Physical Access Control Unauthorized persons are prevented from gaining physical access to premises, buildings or rooms where data processing systems that process and/or use Personal Data are located.
System Access Control Data processing systems used to provide the Cloud Service must be prevented from being used without authorization.
Access Control Supplier will maintain an appropriate access control policy that is designed to restrict access to Accenture Data and Supplier assets to authorized Personnel. Supplier will require that all accounts have complex passwords that contain letters, numbers, and special characters, be changed at least every 90 days, and have a minimum length of 8 characters.
Network Access Control The VISION Web Site and the Distribution Support Services Web Site (the “DST Web Sites”) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All “listeners,” other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage.
Retirement System The withdrawal of employee contributions made on or after January 1, 2014 may also be withdrawn but only on an actuarially neutral basis. The actuarial present value of the pension reduction shall be equal to the amount of accumulated member contributions withdrawn. The actuarial present value shall computed using the interest rate used in the annual actuarial valuation and the mortality table used in the annual actuarial valuation with a 50% unisex blend.
Selection of Subcontractors, Procurement of Materials and Leasing of Equipment The contractor shall not discriminate on the grounds of race, color, religion, sex, national origin, age or disability in the selection and retention of subcontractors, including procurement of materials and leases of equipment. The contractor shall take all necessary and reasonable steps to ensure nondiscrimination in the administration of this contract.
a. The contractor shall notify all potential subcontractors and suppliers and lessors of their EEO obligations under this contract.
b. The contractor will use good faith efforts to ensure subcontractor compliance with their EEO obligations.
Transmission and Routing of Exchange Access Traffic PURSUANT TO 251(c)(2) 13 ARTICLE VI MEET-POINT BILLING ARRANGEMENTS 14 ARTICLE VII BLV/BLVI TRAFFIC 16
7.1 Busy Line Verification 16 7.2 Busy Line Verification Interrupt 16 7.3 BLV/BLVI Traffic 16 7.4 BLV/BLVI Compensation 16
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
Data Location 1.1. The CONTRACTOR shall not store or transfer non-public COUNTY data outside of the United States. This includes backup data and Disaster Recovery locations. The CONTRACTOR will permit its personnel and contractors to access COUNTY data remotely only as required to provide technical support. (Remote access to data from outside the continental United States is prohibited unless approved in advance and in writing by the County.)
1.2. The CONTRACTOR must notify the COUNTY in advance and in writing of any location changes to CONTRACTOR’s data center(s) that will process or store County data.
