Access Controls The system providing access to PHI COUNTY discloses to 20 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY 21 must use role based access controls for all user authentications, enforcing the principle of least privilege.
Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.
TIA Controls If any provision of this Indenture limits, qualifies, or conflicts with another provision which is required to be included in this Indenture by the TIA, the required provision shall control.
Books and Records; Internal Accounting Controls The records and documents of the Company and its Subsidiaries accurately reflect in all material respects the information relating to the business of the Company and the Subsidiaries, the location and collection of their assets, and the nature of all transactions giving rise to the obligations or accounts receivable of the Company or any Subsidiary. The Company and each of its Subsidiaries maintain a system of internal accounting controls sufficient, in the judgment of the Company's board of directors, to provide reasonable assurance that (i) transactions are executed in accordance with management's general or specific authorizations, (ii) transactions are recorded as necessary to permit preparation of financial statements in conformity with generally accepted accounting principles and to maintain asset accountability, (iii) access to assets is permitted only in accordance with management's general or specific authorization and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate actions are taken with respect to any differences.
Agreement Controls In the event that any term of any of the Loan Documents other than this Agreement conflicts with any express term of this Agreement, the terms and provisions of this Agreement shall control to the extent of such conflict.
Sxxxxxxx-Xxxxx; Internal Accounting Controls The Company and the Subsidiaries are in compliance with any and all applicable requirements of the Sxxxxxxx-Xxxxx Act of 2002 that are effective as of the date hereof, and any and all applicable rules and regulations promulgated by the Commission thereunder that are effective as of the date hereof and as of the Closing Date. The Company and the Subsidiaries maintain a system of internal accounting controls sufficient to provide reasonable assurance that: (i) transactions are executed in accordance with management’s general or specific authorizations, (ii) transactions are recorded as necessary to permit preparation of financial statements in conformity with GAAP and to maintain asset accountability, (iii) access to assets is permitted only in accordance with management’s general or specific authorization, and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. The Company and the Subsidiaries have established disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) for the Company and the Subsidiaries and designed such disclosure controls and procedures to ensure that information required to be disclosed by the Company in the reports it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms. The Company’s certifying officers have evaluated the effectiveness of the disclosure controls and procedures of the Company and the Subsidiaries as of the end of the period covered by the most recently filed periodic report under the Exchange Act (such date, the “Evaluation Date”). The Company presented in its most recently filed periodic report under the Exchange Act the conclusions of the certifying officers about the effectiveness of the disclosure controls and procedures based on their evaluations as of the Evaluation Date. Since the Evaluation Date, there have been no changes in the internal control over financial reporting (as such term is defined in the Exchange Act) of the Company and its Subsidiaries that have materially affected, or is reasonably likely to materially affect, the internal control over financial reporting of the Company and its Subsidiaries.
Xxxxxxxx-Xxxxx; Internal Accounting Controls The Company and the Subsidiaries are in compliance with any and all applicable requirements of the Xxxxxxxx-Xxxxx Act of 2002 that are effective as of the date hereof, and any and all applicable rules and regulations promulgated by the Commission thereunder that are effective as of the date hereof and as of the Closing Date. The Company and the Subsidiaries maintain a system of internal accounting controls sufficient to provide reasonable assurance that: (i) transactions are executed in accordance with management’s general or specific authorizations, (ii) transactions are recorded as necessary to permit preparation of financial statements in conformity with GAAP and to maintain asset accountability, (iii) access to assets is permitted only in accordance with management’s general or specific authorization, and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. The Company and the Subsidiaries have established disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) for the Company and the Subsidiaries and designed such disclosure controls and procedures to ensure that information required to be disclosed by the Company in the reports it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the Commission’s rules and forms. The Company’s certifying officers have evaluated the effectiveness of the disclosure controls and procedures of the Company and the Subsidiaries as of the end of the period covered by the most recently filed periodic report under the Exchange Act (such date, the “Evaluation Date”). The Company presented in its most recently filed periodic report under the Exchange Act the conclusions of the certifying officers about the effectiveness of the disclosure controls and procedures based on their evaluations as of the Evaluation Date. Since the Evaluation Date, there have been no changes in the internal control over financial reporting (as such term is defined in the Exchange Act) of the Company and its Subsidiaries that have materially affected, or is reasonably likely to materially affect, the internal control over financial reporting of the Company and its Subsidiaries.
Administrative Controls The Contractor must have the following controls in place:
a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Contractor staff for violating that policy.
b. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data.
c. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data.
Personal Controls a. Employee Training. All workforce members who assist in the performance of functions or activities on behalf of COUNTY in connection with Agreement, or access or disclose PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, must complete information privacy and security training, at least annually, at CONTRACTOR’s expense. Each workforce member who receives information privacy and security training must sign a certification, indicating the member’s name and the date on which the training was completed. These certifications must be retained for a period of six (6) years following the termination of Agreement.
Internal Accounting Controls The Company and each of its subsidiaries maintain a system of internal accounting controls sufficient to provide reasonable assurance that (i) transactions are executed in accordance with management's general or specific authorizations, (ii) transactions are recorded as necessary to permit preparation of financial statements in conformity with generally accepted accounting principles and to maintain asset accountability, (iii) access to assets is permitted only in accordance with management's general or specific authorization and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
