Technical and Organisational Measures (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement. (2) The Supplier shall establish the security in accordance with Article 28 Paragraph 3 Point c, and Article 32 GDPR in particular in conjunction with Article 5 Paragraph 1, and Paragraph 2 GDPR. The measures to be taken are measures of data security and measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of processing as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 Paragraph 1 GDPR must be taken into account. [Details in Appendix 1] (3) The Technical and Organisational Measures are subject to technical progress and further development. In this respect, it is permissible for the Supplier to implement alternative adequate measures. In so doing, the security level of the defined measures must not be reduced. Substantial changes must be documented.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Training and Development 3.1 Authorities will develop local 'Workforce Development Plans (see Part 4.8),' closely linked to their service delivery plans, which will provide the focus for the establishment of training and development priorities. Training and development should be designed to meet the corporate and service needs of authorities both current and in the future, taking into account the individual needs of employees. Local schemes on training and development should enable authorities to attain their strategic objectives through development of their employees. Training and development provisions should be shaped to local requirements and take account of the full range of learning methods. Such an approach should enable access to learning for all employees. The needs of part time employees and shift workers need particular consideration. 3.2 Employees attending or undertaking required training are entitled to payment of normal earnings; all prescribed fees and other relevant expenses arising. Employees are also entitled to paid leave for the purpose of sitting for required examinations. When attending training courses outside contracted daily hours, part-time employees should be paid on the same basis as full- time employees. (Assistance for other forms of learning, for example that directed at individual development, will be locally determined). Some training can be very expensive and authorities may require repayment of all or part of the costs incurred should an employee leave the authority before a reasonable time period has expired. The authority's policy in this regard should be made explicit. 3.3 Objectives for training and development programmes should include the following: • To enable Councils to attain their strategic objectives via investment in their employees. • To promote equity of access to learning. • To encourage employees to develop their skills and level of responsibility to the maximum of their individual potential. • To widen and modernise the skills profile of employees to maximise their versatility, employability and so, job security. • To enable employees to raise productivity, quality and customer service in pursuit of sustainable improvement 3.4 Authorities should establish local partnership arrangements, to include recognised trade unions, to develop their local workforce development plans. 3.5 The NJC endorses partnership provision such as the "Return to Learn" scheme. Authorities and the recognised trade unions shall encourage and support employees taking on the statutory Union Learning Representative (ULR) role. This will include agreeing facilities and paid release in accordance with statutory provisions. ULRs should be enabled to play a full part in promoting and implementing local training and development programmes.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
Global Safeguard Measures Each Party retains its rights and obligations under Article XIX of the GATT 1994 and the WTO Agreement on Safeguards. In taking measures under these WTO provisions, a Party shall, consistent with WTO law and jurisprudence and in accordance with its domestic legislation, exclude imports of an originating product from one or several Parties if such imports do not in and of themselves cause or threaten to cause serious injury.
Technical and Organizational Measures The following sections define SAP’s current technical and organizational measures. SAP may change these at any time without notice so long as it maintains a comparable or better level of security. Individual measures may be replaced by new measures that serve the same purpose without diminishing the security level protecting Personal Data.
Joint Occupational Health and Safety Committee The Employer and the Union recognize the role of the joint Occupational Health and Safety Committee in promoting a safe and healthful workplace. The parties agree that a Joint Occupational Health and Safety Committee shall be established for each Employer covered by this Collective Agreement. The Committee shall govern itself in accordance with the provisions of the Industrial Health and Safety Regulations made pursuant to the Workers’ Compensation Act. The Committee shall be as between the Employer and the Union, with equal representation, and with each party appointing its own representatives. Representatives of the Union shall be chosen by the Union membership or appointed by the Union. All minutes of the meetings of the Joint Occupational Health & Safety Committee will be recorded in a mutually agreeable format and will be sent to the Union. The Union further agrees to actively pursue with the other Health Care Unions a Joint Union Committee for the purposes of this Article. The Employer agrees to provide or cause to be provided to Employer members of the Joint Occupational Health and Safety Committee adequate training and orientation to the duties and responsibilities of committee members to allow the incumbents to fulfil those duties competently. The Union agrees to provide or cause to be provided to Union members of the Joint Occupational Health and Safety Committee adequate training and orientation to the duties and responsibilities of committee members to allow the incumbents to fulfil those duties competently. Such training and orientation shall take place within six (6) months of taking office.
Reactive Power and Primary Frequency Response 9.6.1 Power Factor Design Criteria
Occupational Health and Safety Committee (a) The parties agree that a joint occupational health and safety committee will be established. The Committee shall govern itself in accordance with the provisions of the Occupational Health and Safety Regulations made pursuant to the Workers Compensation Act. The Committee shall be between the Employer and the Union, with equal representation, and with each party appointing its own representatives. The Union agrees to actively pursue with the other Health Care unions, where more than one union is certified with the Employer, a joint union/employer committee for the purposes of the Occupational Health and Safety Regulations. (b) Employees who are members of the Committee shall be granted leave without loss of pay or receive straight-time regular wages while attending meetings of the Joint Committee. Employees who are members of the Committee shall be granted leave without loss of pay or receive straight-time regular wages to participate in joint workplace inspections and joint accident investigations at the request of the Committee pursuant to the WCB Occupational Health and Safety Regulations. Committee meetings, workplace inspections and accident investigations shall be scheduled during normal working hours whenever practicable. (c) The Occupational Health and Safety Committee shall have as part of its mandate the jurisdiction to receive complaints or concerns regarding workload problems which are safety-related, the right to investigate such complaints, the right to define the problem and the right to make recommendations for a solution. Where the Committee determines that a safety-related workload problem exists, it shall inform the Employer. Within 21 days thereafter, the Employer shall advise the Committee what steps it has taken or proposes to take to rectify the safety-related workload problem identified by the Committee. If the Union is not satisfied with the Employer's response, it may refer the matter to the Industry Trouble shooter for a written recommendation. (d) No employee shall be disciplined for refusal to work when excused by the provisions of the
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
