Record Maintenance and Retention A. Grantee shall keep and maintain under GAAP or GASB, as applicable, full, true, and complete records necessary to fully disclose to the System Agency, the Texas State Auditor’s Office, the United States Government, and their authorized representatives sufficient information to determine compliance with the terms and conditions of this Grant Agreement and all state and federal rules, regulations, and statutes.
Records Retention The Asset Representations Reviewer will maintain copies of Review Materials, Review Reports and internal work papers and correspondence (collectively the “Client Records”) for a period of two years after the termination of this Agreement. At the expiration of the retention period, the Asset Representations Reviewer shall return all Client Records to the Servicer, in electronic format or, to the extent held in tangible form, in that form. Upon the return of the Client Records, the Asset Representations Reviewer shall have no obligation to retain such Client Records or to respond to inquiries concerning any Asset Review.
Patch Management All workstations, laptops and other systems that process and/or 20 store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or 21 transmits on behalf of COUNTY must have critical security patches applied, with system reboot if 22 necessary. There must be a documented patch management process which determines installation 23 timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable 24 patches must be installed within thirty (30) calendar or business days of vendor release. Applications 25 and systems that cannot be patched due to operational reasons must have compensatory controls 26 implemented to minimize risk, where possible.