Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means.
2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable).
3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically.
4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
Health, Safety and Security 14.1 The Employer recognizes a responsibility to provide an environment intended to protect the health, safety and security of Members as they carry out their responsibilities. To that end, the Employer agrees:
(a) to maintain a Joint Health and Safety Committee (the JHSC) with broad representation drawn from all sectors of the University, including at least one (1) person appointed by the Association;
(b) to cooperate with the Association in making every reasonable provision for the safety, health and security of Members;
(c) to take reasonable measures to maintain the security of the buildings and grounds while at the same time maintaining reasonable access for Members who have a need for such access at times other than during regular working hours;
(d) to ensure that the Association has the right to appoint at least one (1) person to any representative committee whose terms of reference specifically include the health, safety or security of Members as they carry out their responsibilities;
(e) to comply with the Occupational Health and Safety Act, R.S.O. 1990, and relevant regulations thereto, as amended from time to time (the “Act”);
(f) that Members may refuse unsafe work pursuant to and in accordance with the relevant provisions of the Act for so doing;
(g) that Members report any known or potential dangers to their Xxxx;
(h) In addition, the Employer agrees:
i) to provide Members with health and safety training, personal protective equipment, and access to health and safety programs, policies and procedures;
ii) to provide resources for the JHSC;
iii) to compensate a CASBU Member who is eligible to be, and serves as, the person appointed by the Association to the JHSC when that service is outside the period of the Member’s contract;
iv) to provide training for the person appointed by the Association to the JHSC directly related to their duties and responsibilities in connection with the JHSC;
v) to recognize a JHSC Member’s right to be present during workplace safety testing and audits and receive written copies of any reports and recommendations from the testing/audits and a copy of a draft report if one is provided to the Employer;
vi) to recognize a JHSC Member’s right to have advance notice when advance notice is given by the Ministry of Labour of any Ministry of Labour inspection and to accompany a Ministry of Labour Inspector during an inspection and receive a copy of any report produced by the inspector.
14.2 The parties agree that all personal communications must adhere to the Personal Harassment and Discrimination Policy and the Nipissing University Acceptable Use Policy. Effective June 10, 2006, universities are subject to the Freedom of Information and Protection of Privacy Act (FIPPA). All records in the custody and control of the University will be subject to FIPPA with exceptions as defined by the Act. Persons may request and have a right to access University information or records. A record is defined under the Act as any record of information however recorded, whether in printed or electronic form, film, or otherwise and includes drafts, post-it notes, margin notes, hard drive files, emails, voice mails, electronic agendas, address books, and recording devices.
14.3 Unless required under FIPPA, and for the purposes of this Article, files are documents under a Member’s control and stored on University property, either in paper or electronic form. Such files do not include the Member’s official file in the Xxxx’x office nor the Personnel File of the Member in the Human Resources office.
14.4 On termination of a Member’s employment for any reason other than cause, the Employer will permit, by appointment only, accompanied access for a period of fifteen (15) working days (or longer with the agreement of the Xxxx) by the former Member or the Member’s executors to the Member’s files, whether in paper or electronic format. The purpose of the allowed access is for transferring required documents to other faculty, the Chair, or the Xxxx. Where files are not required to support continued student academic needs or ongoing operational requirements, the former Member or designate may remove or destroy their personal files. Items that are clearly of a personal nature or are owned by the former Member such as furniture, pictures, books, etc., may be removed at this time.
Credentialing Firm shall be required to access Citizens’ online vendor credentialing system (“CAIS”) to input, update and maintain certain information about Firm and the persons who will perform work related to this Agreement (“Staff”), as provided below and in Exhibit B attached hereto.
Water Quality 8.1. The Supply shall comply with the quality standards imposed by the Act and the Water Quality Regulations, PROVIDED ALWAYS that where a particular standard is the subject of a legal instrument accepted or issued by the Secretary of State or the Chief Inspector of Drinking Water under the provisions of the Act or the Water Quality Regulations, compliance with the terms of the relevant legal instrument shall be deemed to be compliance with the relevant quality standard imposed by the Act or the Water Quality Regulations (as the case may be), in which case the Water Company shall provide the New Appointee with a certified copy of any such authorised departure or undertaking. Each party undertakes to keep the other party fully informed of any discussions which take place at any time hereafter with the Secretary of State for the proposed issue of a legal instrument and of the outcome thereof.
8.2. The Water Company shall act as a reasonable and prudent operator to ensure that the Water Company’s Distribution Network does not cause any contamination of the water in the New Appointee’s Water Distribution Network including suspending the Bulk Supply and, in any event, shall:
8.2.1. notify the New Appointee of the existence and cause (if known) of any contamination that it considers (acting as a reasonable and prudent operator) could affect the New Appointee’s Water Distribution Network as soon as practicable after the same have come to the Water Company’s attention; and
8.2.2. keep the New Appointee notified of the steps being taken to remedy the contamination.
8.3. Without prejudice to clause 8.1, the Water Company reserves the right to supply water of a different nature and composition or with different characteristics from that previously supplied where this results from the characteristics of the source or sources from which the Supply is taken, or the Water Company’s Distribution Network, beyond the reasonable control of the Water Company or if, in the due discharge of its statutory duty to supply water, it considers it necessary or desirable to do so acting reasonably and in good faith.
8.4. In addition, both parties agree to be bound by the provisions of the Water Quality Protocol or such modified version of such Water Quality Protocol as may from time to time be agreed in writing by the parties.
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Agricultural Export Subsidies 1. The Parties share the objective of the multilateral elimination of export subsidies for agricultural goods and shall work together toward an agreement in the WTO to eliminate those subsidies and prevent their reintroduction in any form.
2. Neither Party shall introduce or maintain any export subsidy on any agricultural good destined for the territory of the other Party.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Compliance Verification (a) The sub recipient shall periodically interview a sufficient number of employees entitled to DB prevailing wages (covered employees) to verify that contractors or subcontractors are paying the appropriate wage rates. As provided in 29 CFR 5.6(a)(6), all interviews must be conducted in confidence. The sub recipient must use Standard Form 1445 (SF 1445) or equivalent documentation to memorialize the interviews. Copies of the SF 1445 are available from EPA on request.
(b) The sub recipient shall establish and follow an interview schedule based on its assessment of the risks of noncompliance with DB posed by contractors or subcontractors and the duration of the contract or subcontract. Sub recipients must conduct more frequent interviews if the initial interviews or other information indicated that there is a risk that the contractor or subcontractor is not complying with DB. Sub recipients shall immediately conduct interviews in response to an alleged violation of the prevailing wage requirements. All interviews shall be conducted in confidence."
(c) The sub recipient shall periodically conduct spot checks of a representative sample of weekly payroll data to verify that contractors or subcontractors are paying the appropriate wage rates. The sub recipient shall establish and follow a spot check schedule based on its assessment of the risks of noncompliance with DB posed by contractors or subcontractors and the duration of the contract or subcontract. At a minimum, if practicable, the sub recipient should spot check payroll data within two weeks of each contractor or subcontractor’s submission of its initial payroll data and two weeks prior to the completion date the contract or subcontract. Sub recipients must conduct more frequent spot checks if the initial spot check or other information indicates that there is a risk that the contractor or subcontractor is not complying with DB. In addition, during the examinations the sub recipient shall verify evidence of fringe benefit plans and payments there under by contractors and subcontractors who claim credit for fringe benefit contributions.
(d) The sub recipient shall periodically review contractors and subcontractor’s use of apprentices and trainees to verify registration and certification with respect to apprenticeship and training programs approved by either the U.S Department of Labor or a state, as appropriate, and that contractors and subcontractors are not using disproportionate numbers of, laborers, trainees and apprentices. These reviews shall be conducted in accordance with the schedules for spot checks and interviews described in Item 5(b) and (c) above. •
(e) Sub recipients must immediately report potential violations of the DB prevailing wage requirements to the EPA DB contact listed above and to the appropriate DOL Wage and Hour District Office listed at xxxx://xxx.xxx.xxx/whd/america2.htm. “Contractor shall comply with all applicable standards, orders, or requirements issued under section 306 of the Clean Air Act (42 U.S.C. 1857(h)), section 508 of the Clean Water Act (33 • U.S.C. 1368), Executive Order 11738, and Environmental Protection Agency regulations (40 CFR part 15). (Awards to Contractors and Subcontractors in Excess of $100,000) The undersigned certifies, to the best of his or her knowledge and belief, that:
(1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan or cooperative agreement.
(2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, “Disclosure Form to Report Lobbying,” in accordance with its instructions.
(3) The undersigned shall require that the language of this certification be included in the award documents for all subawards at all tiers (including subcontracts, subgrants, and contracts under grants, loans, and cooperative agreements) and that all subrecipients shall certify and disclose accordingly. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by section 1352, title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. Title Date
