PCI Compliance Company shall not connect to or utilize any computer network or systems of the Aviation Authority, including, without limitation, for transmission of credit card payments. Company shall be solely responsible for providing and maintaining its own computer networks and systems and shall ensure its system ensure its system used to collect, process, store or transmit credit card or customer credit card and/or personal information is compliant with all applicable Payment Card Industry (“PCI”) Data Security Standard (“DSS”). 1. Company shall, within 5 days, notify the Aviation Authority of any security malfunction or breach, intrusion or unauthorized access to cardholder or other customer data, and shall comply with all then applicable PCI requirements. 2. Company, in addition to notifying the Aviation Authority and satisfying the PCI requirements, will immediately take the remedial actions available under the circumstances and provide the Aviation Authority with an explanation of the cause of the breach or intrusion and the proposed remediation plan. Company will notify the Aviation Authority promptly if it learns that it is no longer PCI DSS compliant and will immediately provide the Aviation Authority with a report on steps being taken to remediate the non-compliance status and provide evidence of compliance once PCI DSS compliance is achieved. 3. Company, its successor’s and assigns, will continue to comply with all provisions of this Agreement relating to accidents, incidents, damages and remedial requirements after the termination of this Agreement. 4. Company shall ensure strict compliance with PCI DSS for each credit card transaction and acknowledges responsibility for the security of cardholder data. Company will create and maintain reasonable detailed, complete and accurate documentation describing the systems, processes, network segments, security controls and dataflow used to receive, process transmit store and secure Customer’s cardholder data. Such documentation shall conform to the most current version of PCI DSS. 5. Company must maintain PCI Certification as a bankcard merchant at the Airport. Company is responsible, at Company’s own expense, to contract and pay for all quarterly, annual or other required assessments, remediation activities related to processes within Concessionaire’s control, analysis or certification processes necessary to maintain PCI certification as a bankcard merchant. 6. PCI DSS - Company shall make available on the Premises, within 24 hours upon request by the Aviation Authority, such documentation, policies, procedures, reports, logs, configuration standards and settings and all other documentation necessary for the Aviation Authority to validate Company’s compliance with PCI DSS as well as make available to the individuals responsible for implementing, maintaining and monitoring those system components and processes. Requested logs must be made available to the Aviation Authority in electronic format compatible with computers used by the Aviation Authority. 7. Evidence of PCI DSS Compliance – Company agrees to supply their PCI DSS compliance status and evidence of its most recent validation of compliance upon execution of the Contract. Company must supply to the Aviation Authority evidence of validation of compliance at least annually to be delivered along with the Annual Certification of Fees in accordance with Article 5.C. of this Agreement.
Operational Requirements 4 At-Sea Monitors are deployed, in accordance with coverage rates developed by 5 NMFS and as assigned through the Pre-Trip Notification System (PTNS), to 6 vessels. Due to availability of funding, changes in the fishery management, 7 such as emergency closures, court ordered closures, weather, and unforeseen 8 events must remain flexible. Additional funding for sea days may be added to 9 the contract within the scope and maximum allowable sea days. 10 The following items define the operational services to be provided by the 11 contractor under this contract.
Functional Requirements Applications must implement controls that protect against known vulnerabilities and threats, including Open Web Application Security Project (OWASP) Top 10 Risks and denial of service (DDOS) attacks.
FDA Compliance The Company: (A) is and at all times has been in material compliance with all statutes, rules or regulations of the FDA and other comparable governmental entities applicable to the ownership, testing, development, manufacture, packaging, processing, use, distribution, marketing, labeling, promotion, sale, offer for sale, storage, import, export or disposal of any product under development, manufactured or distributed by the Company (“Applicable Laws”); (B) has not received any FDA Form 483, notice of adverse finding, warning letter, untitled letter or other correspondence or notice from the FDA or any governmental entity alleging or asserting material noncompliance with any Applicable Laws or any licenses, certificates, approvals, clearances, exemptions, authorizations, permits and supplements or amendments thereto required by any such Applicable Laws (“Authorizations”); (C) possesses all material Authorizations and such Authorizations are valid and in full force and effect and the Company is not in material violation of any term of any such Authorizations; (D) has not received notice of any claim, action, suit, proceeding, hearing, enforcement, investigation, arbitration or other action from the FDA or any governmental entity or third party alleging that any product operation or activity is in material violation of any Applicable Laws or Authorizations and has no knowledge that the FDA or any governmental entity or third party is considering any such claim, litigation, arbitration, action, suit, investigation or proceeding; (E) has not received notice that the FDA or any governmental entity has taken, is taking or intends to take action to limit, suspend, modify or revoke any material Authorizations and has no knowledge that the FDA or any governmental entity is considering such action; and (F) has filed, obtained, maintained or submitted all material reports, documents, forms, notices, applications, records, claims, submissions and supplements or amendments as required by any Applicable Laws or Authorizations and that all such reports, documents, forms, notices, applications, records, claims, submissions and supplements or amendments were materially complete and correct on the date filed (or were corrected or supplemented by a subsequent submission).
ADA Compliance A. The Americans with Disabilities Act (42 U.S.C. § 12101, et seq.) and the regulations thereunder (28 C.F.R. § 35.130) (“ADA”) prohibit discrimination against persons with disabilities by the State, whether directly or through contractual arrangements, in the provision of any aid, benefit, or service. As a condition of receiving this Agreement, the Company certifies that services, programs, and activities provided under this Agreement are and will continue to be in compliance with the ADA. B. The Company further certifies that all facilities utilized by the Company in the performance of this Agreement comply with State accessibility laws.