FERPA Compliance In connection with all FERPA Records that Contractor may create, receive or maintain on behalf of University pursuant to the Underlying Agreement, Contractor is designated as a University Official with a legitimate educational interest in and with respect to such FERPA Records, only to the extent to which Contractor (a) is required to create, receive or maintain FERPA Records to carry out the Underlying Agreement, and (b) understands and agrees to all of the following terms and conditions without reservation:
OSHA Compliance To the extent applicable to the services to be performed under this Agreement, Contractor represents and warrants, that all articles and services furnished under this Agreement meet or exceed the safety standards established and promulgated under the Federal Occupational Safety and Health Law (Public Law 91-596) and its regulations in effect or proposed as of the date of this Agreement.
ADA Compliance A. The Americans with Disabilities Act (42 U.S.C. § 12101, et seq.) and the regulations thereunder (28 C.F.R. § 35.130) (“ADA”) prohibit discrimination against persons with disabilities by the State, whether directly or through contractual arrangements, in the provision of any aid, benefit, or service. As a condition of receiving this Agreement, the Company certifies that services, programs, and activities provided under this Agreement are and will continue to be in compliance with the ADA.
HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.
PCI-DSS Compliance As applicable, Customer is responsible for ensuring that its use of the Cloud Service to store or process credit card data complies with applicable Payment Card Industry Data Security Standards (“PCI DSS”) requirements and shall not store credit card and social security data in the Cloud Service except in the designated encrypted fields for such data. During the Term, Oracle shall maintain PCI DSS compliance for those portions of the Cloud Service that are designated by Oracle as being designed to store and process credit card data. Any changes made to the Cloud Service by the Customer or at the Customer’s direction may affect the Customer’s compliance with PCI DSS requirements and Customer shall be solely responsible for ensuring that any such changes are compliant with PCI DSS requirements.
Software compliance Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence (like MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository. (If needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework such as Ansible. ○ Taking security aspects into consideration at every point in time. ○ Having automated testing in place. ○ Using code reviews. ○ Treating documentation as code. ○ Documentation should be available for developers, administrators and end users.
Program Compliance The School Board shall be responsible for monitoring the program to provide technical assistance and to ensure program compliance.