New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
USA Patriot Act Notice; Compliance In order for the Administrative Agent to comply with “know your customer” and anti-money laundering rules and regulations, including without limitation, the Patriot Act, prior to any Lender that is organized under the laws of a jurisdiction outside of the United States of America becoming a party hereto, the Administrative Agent may request, and such Lender shall provide to the Administrative Agent, its name, address, tax identification number and/or such other identification information as shall be necessary for the Administrative Agent to comply with federal law.
Geographic Area and Sector Specific Allowances, Conditions and Exceptions The following allowances and conditions shall apply where relevant. Where the Employer does work which falls under the following headings, the Employer agrees to pay and observe the relevant respective conditions and/or exceptions set out below in each case.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
DRUG-FREE WORKPLACE REQUIREMENTS Contractor will comply with the requirements of the Drug-Free Workplace Act of 1990 and will provide a drug-free workplace by taking the following actions:
a. Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations.
b. Establish a Drug-Free Awareness Program to inform employees about:
1) the dangers of drug abuse in the workplace;
2) the person's or organization's policy of maintaining a drug-free workplace;
3) any available counseling, rehabilitation and employee assistance programs; and,
4) penalties that may be imposed upon employees for drug abuse violations.
c. Every employee who works on the proposed Agreement will:
1) receive a copy of the company's drug-free workplace policy statement; and,
2) agree to abide by the terms of the company's statement as a condition of employment on the Agreement. Failure to comply with these requirements may result in suspension of payments under the Agreement or termination of the Agreement or both and Contractor may be ineligible for award of any future State agreements if the department determines that any of the following has occurred: the Contractor has made false certification, or violated the certification by failing to carry out the requirements as noted above. (Gov. Code §8350 et seq.)
Permitted and Required Uses/Disclosures of PHI 3.1 Except as limited in this Agreement, Business Associate may use or disclose PHI to perform Services, as specified in the underlying grant or contract with Covered Entity. The uses and disclosures of Business Associate are limited to the minimum necessary, to complete the tasks or to provide the services associated with the terms of the underlying agreement. Business Associate shall not use or disclose PHI in any manner that would constitute a violation of the Privacy Rule if used or disclosed by Covered Entity in that manner. Business Associate may not use or disclose PHI other than as permitted or required by this Agreement or as Required by Law.
3.2 Business Associate may make PHI available to its employees who need access to perform Services provided that Business Associate makes such employees aware of the use and disclosure restrictions in this Agreement and binds them to comply with such restrictions. Business Associate may only disclose PHI for the purposes authorized by this Agreement: (a) to its agents and Subcontractors in accordance with Sections 9 and 17 or, (b) as otherwise permitted by Section 3.
3.3 Business Associate shall be directly liable under HIPAA for impermissible uses and disclosures of the PHI it handles on behalf of Covered Entity, and for impermissible uses and disclosures, by Business Associate’s Subcontractor(s), of the PHI that Business Associate handles on behalf of Covered Entity and that it passes on to Subcontractors.
CERTIFICATION REGARDING DRUG-FREE WORKPLACE REQUIREMENTS 1. The Contractor certifies that it will provide a drug-free workplace by:
a. Publishing a statement notifying employees that the unlawful manufacture, distribution, dispensing, possession or use of a controlled substance is prohibited in the Contractor’s workplace and specifying the actions that will be taken against employees for violation of such prohibition;
Securities Law Requirements The Company shall not be required to issue Shares pursuant to the Award, to the extent required, unless and until (a) such Shares have been duly listed upon each stock exchange on which the Common Shares are then registered; and (b) a registration statement under the Securities Act of 1933 with respect to such Shares is then effective.
Securities Laws Disclosure; Publicity The Company shall (a) by the Disclosure Time, issue a press release disclosing the material terms of the transactions contemplated hereby, and (b) file a Current Report on Form 8-K, including the Transaction Documents as exhibits thereto, with the Commission within the time required by the Exchange Act. From and after the issuance of such press release, the Company represents to the Purchasers that it shall have publicly disclosed all material, non-public information delivered to any of the Purchasers by the Company or any of its Subsidiaries, or any of their respective officers, directors, employees or agents in connection with the transactions contemplated by the Transaction Documents. In addition, effective upon the issuance of such press release, the Company acknowledges and agrees that any and all confidentiality or similar obligations under any agreement, whether written or oral, between the Company, any of its Subsidiaries or any of their respective officers, directors, agents, employees or Affiliates on the one hand, and any of the Purchasers or any of their Affiliates on the other hand, shall terminate. The Company and each Purchaser shall consult with each other in issuing any other press releases with respect to the transactions contemplated hereby, and neither the Company nor any Purchaser shall issue any such press release nor otherwise make any such public statement without the prior consent of the Company, with respect to any press release of any Purchaser, or without the prior consent of each Purchaser, with respect to any press release of the Company, which consent shall not unreasonably be withheld or delayed, except if such disclosure is required by law, in which case the disclosing party shall promptly provide the other party with prior notice of such public statement or communication. Notwithstanding the foregoing, the Company shall not publicly disclose the name of any Purchaser, or include the name of any Purchaser in any filing with the Commission or any regulatory agency or Trading Market, without the prior written consent of such Purchaser, except (a) as required by federal securities law in connection with the filing of final Transaction Documents with the Commission and (b) to the extent such disclosure is required by law or Trading Market regulations, in which case the Company shall provide the Purchasers with prior notice of such disclosure permitted under this clause (b).
Securities Law Compliance Notwithstanding anything to the contrary contained herein, you may not exercise your option unless the shares of Common Stock issuable upon such exercise are then registered under the Securities Act or, if such shares of Common Stock are not then so registered, the Company has determined that such exercise and issuance would be exempt from the registration requirements of the Securities Act. The exercise of your option also must comply with other applicable laws and regulations governing your option, and you may not exercise your option if the Company determines that such exercise would not be in material compliance with such laws and regulations.
