Incident and Breach Reporting Policies and Procedures Sample Clauses

Incident and Breach Reporting Policies and Procedures. QHPI agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident. In the event of an Incident or Breach QHPI must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If QHPI fails to report an Incident or Breach in compliance with this provision, the QHPI may be subject to the Termination provision (Section V) of this Agreement. Termination pursuant to Section V may also result where an Incident or Breach is found to have resulted from 1 While CMS owns FFE data, other contractors operate the FFE system in which the enrollment and financial management data flow. Contractors provide the pipeline network for the transmission of electronic data, including the transport of Exchange data to and from the Hub and QHPI so that QHPI may discern the activity related to enrollment functions of persons they serve. QHPI may also use the transported data to receive descriptions of financial transactions from CMS. QHPI’s failure to comply with the terms of this Agreement. Nothing in this Agreement should be construed to limit the ability of HHS to temporarily suspend the ability of a QHPI to connect to HHS systems due to suspected or confirmed security risks and Incidents or Breaches.
AutoNDA by SimpleDocs
Incident and Breach Reporting Policies and Procedures. QHPI agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at 1 Contractors provide the pipeline network for the transmission of electronic data, including the transport of Exchange data to and from the Hub and QHPI so that QHPI may discern the activity related to enrollment functions of persons they serve. QHPI may also use the transported data to receive descriptions of financial transactions from CMS. xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident. In the event of an Incident or Breach QHPI must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If QHPI fails to report an Incident or Breach in compliance with this provision, the QHPI may be subject to the Termination provision (Section V) of this Agreement. Termination pursuant to Section V may also result where an Incident or Breach is found to have resulted from QHPI’s failure to comply with the terms of this Agreement. Nothing in this Agreement should be construed to limit the ability of HHS to temporarily suspend the ability of a QHPI to connect to HHS systems due to suspected or confirmed security risks and Incidents or Breaches.

Related to Incident and Breach Reporting Policies and Procedures

  • Compliance Policies and Procedures To assist the Fund in complying with Rule 38a-1 of the 1940 Act, BBH&Co. represents that it has adopted written policies and procedures reasonably designed to prevent violation of the federal securities laws in fulfilling its obligations under the Agreement and that it has in place a compliance program to monitor its compliance with those policies and procedures. BBH&Co will upon request provide the Fund with information about our compliance program as mutually agreed.

  • Policies and Procedures i) The policies and procedures of the designated employer apply to the employee while working at both sites. ii) Only the designated employer shall have exclusive authority over the employee in regard to discipline, reporting to the College of Nurses of Ontario and/or investigations of family/resident complaints. iii) The designated employer will ensure that the employee is covered by WSIB at all times, regardless of worksite, while in the employ of either home. iv) The designated employer will ensure that the employee is covered by liability insurance at all times, regardless of worksite, while in the employ of either home. v) The designated employer shall have exclusive authority over the employee’s personnel files and health records. These files will be maintained on the site of the designated employer.

  • COMPLIANCE WITH POLICIES AND PROCEDURES During the period that Executive is employed with the Company hereunder, Executive shall adhere to the policies and standards of professionalism set forth in the policies and procedures of the Company and IAC as they may exist from time to time.

  • Violence Policies and Procedures The Employer agrees to have in place explicit policies and procedures to deal with violence. The policy will address the prevention of violence, the management of violent situations, provision of legal counsel and support to employees who have faced violence. The policies and procedures shall be part of the employee's health and safety policy and written copies shall be provided to each employee. Prior to implementing any changes to these policies, the employer agrees to consult with the Association.

  • Safeguarding requirements and procedures (1) The Contractor shall apply the following basic safeguarding requirements and procedures to protect covered contractor information systems. Requirements and procedures for basic safeguarding of covered contractor information systems shall include, at a minimum, the following security controls: (i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). (ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute. (iii) Verify and control/limit connections to and use of external information systems. (iv) Control information posted or processed on publicly accessible information systems. (v) Identify information system users, processes acting on behalf of users, or devices. (vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. (vii) Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. (viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. (ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. (x) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. (xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. (xii) Identify, report, and correct information and information system flaws in a timely manner. (xiii) Provide protection from malicious code at appropriate locations within organizational information systems. (xiv) Update malicious code protection mechanisms when new releases are available. (xv) Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

  • Sub-Advisor Compliance Policies and Procedures The Sub-Advisor shall promptly provide the Trust CCO with copies of: (i) the Sub-Advisor’s policies and procedures for compliance by the Sub-Advisor with the Federal Securities Laws (together, the “Sub-Advisor Compliance Procedures”), and (ii) any material changes to the Sub-Advisor Compliance Procedures. The Sub-Advisor shall cooperate fully with the Trust CCO so as to facilitate the Trust CCO’s performance of the Trust CCO’s responsibilities under Rule 38a-1 to review, evaluate and report to the Trust’s Board of Trustees on the operation of the Sub-Advisor Compliance Procedures, and shall promptly report to the Trust CCO any Material Compliance Matter arising under the Sub-Advisor Compliance Procedures involving the Sub-Advisor Assets. The Sub-Advisor shall provide to the Trust CCO: (i) quarterly reports confirming the Sub-Advisor’s compliance with the Sub-Advisor Compliance Procedures in managing the Sub-Advisor Assets, and (ii) certifications that there were no Material Compliance Matters involving the Sub-Advisor that arose under the Sub-Advisor Compliance Procedures that affected the Sub-Advisor Assets. At least annually, the Sub-Advisor shall provide a certification to the Trust CCO to the effect that the Sub-Advisor has in place and has implemented policies and procedures that are reasonably designed to ensure compliance by the Sub-Advisor with the Federal Securities Laws.

  • Company Policies and Procedures 7.1.1 The Company will ensure that Employees are able to readily access Company policies and procedures that apply to the Employees. 7.1.2 The Employees will observe and act in accordance with Company policies and procedures that apply to the Employees, as implemented and amended from time to time.

  • Proposed Policies and Procedures Regarding New Online Content and Functionality By October 31, 2017, the School will submit to OCR for its review and approval proposed policies and procedures (“the Plan for New Content”) to ensure that all new, newly-added, or modified online content and functionality will be accessible to people with disabilities as measured by conformance to the Benchmarks for Measuring Accessibility set forth above, except where doing so would impose a fundamental alteration or undue burden. a) When fundamental alteration or undue burden defenses apply, the Plan for New Content will require the School to provide equally effective alternative access. The Plan for New Content will require the School, in providing equally effective alternate access, to take any actions that do not result in a fundamental alteration or undue financial and administrative burdens, but nevertheless ensure that, to the maximum extent possible, individuals with disabilities receive the same benefits or services as their nondisabled peers. To provide equally effective alternate access, alternates are not required to produce the identical result or level of achievement for persons with and without disabilities, but must afford persons with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement, in the most integrated setting appropriate to the person’s needs. b) The Plan for New Content must include sufficient quality assurance procedures, backed by adequate personnel and financial resources, for full implementation. This provision also applies to the School’s online content and functionality developed by, maintained by, or offered through a third-party vendor or by using open sources. c) Within thirty (30) days of receiving OCR’s approval of the Plan for New Content, the School will officially adopt, and fully implement the amended policies and procedures.

  • Reporting Procedures Enter in the XXX Entity Management area the information that XXX requires about each proceeding described in paragraph 2 of this award term and condition. You do not need to submit the information a second time under assistance awards that you received if you already provided the information through XXX because you were required to do so under Federal procurement contracts that you were awarded.

  • Research Use Reporting To assure adherence to NIH GDS Policy, the PI agrees to provide annual Progress Updates as part of the annual Project Renewal or Project Close-out processes, prior to the expiration of the one (1) year data access period. The PI who is seeking Renewal or Close-out of a project agree to complete the appropriate online forms and provide specific information such as how the data have been used, including publications or presentations that resulted from the use of the requested dataset(s), a summary of any plans for future research use (if the PI is seeking renewal), any violations of the terms of access described within this Agreement and the implemented remediation, and information on any downstream intellectual property generated from the data. The PI also may include general comments regarding suggestions for improving the data access process in general. Information provided in the progress updates helps NIH evaluate program activities and may be considered by the NIH GDS governance committees as part of NIH’s effort to provide ongoing stewardship of data sharing activities subject to the NIH GDS Policy.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!