Technical and Organizational Measures The following sections define SAP’s current technical and organizational measures. SAP may change these at any time without notice so long as it maintains a comparable or better level of security. Individual measures may be replaced by new measures that serve the same purpose without diminishing the security level protecting Personal Data.
Technical and Organisational Measures (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.
(2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1]
(3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.
Foreign-Owned Companies in Connection with Critical Infrastructure If Texas Government Code, Section 2274.0102(a)(1) (relating to prohibition on contracts with certain foreign-owned companies in connection with critical infrastructure) is applicable to this Contract, pursuant to Government Code Section 2274.0102, Contractor certifies that neither it nor its parent company, nor any affiliate of Contractor or its parent company, is: (1) majority owned or controlled by citizens or governmental entities of China, Iran, North Korea, Russia, or any other country designated by the Governor under Government Code Section 2274.0103, or (2) headquartered in any of those countries.
Information Systems Acquisition Development and Maintenance a. Client Data – Client Data will only be used by State Street for the purposes specified in this Agreement.
Statewide HUB Program Statewide Procurement Division Note: In order for State agencies and institutions of higher education (universities) to be credited for utilizing this business as a HUB, they must award payment under the Certificate/VID Number identified above. Agencies, universities and prime contractors are encouraged to verify the company’s HUB certification prior to issuing a notice of award by accessing the Internet (xxxxx://xxxxx.xxx.xxxxx.xx.xx/tpasscmblsearch/index.jsp) or by contacting
RESPONSIBILITIES OF THE UNIVERSITY The UNIVERSITY shall designate in writing a faculty member to coordinate with a designee of the FIELDWORK SITE.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
(2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards.
(3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity.
(4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract.
(5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware.
(6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information.
(7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request.
(8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity.
(9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards.
(10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder.
(12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule.
(13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316.
(14) In the event that an Individual requests that the Business Associate
(A) restrict disclosures of PHI;
(B) provide an accounting of disclosures of the Individual’s PHI;
(C) provide a copy of the Individual’s PHI in an Electronic Health Record; or
(D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request.
(15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without
(A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and
(B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations.
(16) Obligations in the Event of a Breach.
(A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract.
(B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach.
(C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information:
1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed.
2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code).
3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach.
4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches.
5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.
Professional Development; Adverse Consequences of School Exclusion; Student Behavior The Board President or Superintendent, or their designees, will make reasonable efforts to provide ongoing professional development to Board members about the adverse consequences of school exclusion and justice-system involvement, effective classroom management strategies, culturally responsive discipline, appropriate and available supportive services for the promotion of student attendance and engagement, and developmentally appropriate disciplinary methods that promote positive and healthy school climates, i.e., Senate Bill 100 training topics. The Board will conduct periodic self-evaluations with the goal of continuous improvement. New Board Member Orientation The orientation process for newly elected or appointed Board members includes:
PROFESSIONAL DEVELOPMENT AND EDUCATIONAL IMPROVEMENT A. The Board of Education agrees to pay the actual tuition costs of courses taken by a teacher at accredited colleges or universities up to three courses per two (2) year fiscal periods from July 1, 2006 to June 30, 2008 and July 1, 2008 to June 30, 2010 respectively, except as follows:
1. No teacher may be reimbursed for courses taken during the first year of teaching in Vineland.
2. Teachers taking courses in the second and third years of employment in Vineland will not receive remuneration until tenure has been secured. The remuneration will then be retroactive and will be paid to the teacher in a lump sum within sixty (60) days after the teacher has secured tenure.
3. All courses must be pre-approved by the Superintendent or his designee subject to the following requirements:
(a) A teacher must provide official documentation that he/she has obtained a grade of B or better;
(b) Reimbursement shall be paid only for courses directly related to teacher’s teaching field which increase the teacher’s content knowledge and are related to the teacher’s current certification, as determined by the Superintendent or his/her designee in his/her sole discretion; no reimbursement shall be paid for courses leading to a post graduate or professional degree in a field other than education or teaching. Further, effective September 1, 2010, all newly hired teachers shall not be eligible for reimbursement until they are tenured, and they shall not be eligible for retroactive reimbursement upon gaining tenure for courses taken prior to being tenured.
(c) The maximum total payments to be made by the Board shall not exceed $130,000.00. Courses shall be applied for no earlier than the following dates: Summer Session - April 1 Fall/Winter Session - June 1 Spring Session - October 1 Courses must, as set forth hereinabove in this sub-article 18.A.3, be pre-approved by the Superintendent or his designee, prior to the teacher commencing the course(s); and
(d) Teacher taking courses shall sign a contract requiring them to reimburse the Board for all tuition paid for a course if the teacher shall voluntarily leave the employ of the Board within one (1) full school/academic year of completion of said course, except that reimbursement shall not be required when the teacher shall voluntarily leave the employ of the Board due to a significant, documented life change.
4. Tuition reimbursement costs shall be a sum not to exceed the actual cost of college credits charged in an accredited public State college/University of the State of New Jersey.
B. When the Superintendent initiates in-service training courses, workshops, conferences and programs designed to improve the quality of instruction, the cooperation of the Vineland Education Association will be solicited. Notwithstanding the above, the initiation of in-service training courses, workshops, conferences and programs shall be determined solely at the discretion of the Board.
C. One professional leave day may be granted to a teacher upon request, according to the following guidelines:
1. The professional day may be for attendance at a workshop, seminar or visit to another school for the expressed purpose of self professional improvement for the job.
2. The request shall arrive in the office of the Superintendent of Schools at least ten (10) working days prior to the date requested and shall be reviewed by the immediate supervisor prior to submission. The Board reserves the right to deny a professional leave day before or immediately following a holiday or on a day which by its nature suggests a hardship for providing a substitute.
3. No more than two teachers from any one elementary school or from any one department in the secondary schools may be granted a professional leave for a given day.
4. The teacher may be required to submit a report to the Superintendent of Schools, Assistant Superintendent, supervisor (s), principal and staff regarding the activity of the professional day.
5. Costs incurred by the teacher for the professional day authorized under this Section shall be the teacher’s responsibility.
6. A maximum of 90 professional leave days may be authorized for the school year which shall be apportioned as follows: elementary, 35; grades seven and eight, 20; and high school, 35.
D. If the Board initiates a teacher’s attendance at a professional workshop, seminar or visit, the expenses shall be the responsibility of the Board. Further, this day shall not be subtracted from the 90 professional leave days granted to teachers of the Association.
E. The Board agrees to pay the full cost of courses taken by secretaries related to skills and knowledge improvement when such courses are required and approved by the Board.
F. The Board and the Association agree that it is important to communicate when developing and implementing current and future learning technologies, including but not limited to distance and on-line learning.
DEVELOPMENT OR ASSISTANCE IN DEVELOPMENT OF SPECIFICATIONS REQUIREMENTS/ STATEMENTS OF WORK
