Subprocessor For the purposes of this DPA, the term “Subprocessor” (sometimes referred to as the “Subcontractor”) means a party other than LEA or Provider, who Provider uses for data collection, analytics, storage, or other service to operate and/or improve its service, and who has access to Student Data.
Subprocessors Provider shall enter into written agreements with all Subprocessors performing functions for the Provider in order for the Provider to provide the Services pursuant to the Service Agreement, whereby the Subprocessors agree to protect Student Data in a manner no less stringent than the terms of this DPA.
System Access Control Data processing systems used to provide the Cloud Service must be prevented from being used without authorization.
Network Access Control The VISION Web Site and the Distribution Support Services Web Site (the “DST Web Sites”) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All “listeners,” other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
Approved Services; Additional Services Registry Operator shall be entitled to provide the Registry Services described in clauses (a) and (b) of the first paragraph of Section 2.1 in the Specification 6 attached hereto (“Specification 6”) and such other Registry Services set forth on Exhibit A (collectively, the “Approved Services”). If Registry Operator desires to provide any Registry Service that is not an Approved Service or is a material modification to an Approved Service (each, an “Additional Service”), Registry Operator shall submit a request for approval of such Additional Service pursuant to the Registry Services Evaluation Policy at xxxx://xxx.xxxxx.xxx/en/registries/rsep/rsep.html, as such policy may be amended from time to time in accordance with the bylaws of ICANN (as amended from time to time, the “ICANN Bylaws”) applicable to Consensus Policies (the “RSEP”). Registry Operator may offer Additional Services only with the written approval of ICANN, and, upon any such approval, such Additional Services shall be deemed Registry Services under this Agreement. In its reasonable discretion, ICANN may require an amendment to this Agreement reflecting the provision of any Additional Service which is approved pursuant to the RSEP, which amendment shall be in a form reasonably acceptable to the parties.
Service Level Agreement 6.1 NCR Voyix will use commercially reasonable efforts to make the Service available to you at or above the Availability Rate set forth at xxxxx://xxx.xxx.xxx/support/aloha-sla. If NCR Voyix does not meet the Availability Rate, you are entitled to request a service-level credit subject to the terms of this Agreement. This credit is calculated as a percentage of the monthly recurring bill (or monthly pro rata share of billing, if billing does not occur monthly) for the Service for the month in which the Availability Rate was not met. The Availability Rate is determined by: (a) dividing the total number of valid outage minutes in a calendar month by the total number of minutes in that month; (b) subtracting that quotient from 1.00; (c) multiplying that difference by 100; and (d) rounding that result to two decimal places in accordance with standard rounding conventions. The number of outage minutes per day for a given service is determined by the lesser of the number of outage minutes. 6.2 Unavailability due to other conditions or caused by factors outside of NCR Voyix’s reasonable control will not be included in the calculation of the Availability Rate. Further, the following are expressly excluded from the calculation of the Availability Rate: (a) service unavailability affecting services or application program interfaces that are not used by you; (b) cases where fail-over to another data center is available but not utilized; (c) transient time-outs, required re-tries, or slower-than-normal response caused by factors outside of NCR Voyix’s reasonable control; (d) Scheduled Downtime, including maintenance and upgrades; (e) force majeure; (f) transmission or communications outages outside the NCR Voyix- controlled environment; (g) store-level down-time caused by factors outside of NCR Voyix’s reasonable control; (h) outages attributable to services, hardware, or software not provided by NCR Voyix, including, but not limited to, issues resulting from inadequate bandwidth or related to third-party software or services; (i) use of the Service in a manner inconsistent with the documentation for the application program interface or the NCR Voyix Product; (j) your Point of Sale (“POS”) failure or the failure to properly maintain the POS environment, including updating the POS firmware or version of the software running on the POS as recommended by either NCR Voyix, a third-party POS reseller or servicer; and (k) issues related to third party domain name system (“DNS”) errors or failures. 6.3 To obtain a service-level credit, you must submit a claim by contacting NCR Voyix through the website at xxxxx://xxx.xxx.xxx/support/aloha-sla Your failure to provide the claim and other information will disqualify you from receiving a credit. NCR Voyix must receive claims within 60 days from the last day of the impacted month. After that date, claims are considered waived and will be refused. You must be in compliance with the Agreement in order to be eligible for a service-level credit. You may not unilaterally offset for any performance or availability issues any amount owed to NCR Voyix. If multiple Services experience an outage in a given month, the total credit for that month will be the highest credit allowed for any single Service which failed; there is no stacking of credits. 6.4 The remedies set forth in the Section are your sole and exclusive remedies for performance or availability issues affecting the Services, including any failure by NCR Voyix to achieve the Availability Rate.
Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage.
REMOTE ACCESS SERVICES ADDENDUM The Custodian and each Fund agree to be bound by the terms of the Remote Access Services Addendum hereto.
COMMENCEMENT OF WORK UNDER A SOW AGREEMENT Commencement of work as a result of the SOW-RFP process shall be initiated only upon issuance of a fully executed SOW Agreement and Purchase Order.
Subprocessing The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.