enforcement policies. Contractor agrees to conduct a background check of Contractor’s staff before they may access PII with more thorough screening done for those employees who are authorized to bypass significant technical and operational security controls. Contractor further agrees that screening documentation shall be retained for a period of three (3) years following conclusion of the employment relationship.
enforcement policies. Background Screening.
enforcement policies. The county department/agency must retain the non-disclosure agreements for at least five (5) to seven (7) years for all contractors and agents who processes, views, or encounters Medi-Cal PII as part of their duties
enforcement policies. Enforcement policies of St. Xxxxxxx will prevail as the enforcement policies within Falcon Heights. A written statement of the current enforcement policies of St. Xxxxxxx will be provided in writing to Falcon Heights.
enforcement policies. Failure to follow stormwater pollution prevention regulations and requirements, and to provide adequate BMP’s will result in enforcement actions by appropriate agencies. Enforcement actions that could result include issuance of Notice of Violation of City Codes, Administrative Citations with fines, billing of costs for cleanup, issuance of stop work order for the subject project, referral to the appropriate State and Federal enforcement agencies, and filing criminal complaints. Contractor is reminded that they are responsible for their sub-contractors’ actions.
enforcement policies f. Contractor agrees to conduct a background check of staff before they may access PII with more thorough screening done for those employees who are authorized to bypass significant technical and operational security controls. Contractor further agrees that screening documentation shall be retained for a period of three (3) years following conclusion of the employment relationship.
g. Contractor agrees to conduct periodic privacy and security reviews of work activity, including random sampling of work product by staff by management level personnel who are knowledgeable and experienced in the areas of privacy and information security and the use and disclosure of PII. Examples include, but are not limited to, access to data, case files or other activities related to the handling of PII.
h. Contractor shall ensure that PII is used and stored in an area that is physically safe from access by unauthorized persons at all times and safeguard PII from loss, theft, or inadvertent disclosure by securing all areas of its facilities where staff assist in the administration of the County programs and use, disclose, or store PII.
i. Contractor shall ensure that each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee of Contractor and access is revoked.
j. Contractor shall ensure that there are security guards or a monitored alarm system at all times at facilities and leased facilities where five hundred (500) or more individually identifiable records of PII is used, disclosed, or stored. Video surveillance systems are recommended.
k. Contractor shall ensure that data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only those authorized by this Agreement. Visitors to any Contractor data centers area storing PII as a result of administration of a County program must be escorted at all times by authorized staff.
l. Contractor shall have policies that include, based on applicable risk factors, a description of the circumstances under which Contractor staff can transport PII, as well as the physical security requirements during transport.
m. Contractor shall ensure that any PII stored in a vehicle shall be in a non-visible area such as a trun...
