Minimum Standard for Data at Rest and Data in Motion Sample Clauses

Minimum Standard for Data at Rest and Data in Motion. Contractor must, at a minimum, comply, in its treatment of Protected Information, with National Institute of Standards and Technology (NIST) Special Publication 800-53 Moderate Level Control. Notwithstanding this requirement, Contractor acknowledges that it must fully comply with each additional obligation contained in this policy. If data is protected health information or electronic protected health information, as defined in the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH) and regulations implementing these Acts (see 45 CFR Parts 160 and 164), it must be secured in accordance with “Guidance Specifying the Technologies and Methodologies that Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals,” available on the United States Department of Health and Human Services (HHS) website xxxx://xxx.xxx.xxx/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html, or at Volume 74 of the Federal Register, beginning at page 42742. That guidance from the HHS states that valid encryption processes for protected health information data at rest (e.g., protected health information resting on a server), must be consistent with the NIST Special Publication 800-111, Guide for Storage Encryption Technologies for End User Devices. Valid encryption processes for protected health information data in motion (e.g., transmitted through a network) are those which comply with NIST Special Publications 800- 52, Guidelines for the Selection and Use of Transport Layer Security Implementation; 800-77, Guide to IPsec VPNs; or 800-113, Guide to SSL VPNs, or others which are Federal Information Processing Standards (FIPS) 140-2 validated.
Sample 1Sample 2Sample 3See All (10)
AutoNDA by SimpleDocs
Minimum Standard for Data at Rest and Data in Motion. Where Contractor is provided with United Protected Information, Contractor agrees to apply commercially reasonable physical, technological and administrative safeguards that comply with all laws applicable to Contractor. Notwithstanding this requirement, Contractor acknowledges that it shall fully comply with each additional obligation contained in this Exhibit R.
Sample 1

Related to Minimum Standard for Data at Rest and Data in Motion

  • Certification of Meeting or Exceeding Tobacco-Free Workplace Policy Minimum Standards A. Grantee certifies that it has adopted and enforces a Tobacco-Free Workplace Policy that meets or exceeds all of the following minimum standards of: i. Prohibiting the use of all forms of tobacco products, including but not limited to cigarettes, cigars, pipes, water pipes (hookah), bidis, kreteks, electronic cigarettes, smokeless tobacco, snuff and chewing tobacco; ii. Designating the property to which this Policy applies as a "designated area,” which must at least comprise all buildings and structures where activities funded under this Grant Agreement are taking place, as well as Grantee owned, leased, or controlled sidewalks, parking lots, walkways, and attached parking structures immediately adjacent to this designated area; iii. Applying to all employees and visitors in this designated area; and iv. Providing for or referring its employees to tobacco use cessation services. B. If Grantee cannot meet these minimum standards, it must obtain a waiver from the System Agency.

  • System Upgrade Facilities and System Deliverability Upgrades Connecting Transmission Owner shall design, procure, construct, install, and own the System Upgrade Facilities and System Deliverability Upgrades described in Appendix A hereto. The responsibility of the Developer for costs related to System Upgrade Facilities and System Deliverability Upgrades shall be determined in accordance with the provisions of Attachment S to the NYISO OATT.

  • Data Universal Number System (DUNS) number Requirement Grantee will provide their valid DUNS number contemporaneous with execution of this Agreement.

  • Procedures for Providing NP Through Full NXX Code Migration Where a Party has activated an entire NXX for a single Customer, or activated at least eighty percent (80%) of an NXX for a single Customer, with the remaining numbers in that NXX either reserved for future use by that Customer or otherwise unused, if such Customer chooses to receive Telephone Exchange Service from the other Party, the first Party shall cooperate with the second Party to have the entire NXX reassigned in the LERG (and associated industry databases, routing tables, etc.) to an End Office operated by the second Party. Such transfer will be accomplished with appropriate coordination between the Parties and subject to appropriate industry lead times for movements of NXXs from one switch to another. Neither Party shall charge the other in connection with this coordinated transfer.

  • 000 GRIEVANCE PROCEDURE 7. 100 It is agreed that it is the spirit and intent of this Agreement to adjust grievances promptly. All grievances, including discharge for just cause, but not those pertaining to jurisdictional disputes that may arise on any work covered by this Agreement, must be initiated within fifteen (15) working days of the incident by either the employee in Step I or the Local Union in Step II and shall be handled in the following manner:

  • Technical Objections to Grievances It is the intent of both Parties of this Agreement that no grievance shall be defeated merely because of a technical error, other than time limitations in processing the grievance through the grievance procedure. To this end, an arbitration board shall have the power to allow all necessary amendments to the grievance and the power to waive formal procedural irregularities in the processing of a grievance, in order to determine the real matter in dispute and to render a decision according to equitable principles and the justice of the case.

  • Proposed Policies and Procedures Regarding New Online Content and Functionality By October 31, 2017, the School will submit to OCR for its review and approval proposed policies and procedures (“the Plan for New Content”) to ensure that all new, newly-added, or modified online content and functionality will be accessible to people with disabilities as measured by conformance to the Benchmarks for Measuring Accessibility set forth above, except where doing so would impose a fundamental alteration or undue burden. a) When fundamental alteration or undue burden defenses apply, the Plan for New Content will require the School to provide equally effective alternative access. The Plan for New Content will require the School, in providing equally effective alternate access, to take any actions that do not result in a fundamental alteration or undue financial and administrative burdens, but nevertheless ensure that, to the maximum extent possible, individuals with disabilities receive the same benefits or services as their nondisabled peers. To provide equally effective alternate access, alternates are not required to produce the identical result or level of achievement for persons with and without disabilities, but must afford persons with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement, in the most integrated setting appropriate to the person’s needs. b) The Plan for New Content must include sufficient quality assurance procedures, backed by adequate personnel and financial resources, for full implementation. This provision also applies to the School’s online content and functionality developed by, maintained by, or offered through a third-party vendor or by using open sources. c) Within thirty (30) days of receiving OCR’s approval of the Plan for New Content, the School will officially adopt, and fully implement the amended policies and procedures.

  • Public Posting of Approved Users’ Research Use Statement The PI agrees that information about themselves and the approved research use will be posted publicly on the dbGaP website. The information includes the PI’s name and Requester, project name, Research Use Statement, and a Non-Technical Summary of the Research Use Statement. In addition, and if applicable, this information may include the Cloud Computing Use Statement and name of the CSP or PCS. Citations of publications resulting from the use of controlled-access datasets obtained through this DAR may also be posted on the dbGaP website.

  • Loop Testing/Trouble Reporting 2.1.6.1 Telepak Networks will be responsible for testing and isolating troubles on the Loops. Telepak Networks must test and isolate trouble to the BellSouth portion of a designed/non-designed unbundled Loop (e.g., UVL-SL2, UCL-D, UVL-SL1, UCL-ND, etc.) before reporting repair to the UNE Customer Wholesale Interconnection Network Services (CWINS) Center. Upon request from BellSouth at the time of the trouble report, Telepak Networks will be required to provide the results of the Telepak Networks test which indicate a problem on the BellSouth provided Loop. 2.1.6.2 Once Telepak Networks has isolated a trouble to the BellSouth provided Loop, and had issued a trouble report to BellSouth on the Loop, BellSouth will take the actions necessary to repair the Loop if a trouble actually exists. BellSouth will repair these Loops in the same time frames that BellSouth repairs similarly situated Loops to its End Users. 2.1.6.3 If Telepak Networks reports a trouble on a non-designed or designed Loop and no trouble actually exists, BellSouth will charge Telepak Networks for any dispatching and testing (both inside and outside the CO) required by BellSouth in order to confirm the Loop’s working status. 2.1.6.4 In the event BellSouth must dispatch to the end-user’s location more than once due to incorrect or incomplete information provided by Telepak Networks (e.g., incomplete address, incorrect contact name/number, etc.), BellSouth will xxxx Xxxxxxx Networks for each additional dispatch required to repair the circuit due to the incorrect/incomplete information provided. BellSouth will assess the applicable Trouble Determination rates from BellSouth’s FCC or state tariffs.

  • Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!