SOC Reporting Requirements Sample Clauses

SOC Reporting Requirements. (a) Subject to this section and unless otherwise agreed to in writing by the Commonwealth, the Contractor shall, and shall require its subcontractors to engage, on an annual basis, a CPA certified third-party auditing firm to the following, as applicable: (i) a SOC 1 Type II report with respect to controls used by the Contractor relevant to internal and external procedures and systems that process Commonwealth financial transactions; and (ii) a SOC 2 Type II report with respect to controls used by the Contractor relevant to internal and external procedures and systems that access, process, host or contain Commonwealth Data designated as Class “C” Classified Records or Closed Records, as defined in ITP-SEC019, or in compliance with mandates by federal or state audit requirements and/or policy. Unless otherwise agreed to in writing by the Commonwealth, SOC Reports shall be provided upon contract execution and annually thereafter. While it is preferable that SOC Reports coincide with Pennsylvania’s fiscal year (July 1 through June 30), SOC Reports, at the very least, must cover at least 6 consecutive months of Pennsylvania’s fiscal year. (b) SOC 2 Type II report reports shall address the following: (i) Security of Information and Systems; (ii) Availability of Information and Systems; (iii) Processing Integrity; (iv) Confidentiality; (v) Privacy; and (vi) If applicable, compliance with the laws, regulations standards or policies designed to protect the information identified in ITP-SEC019 or other information identified as protected or Confidential by this Contract or under law. (c) At the request of the Commonwealth, the Contractor shall complete a SOC for Cybersecurity audit in the event: (i) repeated non-conformities are identified in any SOC report required by subsection (a); or (ii) if the Contractor’s business model changes (such as a merger, acquisition, or change sub-contractors, etc.). The SOC for Cybersecurity report shall detail the controls used by the Contractor setting forth the description and effectiveness of Contractor’s cybersecurity risk management program and the policies, processes and controls enacted to achieve each cybersecurity objective. The Contractor shall provide to the Commonwealth a report of the SOC for Cybersecurity audit findings within 60 days of its completion. (d) In addition to Appendix G, Framework for Independent Third-Party Security and Privacy Assessment Guidelines for Medicaid Enterprise Systems (MES) and this Attachm...
Sample 1
AutoNDA by SimpleDocs
SOC Reporting Requirements. Subject to this section and unless otherwise agreed to in writing by the Agency, the Licensor shall, and shall require its subcontractors to, engage, on an annual basis, a CPA certified third-party auditing firm to conduct the following, as applicable:
Sample 1
SOC Reporting Requirements. Service Organizations hosting software services off campus are required to submit a Service Organization Control (SOC) Report type 2 or 3 per the IT Security Manual prior to issuance of the Purchase Order. Such audits shall be performed at least annually during the term of the contract and the report of the audit submitted to YSU. The Contractor shall agree to implement recommendations as suggested by the audits within three months of report issuance at no cost to YSU.
Sample 1

Related to SOC Reporting Requirements

  • Reporting Requirements The Company, during the period when the Prospectus is required to be delivered under the 1933 Act or the 1934 Act, will file all documents required to be filed with the Commission pursuant to the 1934 Act within the time periods required by the 1934 Act and the 1934 Act Regulations.

  • Additional Reporting Requirements Contractor agrees to submit written quarterly reports to H-GAC detailing all transactions during the previous three (3) month period. Reports must include, but are not limited, to the following information: a. Customer Name b. Product/Service purchased, including Product Code if applicable c. Customer Purchase Order Number

  • Reporting Requirement (1) In the event the Contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the Contractor is notified of such by a subcontractor at any tier or by any other source, the Contractor shall report the information in paragraph (d)(2) of this clause to the Contracting Officer, unless elsewhere in this contract are established procedures for reporting the information; in the case of the Department of Defense, the Contractor shall report to the website at xxxxx://xxxxxx.xxx.xxx. For indefinite delivery contracts, the Contractor shall report to the Contracting Officer for the indefinite delivery contract and the Contracting Officer(s) for any affected order or, in the case of the Department of Defense, identify both the indefinite delivery contract and any affected orders in the report provided at xxxxx://xxxxxx.xxx.xxx. (2) The Contractor shall report the following information pursuant to paragraph (d)(1) of this clause (i) Within one business day from the date of such identification or notification: the contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier Commercial and Government Entity (CAGE) code (if known); brand; model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended. (ii) Within 10 business days of submitting the information in paragraph (d)(2)(i) of this clause: any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use or submission of covered telecommunications equipment or services.

  • Financial Reporting Requirements The Charter School shall follow the financial requirements of the Charter Schools Section of the Department’s Financial Management for Georgia Local Units of Administration Manual. The Charter School shall submit all information required by the State Accounting Office for inclusion in the State of Georgia Comprehensive Annual Financial Report.

  • Special Reporting Requirements Reports must be prepared using forms and procedures prescribed by OHA. Forms are located at xxxx://xxx.xxxxxx.xxx/OHA/HSD/AMH/Pages/Reporting- Requirements.aspx. (1) Within 30 calendar days of the County providing A&D 63 Services, County shall prepare and electronically submit a written entry baseline assessment report to xxxxxxxxxxx.xxxxxxxxxxxxx@xxxxxx.xxxxx.xx.

  • General Reporting Requirements The MA-PD Sponsor agrees to submit to information to CMS according to 42 CFR §§423.505(f), 423.514, and the “Final Medicare Part D Reporting Requirements,” a document issued by CMS and subject to modification each program year.

  • Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.

  • Compliance with Reporting Requirements The Company is subject to and in full compliance with the reporting requirements of Section 13 or Section 15(d) of the Exchange Act.

  • Other Reporting Requirements ‌ The following describes certain other reports required under this Contract:

  • Filing Requirements Escrow securities will not be released under this Part until the Issuer does the following: (a) at least 20 days before the date of the first release of escrow securities under the new release schedule, files with the securities regulators in the jurisdictions in which it is a reporting issuer (i) a certificate signed by a director or officer of the Issuer authorized to sign stating (A) that the Issuer has become an established issuer by satisfying one of the conditions in section 3.1 and specifying the condition, and (B) the number of escrow securities to be released on the first release date under the new release schedule, and (ii) a copy of a letter or other evidence from the exchange or quotation service confirming that the Issuer has satisfied the condition to become an established issuer; and (b) at least 10 days before the date of the first release of escrow securities under the new release schedule, issues and files with the securities regulators in the jurisdictions in which it is a reporting issuer a news release disclosing details of the first release of the escrow securities and the change in the release schedule, and sends a copy of such filing to the Escrow Agent.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!