Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.
Physical Security Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to:
A. Secure all areas of Contractor facilities where personnel assist in the administration of the Medi-Cal program and use or disclose Medi-Cal PII. The Contractor shall ensure that these secure areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and access to premises is by official identification.
B. Ensure that there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at Contractor facilities and leased facilities where a large volume of Medi-Cal PII is stored.
C. Issue Contractor personnel who assist in the administration of the Medi-Cal program identification badges and require County Workers to wear the identification badges at facilities where Medi-Cal PII is stored or used.
D. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks or locked offices in facilities which are multi-use (meaning that there are personnel other than contractor personnel using common areas that are not securely segregated from each other.) The contractor shall have policies which indicate that Contractor and their personnel are not to leave records with Medi-Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airlines.
E. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.
Security of Data a. Each of the parties shall:
i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons;
ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and
iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party.
b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission.
c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message.
d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall:
i. immediately investigate the cause, effect and extent of such breach;
ii. report the results of the investigation to the other party; and
iii. use all reasonable endeavours to rectify the cause of such breach.
e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.
Physical and Environmental Security Controls that provide reasonable assurance that access to physical servers at the production data center or the facility housing Provider’s SFTP Server, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls include:
a) Logging and monitoring of unauthorized access attempts to the data center by the data center security personnel;
b) Camera surveillance systems at critical internal and external entry points to the data center;
c) Systems that monitor and control the air temperature and humidity at appropriate levels for the computing equipment; and
d) Uninterruptible Power Supply (UPS) modules and backup generators that provide back-up power in the event of an electrical failure.
Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Inspection of Property, Books and Records The Borrower will keep, and will cause each Subsidiary to keep, proper books of record and account in which full, true and correct entries shall be made of all dealings and transactions in relation to its business and activities; and will permit, and will cause each Subsidiary to permit, representatives of any Bank at such Bank's expense to visit and inspect any of their respective properties, to examine and make abstracts from any of their respective books and records and to discuss their respective affairs, finances and accounts with their respective officers, employees and independent public accountants, all at such reasonable times and as often as may reasonably be desired.
Inspection of Property; Books and Records; Discussions Keep proper books of records and account in which full, true and correct entries in conformity with GAAP and all Requirements of Law shall be made of all dealings and transactions in relation to its business and activities; and permit representatives of any Lender (upon reasonable advance notice coordinated through the Administrative Agent) to visit and inspect any of its properties and examine and make abstracts from any of its books and records at any reasonable time and as often as may reasonably be desired and to discuss the business, operations, properties and financial and other condition of the Borrower and its Subsidiaries with officers and employees of the Borrower and its Subsidiaries and with its independent certified public accountants.
Books and Records; Transfers of Mortgage Loans From and after the sale of the Mortgage Loans to the Purchaser all rights arising out of the Mortgage Loans including but not limited to all funds received on or in connection with the Mortgage Loans, shall be received and held by the Company in trust for the benefit of the Purchaser as owner of the Mortgage Loans, and the Company shall retain record title to the related Mortgages for the sole purpose of facilitating the servicing and the supervision of the servicing of the Mortgage Loans. The sale of each Mortgage Loan shall be reflected on the Company’s balance sheet and other financial statements as a sale of assets by the Company. The Company shall be responsible for maintaining, and shall maintain, a complete set of books and records for each Mortgage Loan which shall be marked clearly to reflect the ownership of each Mortgage Loan by the Purchaser. In particular, the Company shall maintain in its possession, available for inspection by the Purchaser, or its designee and shall deliver to the Purchaser upon demand, evidence of compliance with all federal, state and local laws, rules and regulations, including but not limited to documentation as to the method used in determining the applicability of the provisions of the Flood Disaster Protection Act of 1973, as amended, to the Mortgaged Property, documentation evidencing insurance coverage and eligibility of any condominium project for approval by Fxxxxx Mxx and periodic inspection reports as required by Section 4.13. To the extent that original documents are not required for purposes of realization of Liquidation Proceeds or Insurance Proceeds, documents maintained by the Company may be in the form of microfilm or microfiche or such other reliable means of recreating original documents, including but not limited to, optical imagery techniques. The Company shall maintain with respect to each Mortgage Loan and shall make available for inspection by any Purchaser or its designee the related Servicing File during the time the Purchaser retains ownership of a Mortgage Loan and thereafter in accordance with applicable laws and regulations. The Company shall keep at its servicing office books and records in which, subject to such reasonable regulations as it may prescribe, the Company shall note transfers of Mortgage Loans. No transfer of a Mortgage Loan may be made unless such transfer is in compliance with the terms hereof. For the purposes of this Agreement, the Company shall be under no obligation to deal with any person with respect to this Agreement or the Mortgage Loans unless the books and records show such person as the owner of the Mortgage Loan. The Purchaser may, subject to the terms of this Agreement, sell and transfer one or more of the Mortgage Loans, provided, however, that (i) the transferee will not be deemed to be a Purchaser hereunder binding upon the Company unless (a) such transferee shall agree in writing to be bound by the terms of this Agreement and an original counterpart of the instrument of transfer and an assignment and assumption of this Agreement in the form of Exhibit G hereto executed by the transferee shall have been delivered to the Company, or (b) the transferee is an affiliate of the Purchaser, a depositor, a trustee or any other appropriate party in a Pass-through Transfer and (ii) in no event shall there be more than five Persons at any given time having the status of “Purchaser” hereunder. The Purchaser also shall advise the Company of the transfer. Upon receipt of notice of the transfer, the Company shall mxxx its books and records to reflect the ownership of the Mortgage Loans of such assignee, and shall release the previous Purchaser from its obligations hereunder with respect to the Mortgage Loans sold or transferred.
Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.