Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Training Requirements Grantee shall:
A. Authorize and require staff (including volunteers) to attend training, conferences, and meetings as directed by DSHS;
B. Appropriately budget funds in order to meet training requirements in a timely manner, and ensure that staff and volunteers are trained as specified in the training requirements listed at xxxxx://xxx.xxxx.xxxxx.xxx/hivstd/training/ and as otherwise specified by DSHS. Grantee shall document that these training requirements are met; and
C. Ensure that staff hired for HIV and syphilis testing are trained to perform blood draws within three (3) months of employment.
DATA ESCROW REQUIREMENTS Registry Operator will engage an independent entity to act as data escrow agent (“Escrow Agent”) for the provision of data escrow services related to the Registry Agreement. The following Technical Specifications set forth in Part A, and Legal Requirements set forth in Part B, will be included in any data escrow agreement between Registry Operator and the Escrow Agent, under which ICANN must be named a third-‐party beneficiary. In addition to the following requirements, the data escrow agreement may contain other provisions that are not contradictory or intended to subvert the required terms provided below.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Additional Requirements for Sleeping Rooms The Contractor shall provide departing Attendees a secured area for storing belongings.
Safe Working Conditions The Employer undertakes to maintain office furniture, equipment, etc., in a practical and safe condition in order to avoid injury to employees or damage to their attire. Employees, for their part and in their own interest, are expected to advise the Employer of any such potentially injurious equipment.
Food Service Waste Reduction Requirements Contractor shall comply with the Food Service Waste Reduction Ordinance, as set forth in San Francisco Environment Code Chapter 16, including but not limited to the remedies for noncompliance provided therein.
Basic Requirements To be eligible for PayPal’s Seller Protection program, all of the following basic requirements must be met, as well as any applicable additional requirements: • The primary address for your PayPal account must be in the United States. • The item must be a physical, tangible good that can be shipped, except for items subject to the Intangible Goods Additional Requirements. Transactions involving items that you deliver in person in connection with payment made in your physical store, may also be eligible for PayPal’s Seller Protection program so long as the buyer paid for the transaction in person by using a PayPal goods and services QR code. • You must ship the item to the shipping address on the Transaction Details page in your PayPal account for the transaction. If you originally ship the item to the recipient’s shipping address on the Transaction Details page but the item is later redirected to a different address, you will not be eligible for PayPal’s Seller Protection program. We therefore recommend not using a shipping service that is arranged by the buyer, so that you will be able to provide valid proof of shipping and delivery. • The shipping requirement does not apply to eligible transactions involving items that you deliver in person; provided, however, that you agree to provide us with alternative evidence of delivery or such additional documentation or information relating to the transaction that we may request. • You must respond to PayPal’s requests for documentation and other information in a timely manner as requested in our email correspondence with you or in our correspondence with you through the Resolution Center. If you do not respond to PayPal’s request for documentation and other information in the time requested, you may not be eligible for PayPal’s Seller Protection program. • If the sale involves pre-ordered or made-to-order goods, you must ship within the timeframe you specified in the listing. Otherwise, it is recommended that you ship all items within 7 days after receipt of payment. • You provide us with valid proof of shipment or delivery. • The payment must be marked “eligible” or “partially eligible” in the case of Unauthorized Transaction claims, or “eligible” in the case of Item Not Received claims, for PayPal’s Seller Protection program on the Transaction Details page. • In the case of an Unauthorized Transaction claim, you must provide valid proof of shipment or proof of delivery that demonstrates that the item was shipped or provided to the buyer no later than two days after PayPal notified you of the dispute or reversal. For example, if PayPal notifies you of an Unauthorized Transaction claim on September 1, the valid proof of shipment must indicate that the item was shipped to the buyer no later than September 3 to be eligible for PayPal’s Seller Protection program. PayPal determines, in its sole discretion, whether your claim is eligible for PayPal’s Seller Protection program. PayPal will make a decision, in its sole discretion, based on the eligibility requirements, any information or documentation provided during the resolution process, or any other information PayPal deems relevant and appropriate under the circumstances. To be eligible for PayPal’s Seller Protection program for a buyer’s Item Not Received claim, you must meet both the basic requirements and the additional requirements listed below: • Where a buyer files a chargeback with the issuer for a card-funded transaction, the payment must be marked “eligible” for PayPal’s Seller Protection on the Transaction Details page. • You must provide proof of delivery as described below.
Functional Requirements Applications must implement controls that protect against known vulnerabilities and threats, including Open Web Application Security Project (OWASP) Top 10 Risks and denial of service (DDOS) attacks.
Submittal Requirements To comply with Subsection 4.1, Consultant shall submit the following:
a. Certificate of Liability Insurance in the amounts specified in the section; and
b. Waiver of Subrogation Endorsement as required by the section.
