Physical Security Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to:
A. Secure all areas of Contractor facilities where personnel assist in the administration of the Medi-Cal program and use or disclose Medi-Cal PII. The Contractor shall ensure that these secure areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and access to premises is by official identification.
B. Ensure that there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at Contractor facilities and leased facilities where a large volume of Medi-Cal PII is stored.
C. Issue Contractor personnel who assist in the administration of the Medi-Cal program identification badges and require County Workers to wear the identification badges at facilities where Medi-Cal PII is stored or used.
D. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks or locked offices in facilities which are multi-use (meaning that there are personnel other than contractor personnel using common areas that are not securely segregated from each other.) The contractor shall have policies which indicate that Contractor and their personnel are not to leave records with Medi-Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airlines.
E. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.
Physical and Environmental Security Controls that provide reasonable assurance that access to physical servers at the production data center or the facility housing Provider’s SFTP Server, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls include:
a) Logging and monitoring of unauthorized access attempts to the data center by the data center security personnel;
b) Camera surveillance systems at critical internal and external entry points to the data center;
c) Systems that monitor and control the air temperature and humidity at appropriate levels for the computing equipment; and
d) Uninterruptible Power Supply (UPS) modules and backup generators that provide back-up power in the event of an electrical failure.
Regulation S Global Security to Restricted Global Security If a holder of a beneficial interest in a Regulation S Global Security deposited with or on behalf of DTC wishes at any time to transfer its interest in such Regulation S Global Security to a Person who wishes to take delivery thereof in the form of an interest in a Restricted Global Security, such holder may, subject to the rules and procedures DTC, exchange or cause the exchange of such interest for an equivalent beneficial interest in a Restricted Global Security. Upon receipt by the Trustee, as Certificate Registrar, of (I) instructions from DTC directing the Trustee, as Certificate Registrar, to cause to be credited a beneficial interest in a Restricted Global Security in an amount equal to the beneficial interest in such Regulation S Global Security to be exchanged but not less than the minimum denomination applicable to such holder’s Certificates held through a Restricted Global Security, to be exchanged, such instructions to contain information regarding the participant account with DTC to be credited with such increase, and (II) a certificate in the form of Exhibit N-2 hereto given by the holder of such beneficial interest and stating, among other things, that the Person transferring such interest in such Regulation S Global Security reasonably believes that the Person acquiring such interest in a Restricted Global Security is a QIB, is obtaining such beneficial interest in a transaction meeting the requirements of Rule 144A and in accordance with any applicable securities laws of any State of the United States or any other jurisdiction, then the Trustee, as Certificate Registrar, will reduce the principal amount of the Regulation S Global Security and increase the principal amount of the Restricted Global Security by the aggregate principal amount of the beneficial interest in the Regulation S Global Security to be transferred and the Trustee, as Certificate Registrar, shall instruct DTC, concurrently with such reduction, to credit or cause to be credited to the account of the Person specified in such instructions a beneficial interest in the Restricted Global Security equal to the reduction in the principal amount of the Regulation S Global Security.
Restricted Global Security to Regulation S Global Security If a holder of a beneficial interest in a Restricted Global Security deposited with or on behalf of DTC wishes at any time to exchange its interest in such Restricted Global Security for an interest in a Regulation S Global Security, or to transfer its interest in such Restricted Global Security to a Person who wishes to take delivery thereof in the form of an interest in a Regulation S Global Security, such holder, provided such holder is not a U.S. person, may, subject to the rules and procedures of DTC, exchange or cause the exchange of such interest for an equivalent beneficial interest in the Regulation S Global Security. Upon receipt by the Trustee, as Certificate Registrar, of (I) instructions from DTC directing the Trustee, as Certificate Registrar, to be credited a beneficial interest in a Regulation S Global Security in an amount equal to the beneficial interest in such Restricted Global Security to be exchanged but not less than the minimum denomination applicable to such holder’s Certificates held through a Regulation S Global Security, (II) a written order given in accordance with DTC’s procedures containing information regarding the participant account of DTC and, in the case of a transfer pursuant to and in accordance with Regulation S, the Euroclear or Clearstream account to be credited with such increase and (III) a certificate in the form of Exhibit N-1 hereto given by the holder of such beneficial interest stating that the exchange or transfer of such interest has been made in compliance with the transfer restrictions applicable to the Global Securities, including that the holder is not a U.S. person, and pursuant to and in accordance with Regulation S, the Trustee, as Certificate Registrar, shall reduce the principal amount of the Restricted Global Security and increase the principal amount of the Regulation S Global Security by the aggregate principal amount of the beneficial interest in the Restricted Global Security to be exchanged, and shall instruct Euroclear or Clearstream, as applicable, concurrently with such reduction, to credit or cause to be credited to the account of the Person specified in such instructions a beneficial interest in the Regulation S Global Security equal to the reduction in the principal amount of the Restricted Global Security.
Transfer of Beneficial Interests to Another Restricted Global Security A beneficial interest in a Transfer Restricted Global Security may be transferred to a Person who takes delivery thereof in the form of a beneficial interest in another Transfer Restricted Global Security if the transfer complies with the requirements of Section 2.2(b)(ii) above and the Registrar receives the following:
(A) if the transferee will take delivery in the form of a beneficial interest in a Rule 144A Global Security, then the transferor must deliver a certificate in the form attached to the applicable Security; and
(B) if the transferee will take delivery in the form of a beneficial interest in a Regulation S Global Security, then the transferor must deliver a certificate in the form attached to the applicable Security.
Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.
Security of Data a. Each of the parties shall:
i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons;
ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and
iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party.
b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission.
c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message.
d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall:
i. immediately investigate the cause, effect and extent of such breach;
ii. report the results of the investigation to the other party; and
iii. use all reasonable endeavours to rectify the cause of such breach.
e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Transfers of Mortgaged Property The Company shall use its best efforts to enforce any "due-on-sale" provision contained in any Mortgage or Mortgage Note and to deny assumption by the Person to whom the Mortgaged Property has been or is about to be sold whether by absolute conveyance or by contract of sale, and whether or not the Mortgagor remains liable on the Mortgage and the Mortgage Note. When the Mortgaged Property has been conveyed by the Mortgagor, the Company shall, to the extent it has knowledge of such conveyance, exercise its rights to accelerate the maturity of such Mortgage Loan under the "due-on-sale" clause applicable thereto, provided, however, that the Company shall not exercise such rights if prohibited by law from doing so or if the exercise of such rights would impair or threaten to impair any recovery under the related PMI Policy, if any. If the Company reasonably believes it is unable under applicable law to enforce such "due-on-sale" clause, the Company shall enter into (i) an assumption and modification agreement with the Person to whom such property has been conveyed, pursuant to which such Person becomes liable under the Mortgage Note and the original Mortgagor remains liable thereon or (ii) in the event the Company is unable under applicable law to require that the original Mortgagor remain liable under the Mortgage Note and the Company has the prior consent of the primary mortgage guaranty insurer, a substitution of liability agreement with the purchaser of the Mortgaged Property pursuant to which the original Mortgagor is released from liability and the purchaser of the Mortgaged Property is substituted as Mortgagor and becomes liable under the Mortgage Note. If an assumption fee is collected by the Company for entering into an assumption agreement the fee will be retained by the Company as additional servicing compensation. In connection with any such assumption, neither the Mortgage Interest Rate borne by the related Mortgage Note, the term of the Mortgage Loan, the outstanding principal amount of the Mortgage Loan nor any other material terms shall be changed without Purchaser's consent. To the extent that any Mortgage Loan is assumable, the Company shall inquire diligently into the credit worthiness of the proposed transferee, and shall use the underwriting criteria for approving the credit of the proposed transferee which are used with respect to underwriting mortgage loans of the same type as the Mortgage Loan. If the credit worthiness of the proposed transferee does not meet such underwriting criteria, the Company diligently shall, to the extent permitted by the Mortgage or the Mortgage Note and by applicable law, accelerate the maturity of the Mortgage Loan.
Security and Data Transfers Party shall comply with all applicable State and Agency of Human Services' policies and standards, especially those related to privacy and security. The State will advise the Party of any new policies, procedures, or protocols developed during the term of this agreement as they are issued and will work with the Party to implement any required. Party will ensure the physical and data security associated with computer equipment, including desktops, notebooks, and other portable devices, used in connection with this Agreement. Party will also assure that any media or mechanism used to store or transfer data to or from the State includes industry standard security mechanisms such as continually up-to-date malware protection and encryption. Party will make every reasonable effort to ensure media or data files transferred to the State are virus and spyware free. At the conclusion of this agreement and after successful delivery of the data to the State, Party shall securely delete data (including archival backups) from Party’s equipment that contains individually identifiable records, in accordance with standards adopted by the Agency of Human Services. Party, in the event of a data breach, shall comply with the terms of Section 7 above.
