New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
System Agency Data A. As between the Parties, all data and information acquired, accessed, or made available to Grantee by, through, or on behalf of System Agency or System Agency contractors, including all electronic data generated, processed, transmitted, or stored by Grantee in the course of providing data processing services in connection with Xxxxxxx’s performance hereunder (the “System Agency Data”), is owned solely by System Agency.
B. Grantee has no right or license to use, analyze, aggregate, transmit, create derivatives of, copy, disclose, or process the System Agency Data except as required for Grantee to fulfill its obligations under the Grant Agreement or as authorized in advance in writing by System Agency.
C. For the avoidance of doubt, Grantee is expressly prohibited from using, and from permitting any third party to use, System Agency Data for marketing, research, or other non-governmental or commercial purposes, without the prior written consent of System Agency.
D. Grantee shall make System Agency Data available to System Agency, including to System Agency’s designated vendors, as directed in writing by System Agency. The foregoing shall be at no cost to System Agency.
E. Furthermore, the proprietary nature of Xxxxxxx’s systems that process, store, collect, and/or transmit the System Agency Data shall not excuse Xxxxxxx’s performance of its obligations hereunder.
Use of Facilities and Equipment The Association shall have the right to use school facilities and equipment not otherwise in use. Such equipment shall not be removed from the building without permission of the building principal. The individual using the equipment shall be responsible for repair or replacement costs beyond normal wear and tear if the equipment is damaged, stolen, or lost. The Association shall pay for the reasonable cost of all materials and supplies incident to such use. The Association may use school buildings for meetings by arranging such use with the building principals.
System Upgrade Facilities and System Deliverability Upgrades Connecting Transmission Owner shall design, procure, construct, install, and own the System Upgrade Facilities and System Deliverability Upgrades described in Appendix A hereto. The responsibility of the Developer for costs related to System Upgrade Facilities and System Deliverability Upgrades shall be determined in accordance with the provisions of Attachment S to the NYISO OATT.
Facilities and Equipment Except as set forth herein, Consultant shall, at its sole cost and expense, provide all facilities and equipment that may be necessary to perform the services required by this Agreement. City shall make available to Consultant only the facilities and equipment listed in this section, and only under the terms and conditions set forth herein. City shall furnish physical facilities such as desks, filing cabinets, and conference space, as may be reasonably necessary for Consultant’s use while consulting with City employees and reviewing records and the information in possession of the City. The location, quantity, and time of furnishing those facilities shall be in the sole discretion of City. In no event shall City be obligated to furnish any facility that may involve incurring any direct expense, including but not limited to computer, long-distance telephone or other communication charges, vehicles, and reproduction facilities.
DTC DIRECT REGISTRATION SYSTEM AND PROFILE MODIFICATION SYSTEM (a) Notwithstanding the provisions of Section 2.04, the parties acknowledge that the Direct Registration System (“DRS”) and Profile Modification System (“Profile”) shall apply to uncertificated American Depositary Shares upon acceptance thereof to DRS by DTC. DRS is the system administered by DTC pursuant to which the Depositary may register the ownership of uncertificated American Depositary Shares, which ownership shall be evidenced by periodic statements issued by the Depositary to the Owners entitled thereto. Profile is a required feature of DRS which allows a DTC participant, claiming to act on behalf of an Owner of American Depositary Shares, to direct the Depositary to register a transfer of those American Depositary Shares to DTC or its nominee and to deliver those American Depositary Shares to the DTC account of that DTC participant without receipt by the Depositary of prior authorization from the Owner to register such transfer.
(b) In connection with and in accordance with the arrangements and procedures relating to DRS/Profile, the parties understand that the Depositary will not verify, determine or otherwise ascertain that the DTC participant which is claiming to be acting on behalf of an Owner in requesting a registration of transfer and delivery as described in subsection (a) has the actual authority to act on behalf of the Owner (notwithstanding any requirements under the Uniform Commercial Code). For the avoidance of doubt, the provisions of Sections 5.03 and 5.08 shall apply to the matters arising from the use of the DRS. The parties agree that the Depositary’s reliance on and compliance with instructions received by the Depositary through the DRS/Profile System and in accordance with this Deposit Agreement shall not constitute negligence or bad faith on the part of the Depositary.
Use of Interconnection Facilities by Third Parties 6551 Error! Hyperlink reference not valid.9.9.1 Purpose of Interconnection Facilities. 6551
Selection of Subcontractors, Procurement of Materials and Leasing of Equipment The contractor shall not discriminate on the grounds of race, color, religion, sex, national origin, age or disability in the selection and retention of subcontractors, including procurement of materials and leases of equipment. The contractor shall take all necessary and reasonable steps to ensure nondiscrimination in the administration of this contract.
a. The contractor shall notify all potential subcontractors and suppliers and lessors of their EEO obligations under this contract.
b. The contractor will use good faith efforts to ensure subcontractor compliance with their EEO obligations.
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Use of Facilities and Services Subject to the rules of the University and the terms of this Agreement, the UFF shall have the right to use University facilities for meetings and all other services on the same basis as they are generally available to other university-related organizations which are defined as follows: University-Related Groups and Organizations. These groups and organizations may or may not receive budgetary support. Examples of such groups include student organizations, honor societies, fraternities, sororities, alumni associations, faculty committees, University Support Personnel Systems council, direct support organizations, the United Faculty of Florida, etc.
