Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Records and Files The CNA shall maintain records, reports, and files to document the inspections conducted by the CNA and any necessary corrective action taken (as appropriate). Copies of all QCP related inspection reports and other documents shall be made available to the Commission when requested. All such documents shall be maintained by the CNA.
Data Use Each party may use Connected Account Data in accordance with this Agreement and the consent (if any) each obtains from each Connected Account. This consent includes, as to Stripe, consent it receives via the Connected Account Agreement.
Security of All Software Components Supplier will inventory all software components (including open source software) used in Deliverables, and provide such inventory to Accenture upon request. Supplier will assess whether any such components have any security defects or vulnerabilities that could lead to a Security Incident. Supplier will perform such assessment prior to providing Accenture with access to such software components and on an on-going basis thereafter during the term of the Agreement. Supplier will promptly notify Accenture of any identified security defect or vulnerability and remediate same in a timely manner. Supplier will promptly notify Accenture of its remediation plan. If remediation is not feasible in a timely manner, Supplier will replace the subject software component with a component that is not affected by a security defect or vulnerability and that does not reduce the overall functionality of the Deliverable(s).
Access to Data Operator shall make Data in the possession of the Operator available to the LEA within five (5) business days of a request by the LEA.
Database File The Servicer will provide the Successor Servicer with a magnetic tape (in a format reasonably acceptable to the Indenture Trustee and the Servicer) containing the database file for each Contract (i) as of the Initial Cutoff Date, (ii) the Subsequent Cutoff Date, (iii) thereafter, as of the last day of the preceding Due Period on each Determination Date prior to a Service Transfer and (iv) on and as of the Business Day before the actual commencement of servicing functions by the Successor Servicer following the occurrence of a Service Transfer.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes.
11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses.
11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.
Access to Files A copy of any completed evaluation which is to be placed in a nurse’s file shall be first reviewed with the nurse. The nurse shall initial such evaluation as having been read and shall have the opportunity to add her views to such evaluation prior to it being placed in her file. It is understood that such evaluations do not constitute disciplinary action by the Hospital against the nurse. Each nurse shall have reasonable access to all her files for the purpose of reviewing their contents in the presence of her supervisor. A copy of the evaluation will be provided to the nurse at her request. No document shall be used against a nurse where it has not been brought to her attention in a timely manner. Any letter of reprimand, suspension or other sanction will be removed from the record of a nurse eighteen months following the receipt of such letter, suspension or other sanction provided that the nurse’s record has been discipline free for one year. Newly hired part-time nurses shall beconsidered to be on probation for a period of sixty tours worked hours of work for nurses whose regular hours of work are other than the standard work day). If retained the sixty tours hours) worked. With the written consent of the or her designate, such probationary period may be extended. Where the Hospital requests an extension of the probationary period, it will provide notice to the Association at least fourteen calendar days prior to the expected date of expiration of the initial probationary period. It is to the probationary period will not exceed an additional sixty tours hours) worked and, where requested, the Hospital will advise the nurse and the Association of the basis of such extension. A nurse who transfers from casual part-time or full-time to regular not has previously completed one since her date of last hire. Where no such probationary period has been served, the number of tours worked (hours worked for nurses whose regular hours of work are other than the standard work day) during the nine months immediately preceding the transfer shall be credited towards the probationary period.
Malicious Use of Orphan Glue Records Registry Operator shall take action to remove orphan glue records (as defined at xxxx://xxx.xxxxx.xxx/en/committees/security/sac048.pdf) when provided with evidence in written form that such records are present in connection with malicious conduct.
