Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Customer Requirements Customer will be required to maintain complex passwords for their User accounts where applicable. For any such passwords LightEdge will provide a secure URL that any User can access to change passwords. All User passwords are set to a ninety (90) day password expiration schedule by default. LightEdge is not responsible for unexpected use of Services whether by ex-employees, compromised User passwords or any other misuse of Customer accounts. Customer shall be responsible for all costs incurred by such unexpected use of Service. Customer shall be fully responsible for providing to LightEdge at Customer’s own expense and in a timely manner the following: - All security for its Services and systems used or accessible in connection with Service; - Cooperative testing of all Customer-provided hardware, software, and Services for compatibility with Service; - Designating an Authorized Contact(s) to be the point of contact to interface with LightEdge Technical Support; - All cabling necessary to support Service; and - Physical and remote management access to any and all Servers onto which Service is installed.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
System Requirements Apple Software is supported only on Apple-branded hardware that meets specified system requirements as indicated by Apple.
Required Procurement Procedures for Obtaining Goods and Services The Grantee shall provide maximum open competition when procuring goods and services related to the grant- assisted project in accordance with Section 287.057, Florida Statutes.
Switching System Hierarchy and Trunking Requirements For purposes of routing PNG traffic to Verizon, the subtending arrangements between Verizon Tandem Switches and Verizon End Office Switches shall be the same as the Tandem/End Office subtending arrangements Verizon maintains for the routing of its own or other carriers’ traffic (i.e., traffic will be routed to the appropriate Verizon Tandem subtended by the terminating End Office serving the Verizon Customer). For purposes of routing Verizon traffic to PNG, the subtending arrangements between PNG Tandem Switches and PNG End Office Switches shall be the same as the Tandem/End Office subtending arrangements that PNG maintains for the routing of its own or other carriers’ traffic.
System Agency Data A. As between the Parties, all data and information acquired, accessed, or made available to Grantee by, through, or on behalf of System Agency or System Agency contractors, including all electronic data generated, processed, transmitted, or stored by Grantee in the course of providing data processing services in connection with Xxxxxxx’s performance hereunder (the “System Agency Data”), is owned solely by System Agency.
B. Grantee has no right or license to use, analyze, aggregate, transmit, create derivatives of, copy, disclose, or process the System Agency Data except as required for Grantee to fulfill its obligations under the Grant Agreement or as authorized in advance in writing by System Agency.
C. For the avoidance of doubt, Grantee is expressly prohibited from using, and from permitting any third party to use, System Agency Data for marketing, research, or other non-governmental or commercial purposes, without the prior written consent of System Agency.
D. Grantee shall make System Agency Data available to System Agency, including to System Agency’s designated vendors, as directed in writing by System Agency. The foregoing shall be at no cost to System Agency.
E. Furthermore, the proprietary nature of Xxxxxxx’s systems that process, store, collect, and/or transmit the System Agency Data shall not excuse Xxxxxxx’s performance of its obligations hereunder.
Network Requirements Customer shall be responsible for ensuring that all aspects of the applicable network environment(s) adhere to the applicable standards and requirements specified in the Documentation and are configured appropriately to its proposed use of Ordered SaaS Services.
Procedures for Providing NP Through Full NXX Code Migration Where a Party has activated an entire NXX for a single Customer, or activated at least eighty percent (80%) of an NXX for a single Customer, with the remaining numbers in that NXX either reserved for future use by that Customer or otherwise unused, if such Customer chooses to receive Telephone Exchange Service from the other Party, the first Party shall cooperate with the second Party to have the entire NXX reassigned in the LERG (and associated industry databases, routing tables, etc.) to an End Office operated by the second Party. Such transfer will be accomplished with appropriate coordination between the Parties and subject to appropriate industry lead times for movements of NXXs from one switch to another. Neither Party shall charge the other in connection with this coordinated transfer.
DRUG/ALCOHOL TESTING Section 33.1 Drug testing may be conducted on employees during their duty hours upon reasonable suspicion or randomly by computer selection. Alcohol testing will be conducted only upon reasonable suspicion. Reasonable suspicion that an employee used or is using a controlled substance or alcohol in an unlawful or abusive manner may be based upon, but not limited to:
A. Observable phenomena, such as direct observation of drug or alcohol use or possession and/or the physical symptoms of being under the influence of a drug or alcohol;
B. A pattern or abnormal conduct or erratic behavior, including abnormal leave patterns;
C. Arrest or conviction for a drug or alcohol-related offense, or the identification of an employee as the focus of a criminal investigation into illegal drug or alcohol possession, use, or trafficking;
D. Information provided either by reliable and credible sources or independently corroborated;
E. Evidence that an employee has tampered with a previous drug test;
F. Facts or circumstances developed in the course of an authorized investigation of an accident or unsafe working practices.
Section 33.2 Drug/alcohol testing shall be conducted solely for administrative purposes and the results obtained shall not be used in criminal proceedings. Under no circumstances may the results of drug/alcohol screening or testing be released to a third party for use in a criminal prosecution against the affected employee. The following procedure shall not preclude the Employer from other administrative action but such actions shall not be based solely upon the initial reagent testing results alone.
Section 33.3 All drug screening tests shall be conducted by laboratories meeting the standards of the Substance Abuse and Mental Health Service Administration. No test shall be considered positive until it has been confirmed by a Gas Chromatography/Mass Spectrometry. The procedures utilized by the Employer and testing laboratory shall include an evidentiary chain of custody control and split sample testing. All procedures shall be outlined in writing and this outline shall be followed in all situations arising under this article.
Section 33.4 Alcohol testing shall be done in accordance with the law of the State of Ohio to detect drivers operating a motor vehicle under the influence. A positive result shall entitle the Employer to proceed with sanctions as set forth in this Article.
Section 33.5 The results of the testing shall be delivered to a specified employee of the Employer with command responsibility and the employee tested. An employee whose confirmatory test result is positive shall have the right to request a certified copy of the testing results in which the vendor shall affirm that the test results were obtained using the approved protocol methods. The employee shall provide a signed release for disclosure of the testing results to the Employer. A representative for the bargaining unit shall have a right of access to the results upon request to the Employer, with the employee’s written consent. Refusal to submit to the testing provided for under this Agreement may be grounds for discipline.
A. If a drug screening test is positive, a confirmatory test shall be conducted utilizing the fluid from the primary sample.
B. In the event that any confirmation drug test results are positive, the employee is entitled to have the split sample tested by another DHHS-certified lab in the manner prescribed above at the employee’s expense. The employee must request the split sample test within seventy-two (72) hours of being notified of a positive result. The results of this test, whether positive or negative, shall be determinative.
Section 33.7 A list of three (3) testing laboratories shall be maintained by the Employer. These laboratories shall conduct any testing directed by the Employer. The Employer shall obtain the approval of the bargaining unit representative as to any laboratories put on this list, which approval shall not be unreasonably withheld.
Section 33.8 If after the testing required above has produced a positive result the Employer may require the employee to participate in any rehabilitation or detoxification program that is covered by the employee’s health insurance. Discipline allowed by the positive findings provided for above shall be deferred pending rehabilitation of the employee within a reasonable period. An employee who participates in a rehabilitation or detoxification program shall be allowed to use sick time and vacation leave for the period of the rehabilitation or detoxification program. If no such leave credits are available, the employee shall be placed on medical leave of absence without pay for the period of the rehabilitation or detoxification program. Upon completion of such program and upon receiving results from a retest demonstrating that the employee is no longer abusing a controlled substance/alcohol, the employee shall be returned to his/her former position. Such employee may be subject to periodic retesting upon his/her return to his/her position for a period of one (1) year from the date of his/her return to work. Any employee in a rehabilitation or detoxification program in accordance with this Article will not lose any seniority or benefits, should it be necessary for the employee to be placed on medical leave of absence without pay, for a period not to exceed ninety (90) days.
Section 33.9 If the employee refuses to undergo rehabilitation or detoxification, or if he/she tests positive during a retesting within one (1) year after his/her return to work from such a program, the employee shall be subject to disciplinary action, including removal from his/her position and termination of his/her employment.
Section 33.10 Costs of all drug screening tests and confirmatory tests shall be borne by the Employer except that any test initiated at the request of the employee shall be at the employee’s expense.
Section 33.11 The Employer may conduct four (4) tests of an employee during the one (1) year period after the employee has completed a rehabilitation or detoxification program as provided above.
Section 33.12 The provisions of this Article shall not require the Employer to offer a rehabilitation/detoxification program to any employee more than once.
