Standard of Care and Ongoing Compliance Sample Clauses

Standard of Care and Ongoing Compliance. 9.2.1 Contractor shall ensure that its performance of Services under this Agreement and that its development, maintenance, and operation of the System shall meet all industry, state, and federal security standards concerning the creation, collection, receipt, use, access, and disclosure of Personal Information. Contractor shall meet or exceed State of New Mexico and NMHIX security standards and policies. Once established, no security provisions for firewalls, client and server computers, user profiles and controls shall be modified without written NMHIX approval. At a minimum, Contractor shall ensure the security of the System complies with the following regulations and publications: Federal: • 45 C.F.R. 155.260; • MARS-E Version 2.0, as amended; • 45 CFR 95.621(f) ADP System Security Requirements and Review Process; • Standards defined in Federal Information Processing Standards (FIPS) issued by the National Institute of Standards and Technology (NIST); • NIST Special Publication 800-111 Storage Encryption Technologies for End User Devices; • NIST SP 800-52, 800-77 or 800-113 Valid encryption processes for data in motion; • NIST 800-53 Information Security; • NIST Cryptographic Module Validation List (xxxx://xxxx.xxxx.xxx/groups/STM/cmvp/validation.html); • FIPS PUB 112 Password Usage Procedure; • FIPS PUB 186-3 Digital Signature Standard June 2009; • Records Usage, Duplication, Retention, Re-disclosure and Timely Destruction Procedures/Restrictions 5 U.S.C. 552a (o)(1)(F), (H) and (I); • IRS Pub 1075; • Federal Records Retention Schedule 44 U.S.C. 3303a; • Privacy Act of 1974 at 5 U.S.C. 552a; • Computer Matching and Privacy Protection Act of 1988 (CMPPA); • Federal Information Security Management (FISMA); • SSA Information System Security Guidelines for Federal, State, and Local Agencies; • Child Online Privacy Protection Act; • Title XIX Confidentiality Rules; • HIPAA and associated HIPAA Security Rule found at 45 CFR Part 160 and Subparts A and C of Part 164; and • Title XXI. State: • NMHIX Privacy and Security Standards (attached hereto as Exhibit ); and
Sample 1
AutoNDA by SimpleDocs

Related to Standard of Care and Ongoing Compliance

  • PCI Compliance A. The Acquiring Bank will provide The Merchant with appropriate training on PCI PED and/or DSS rules and regulations in respect of The Merchants obligations. Initial training will be provided and at appropriate intervals as and when relevant changes are made to such rules and regulations.

  • HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.

  • Privacy Compliance The Provider shall comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security, all as may be amended from time to time.

  • Requirement to Utilize HUB Compliance Reporting System Pursuant to Texas Administrative Code, Title 34, Part 1, Sections 20.285(f) and 20.287(b), TFC administers monthly administration HSP-PAR compliance monitoring through its HUB Compliance Reporting System commonly known as B2G. PSP and PSP’s subcontractors/subconsultants shall submit required PAR information into the B2G system. Any delay in the timely submission of PAR information into the B2G system will be treated as an invoicing error subject to dispute under Texas Government Code Section 2251.042.

  • Standards Compliance DNS. Registry Operator shall comply with relevant existing RFCs and those published in the future by the Internet Engineering Task Force (IETF), including all successor standards, modifications or additions thereto relating to the DNS and name server operations including without limitation RFCs 1034, 1035, 1123, 1982, 2181, 2182, 2671, 3226, 3596, 3597, 4343, and 5966. DNS labels may only include hyphens in the third and fourth position if they represent valid IDNs (as specified above) in their ASCII encoding (e.g., “xn--ndk061n”).

  • DBE/HUB Compliance The Engineer’s subcontracting program shall comply with the requirements of Attachment H of the contract (DBE/HUB Requirements).

  • OSHA Compliance To the extent applicable to the services to be performed under this Agreement, Contractor represents and warrants, that all articles and services furnished under this Agreement meet or exceed the safety standards established and promulgated under the Federal Occupational Safety and Health Law (Public Law 91-596) and its regulations in effect or proposed as of the date of this Agreement.

  • Ethics and Compliance This trial will be conducted in accordance with the ethical principles that have their origin in the Declaration of Helsinki and the referenced directives, regulations, guidelines, and/or standards.

  • Strict Compliance Funds or credit balances held by Securities Intermediary in the Reserve Account shall not be (i) invested or reinvested, (ii) sold or redeemed, or (iii) transferred from the Reserve Account, in either case except as provided in this Section 4.

  • Significant Non-Compliance a) A Competent Authority shall notify the Competent Authority of the other Party when the first-mentioned Competent Authority has determined that there is significant non-compliance with the obligations under this Agreement with respect to a Reporting Financial Institution in the other jurisdiction. The Competent Authority of such other Party shall apply its domestic law (including applicable penalties) to address the significant non-compliance described in the notice.

Time is Money Join Law Insider Premium to draft better contracts faster.