Agreement Controls In the event that any term of any of the Loan Documents other than this Agreement conflicts with any express term of this Agreement, the terms and provisions of this Agreement shall control to the extent of such conflict.
Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.
Access Controls The system providing access to PHI COUNTY discloses to 20 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY 21 must use role based access controls for all user authentications, enforcing the principle of least privilege.
Export Controls Both Parties will adhere to all applicable laws, regulations and rules relating to the export of technical data and will not export or re-export any technical data, any products received from the other Party or the direct product of such technical data to any proscribed country listed in such applicable laws, regulations and rules unless properly authorized.
Personal Controls a. Employee Training. All workforce members who assist in the performance of functions or activities on behalf of COUNTY in connection with Agreement, or access or disclose PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, must complete information privacy and security training, at least annually, at CONTRACTOR’s expense. Each workforce member who receives information privacy and security training must sign a certification, indicating the member’s name and the date on which the training was completed. These certifications must be retained for a period of six (6) years following the termination of Agreement.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Plan Document Controls The rights granted under this Agreement are in all respects subject to the provisions set forth in the Plan to the same extent and with the same effect as if set forth fully in this Agreement. If the terms of this Agreement conflict with the terms of the Plan document, the Plan document will control.
Plan Controls The terms contained in the Plan are incorporated into and made a part of this Agreement and this Agreement shall be governed by and construed in accordance with the Plan. In the event of any actual or alleged conflict between the provisions of the Plan and the provisions of this Agreement, the provisions of the Plan shall be controlling and determinative.
Management and Control Systems Grantee will:
1. maintain an appropriate contract administration system to ensure that all terms, conditions, and specifications are met during the term of the contract through the completion of the closeout procedures.
2. develop, implement, and maintain financial management and control systems that meet or exceed the requirements of Uniform Statewide Accounting System (UGMS). Those requirements and procedures include, at a minimum, the following:
i. Financial planning, including the development of budgets that adequately reflect all functions and resources necessary to carry out authorized activities and the adequate determination of costs;
ii. Financial management systems that include accurate accounting records that are accessible and identify the source and application of funds provided under each Contract of this Contract, and original source documentation substantiating that costs are specifically and solely allocable to a Contract and its Contract and are traceable from the transaction to the general ledger;
iii. Effective internal and budgetary controls;
iv. Comparison of actual costs to budget; determination of reasonableness, allowableness, and allocability of costs;
v. Timely and appropriate audits and resolution of any findings;
vi. Billing and collection policies; and
vii. Mechanism capable of billing and making reasonable efforts to collect from clients and third parties.
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means.
2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable).
3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically.
4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
