SECURITY CLEARANCE REQUIREMENTS The OCO must tailor security requirements (both facility and employee), clauses, provisions, and other applicable terms and conditions specific to each task order’s solicitation and award. Only those Contractors that meet the required security clearance levels on individual task order solicitations are eligible to compete for such task orders. In general, all necessary facility and employee security clearances shall be at the expense of the Contractor. In some cases, Government offices that conduct background investigations do not have a means for accepting direct compensation from Contractors and instead charge customer agencies for the background investigations. In these cases, the Contractor shall be flexible in establishing ways of reimbursing the Government for these expenses. The individual task order should specify the terms and conditions for reimbursement, if any, for obtaining security clearances. The Contractor shall comply with all security requirements in task orders awarded under OASIS SB.
Compliance Services (a) If Schedule I contains a requirement for the BNY to provide the Fund with compliance services, such services shall be provided pursuant to the terms of this Section 6 (the “Compliance Services”). The precise compliance review and testing services to be provided shall be as mutually agreed between the BNY and each Fund, and the results of the BNY’s Compliance Services shall be detailed in a compliance summary report (the “Compliance Summary Report”) prepared on a periodic basis as mutually agreed. Each Compliance Summary Report shall be subject to review and approval by the Fund. The BNY shall have no responsibility or obligation to provide Compliance Services other that those services specifically listed in Schedule I.
(b) The Fund will examine each Compliance Summary Report delivered to it by the BNY and notify the BNY of any error, omission or discrepancy within ten (10) days of its receipt. The Fund agrees to notify the BNY promptly if it fails to receive any such Compliance Summary Report. The Fund further acknowledges that unless it notifies the BNY of any error, omission or discrepancy within 10 days, such Compliance Summary Report shall be deemed to be correct and conclusive in all respects. In addition, if the Fund learns of any out-of-compliance condition before receiving a Compliance Summary Report reflecting such condition, the Fund will notify the BNY of such condition within one business day after discovery thereof.
(c) While the BNY will endeavor to identify out-of-compliance conditions, the BNY does not and could not for the fees charged, make any guarantees, representations or warranties with respect to its ability to identify all such conditions. In the event of any errors or omissions in the performance of Compliance Services, the Fund’s sole and exclusive remedy and the BNY’s sole liability shall be limited to re-performance by the BNY of the Compliance Services affected and in connection therewith the correction of any error or omission, if practicable and the preparation of a corrected report, at no cost to the Fund.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Operator’s Security Contact Information Xxxxxxx X. Xxxxxxx Named Security Contact xxxxxxxx@xxxxxxxxx.xxx Email of Security Contact (000) 000-0000 Phone Number of Security Contact
Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.
Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.
CONTRACT COMPLIANCE REQUIREMENT The HUB requirement on this Contract is 0%. The student engagement requirement of this Contract is 0 hours. The Career Education requirement for this Contract is 0 hours. Failure to achieve these requirements may result in the application of some or all of the sanctions set forth in Administrative Policy 3.10, which is hereby incorporated by reference.
