Health, Safety and Security 14.1 The Employer recognizes a responsibility to provide an environment intended to protect the health, safety and security of Members as they carry out their responsibilities. To that end, the Employer agrees:
(a) to maintain a Joint Health and Safety Committee (the JHSC) with broad representation drawn from all sectors of the University, including at least one (1) person appointed by the Association;
(b) to cooperate with the Association in making every reasonable provision for the safety, health and security of Members;
(c) to take reasonable measures to maintain the security of the buildings and grounds while at the same time maintaining reasonable access for Members who have a need for such access at times other than during regular working hours;
(d) to ensure that the Association has the right to appoint at least one (1) person to any representative committee whose terms of reference specifically include the health, safety or security of Members as they carry out their responsibilities;
(e) to comply with the Occupational Health and Safety Act, R.S.O. 1990, and relevant regulations thereto, as amended from time to time (the “Act”);
(f) that Members may refuse unsafe work pursuant to and in accordance with the relevant provisions of the Act for so doing;
(g) that Members report any known or potential dangers to their Xxxx;
(h) In addition, the Employer agrees:
i) to provide Members with health and safety training, personal protective equipment, and access to health and safety programs, policies and procedures;
ii) to provide resources for the JHSC;
iii) to compensate a CASBU Member who is eligible to be, and serves as, the person appointed by the Association to the JHSC when that service is outside the period of the Member’s contract;
iv) to provide training for the person appointed by the Association to the JHSC directly related to their duties and responsibilities in connection with the JHSC;
v) to recognize a JHSC Member’s right to be present during workplace safety testing and audits and receive written copies of any reports and recommendations from the testing/audits and a copy of a draft report if one is provided to the Employer;
vi) to recognize a JHSC Member’s right to have advance notice when advance notice is given by the Ministry of Labour of any Ministry of Labour inspection and to accompany a Ministry of Labour Inspector during an inspection and receive a copy of any report produced by the inspector.
14.2 The parties agree that all personal communications must adhere to the Personal Harassment and Discrimination Policy and the Nipissing University Acceptable Use Policy. Effective June 10, 2006, universities are subject to the Freedom of Information and Protection of Privacy Act (FIPPA). All records in the custody and control of the University will be subject to FIPPA with exceptions as defined by the Act. Persons may request and have a right to access University information or records. A record is defined under the Act as any record of information however recorded, whether in printed or electronic form, film, or otherwise and includes drafts, post-it notes, margin notes, hard drive files, emails, voice mails, electronic agendas, address books, and recording devices.
14.3 Unless required under FIPPA, and for the purposes of this Article, files are documents under a Member’s control and stored on University property, either in paper or electronic form. Such files do not include the Member’s official file in the Xxxx’x office nor the Personnel File of the Member in the Human Resources office.
14.4 On termination of a Member’s employment for any reason other than cause, the Employer will permit, by appointment only, accompanied access for a period of fifteen (15) working days (or longer with the agreement of the Xxxx) by the former Member or the Member’s executors to the Member’s files, whether in paper or electronic format. The purpose of the allowed access is for transferring required documents to other faculty, the Chair, or the Xxxx. Where files are not required to support continued student academic needs or ongoing operational requirements, the former Member or designate may remove or destroy their personal files. Items that are clearly of a personal nature or are owned by the former Member such as furniture, pictures, books, etc., may be removed at this time.
Safety and Security Contractor is responsible for maintaining safety in the performance of this Agreement. Contractor shall be responsible to ascertain from the District the rules and regulations pertaining to safety, security, and driving on school grounds, particularly when children are present.
Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.
HEALTH, SAFETY AND ENVIRONMENT In the performance of this Contract, Contractor and Operator shall conduct Petroleum Operations with due regard to health, safety and the protection of the environment (“HSE”) and the conservation of natural resources, and shall in particular:
Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor’s Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: ● SAO Toll Free Hotline: 1-800-TX-AUDIT ● SAO website: xxxx://xxx.xxxxx.xxxxx.xx.xx/ All reports made to the OIG must be made through one of the following avenues: ● OIG Toll Free Hotline 0-000-000-0000 ● OIG Website: XxxxxxXxxxxXxxxx.xxx ● Internal Affairs Email: XxxxxxxxXxxxxxxXxxxxxxx@xxxx.xxxxx.xx.xx ● OIG Hotline Email: XXXXxxxxXxxxxxx@xxxx.xxxxx.xx.xx. ● OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200
Data Protection and Security A. In this Agreement the following terms shall have the meanings respectively ascribed to them:
Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
National Environmental Policy Act All subrecipients must comply with the requirements of the National Environmental Policy Act (NEPA) 42 U.S.C. 4321 et seq., and the Council on Environmental Quality (CEQ) Regulations (40 C.F.R. Parts 1500-1508) for Implementing the Procedural Provisions of NEPA, which requires Subrecipients to use all practicable means within their authority, and consistent with other essential considerations of national policy, to create and maintain conditions under which people and nature can exist in productive harmony and fulfill the social, economic, and other needs of present and future generations of Americans.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Anti-Money Laundering and Red Flag Identity Theft Prevention Programs The Trust acknowledges that it has had an opportunity to review, consider and comment upon the written procedures provided by USBFS describing various tools used by USBFS which are designed to promote the detection and reporting of potential money laundering activity and identity theft by monitoring certain aspects of shareholder activity as well as written procedures for verifying a customer’s identity (collectively, the “Procedures”). Further, the Trust and USBFS have each determined that the Procedures, as part of the Trust’s overall Anti-Money Laundering Program and Red Flag Identity Theft Prevention Program, are reasonably designed to: (i) prevent each Fund from being used for money laundering or the financing of terrorist activities; (ii) prevent identity theft; and (iii) achieve compliance with the applicable provisions of the Bank Secrecy Act, Fair and Accurate Credit Transactions Act of 2003 and the USA Patriot Act of 2001 and the implementing regulations thereunder. Based on this determination, the Trust hereby instructs and directs USBFS to implement the Procedures on the Trust’s behalf, as such may be amended or revised from time to time. It is contemplated that these Procedures will be amended from time to time by the parties as additional regulations are adopted and/or regulatory guidance is provided relating to the Trust’s anti-money laundering and identity theft responsibilities. USBFS agrees to provide to the Trust:
(a) Prompt written notification of any transaction or combination of transactions that USBFS believes, based on the Procedures, evidence money laundering or identity theft activities in connection with the Trust or any Fund shareholder;
(b) Prompt written notification of any customer(s) that USBFS reasonably believes, based upon the Procedures, to be engaged in money laundering or identity theft activities, provided that the Trust agrees not to communicate this information to the customer;
(c) Any reports received by USBFS from any government agency or applicable industry self-regulatory organization pertaining to USBFS’ Anti-Money Laundering Program or the Red Flag Identity Theft Prevention Program on behalf of the Trust;
(d) Prompt written notification of any action taken in response to anti-money laundering violations or identity theft activity as described in (a), (b) or (c) immediately above; and
(e) Certified annual and quarterly reports of its monitoring and customer identification activities pursuant to the Procedures on behalf of the Trust. The Trust hereby directs, and USBFS acknowledges, that USBFS shall (i) permit federal regulators access to such information and records maintained by USBFS and relating to USBFS’ implementation of the Procedures, on behalf of the Trust, as they may request, and (ii) permit such federal regulators to inspect USBFS’ implementation of the Procedures on behalf of the Trust.
