplication and ensuring cost effectiveness of the conformity assessments. In this regard, each Party may choose, depending on the situation of the Party and the specific sectors involved, a broad range of approaches. These may include but are not limited to: (a) recognition by a Party of the results of conformity assessments performed in the territory of another Party; (b) recognition of co-operative arrangements between accreditation bodies in the territories of the Parties; (c) mutual recognition of conformity assessment procedures conducted by bodies located in the territory of each Party; (d) accreditation of conformity assessment bodies in the territory of another Party; (e) use of existing regional and international multilateral recognition agreements and arrangements; (f) designating conformity assessment bodies located in the territory of another Party to perform conformity assessment; and (g) suppliers’ declaration of conformity. 3. Each Party shall exchange information with other Parties on its experience in the development and application of the approaches in Paragraph 2(a) to (g) and other appropriate approaches with a view to facilitating the acceptance of the results of conformity assessment procedures. 4. A Party shall, upon request of another Party, explain its reasons for not accepting the results of any conformity assessment procedure performed in the territory of that other Party.

  • Child Abuse Reporting Requirement Grantee will: a. comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. b. develop, implement and enforce a written policy that includes at a minimum the System Agency’s Child Abuse Screening, Documenting, and Reporting Policy for Grantees/Providers and train all staff on reporting requirements. c. use the System Agency Child Abuse Reporting Form located at xxxxx://xxx.xxxx.xxxxx.xx.xx/Contact Us/report abuse.asp as required by the System Agency. d. retain reporting documentation on site and make it available for inspection by the System Agency.

  • Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Conformity with Plan This Agreement is intended to conform in all respects with, and is subject to all applicable provisions of, the Plan. Inconsistencies between this Agreement and the Plan shall be resolved in accordance with the terms of the Plan. In the event of any ambiguity in this Agreement or any matters as to which this Agreement is silent, the Plan shall govern. A copy of the Plan is available upon request to the Administrator.

  • Operating Plan To Agent and Lenders, as soon as available, but not later than thirty (30) days after the end of each Fiscal Year, an annual combined operating plan (the "Operating Plan") for Parent and its Subsidiaries, approved by the Board of Directors of Parent, for the following Fiscal Year, which (i) includes a statement of all of the material assumptions on which such plan is based, (ii) includes projected monthly income statement, balance sheets and source and use of funds for the following year and (iii) Borrowing Availability projections, all prepared on the same basis and in similar detail as that on which operating results are reported (and in the case of cash flow projections, representing management's good faith estimates of future financial performance based on historical performance), and including plans for personnel, Capital Expenditures and facilities.

  • Implementation Report Within 150 days after the Effective Date, Ensign Group shall submit a written report to OIG summarizing the status of its implementation of the requirements of this CIA (Implementation Report). The Implementation Report shall, at a minimum, include: 1. the name, address, phone number, and position description of the Compliance Officer required by Section III.A, and a summary of other noncompliance job responsibilities the Compliance Officer may have; 2. the names and positions of the members of the Compliance Committee required by Section III.A; 3. the names and positions of the members of the Board of Directors who are responsible for satisfying the Board of Directors compliance obligations described in Section III.A.3; 4. a copy of Ensign Group’s Code of Conduct required by Section III.B.1; 5. the number of individuals required to complete the Code of Conduct certification required by Section III.B.1, the percentage of individuals who have completed such certification, and an explanation of any exceptions (the documentation supporting this information shall be available to OIG upon request); 6. a summary of all Policies and Procedures required by Section III.B (copies of the Policies and Procedures shall be made available to OIG upon request); 7. the following information regarding each type of training required by Section III.C: a. a description of such training, including a summary of the topics covered, the length of sessions, and a schedule of training sessions; b. the number of individuals required to be trained, percentage of individuals actually trained, and an explanation of any exceptions. A copy of all training materials and the documentation supporting this information shall be made available to OIG upon request. 8. a description of the Disclosure Program required by Section III.E; 9. the following information regarding the IRO(s): (a) identity, address, and phone number; (b) a copy of the engagement letter; (c) information to demonstrate that the IRO has the qualifications outlined in Appendix A to this CIA; (d) a summary and description of any and all current and prior engagements and agreements between Ensign Group and the IRO; and (e) a certification from the IRO regarding its professional independence and objectivity with respect to Ensign Group; 10. a description of the process by which Ensign Group fulfills the requirements of Section III.F regarding Ineligible Persons; 11. a list of all of Ensign Group’s locations (including locations and mailing addresses); the corresponding name under which each location is doing business; the corresponding phone numbers and fax numbers; each location’s Medicare and state Medicaid program provider number and/or supplier number(s); and the name and address of each Medicare and state Medicaid program contractor to which Ensign Group currently submits claims; 12. a description of Ensign Group’s corporate structure, including identification of any parent and sister companies, subsidiaries, and their respective lines of business; and

  • Project Completion Report At the completion of construction and once a Project is placed in service, the Subrecipient must submit a Project Completion Report that includes the total number of units built and leased, affordable units built and leased, DR-MHP units built and leased, an accomplishment narrative, and the tenants names, demographics and income for each DR-MHP unit.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!