Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.
TIA Controls If any provision of this Indenture limits, qualifies, or conflicts with another provision which is required to be included in this Indenture by the TIA, the required provision shall control.
Input Control The possibility to subsequently verify and determine whether, and by whom, personal data was entered into, changed or removed from data processing systems must be ensured. • Definition of entry authorisation • Logging of logins
Administrative Controls The Contractor must have the following controls in place: a. A documented security policy governing the secure use of its computer network and systems, and which defines sanctions that may be applied to Contractor staff for violating that policy. b. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data. c. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data.
Access Controls The system providing access to PHI COUNTY discloses to 20 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY 21 must use role based access controls for all user authentications, enforcing the principle of least privilege.
Internal Controls The Company shall maintain a system of internal accounting controls sufficient to provide reasonable assurances that: (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary in order to permit preparation of financial statements in accordance with GAAP and to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
Agreement Controls In the event that any term of any of the Loan Documents other than this Agreement conflicts with any express term of this Agreement, the terms and provisions of this Agreement shall control to the extent of such conflict.
Personal Controls a. Employee Training. All workforce members who assist in the performance of functions or activities on behalf of COUNTY in connection with Agreement, or access or disclose PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, must complete information privacy and security training, at least annually, at CONTRACTOR’s expense. Each workforce member who receives information privacy and security training must sign a certification, indicating the member’s name and the date on which the training was completed. These certifications must be retained for a period of six (6) years following the termination of Agreement.
Operational Control Directing the operation of the Transmission Facilities Under ISO Operational Control to maintain these facilities in a reliable state, as defined by the Reliability Rules. The ISO shall approve operational decisions concerning these facilities, made by each Transmission Owner before the Transmission Owner implements those decisions. In accordance with ISO Procedures, the ISO shall direct each Transmission Owner to take certain actions to restore the system to the Normal State. Operational Control includes security monitoring, adjustment of generation and transmission resources, coordination and approval of changes in transmission status for maintenance, determination of changes in transmission status for reliability, coordination with other Control Areas, voltage reductions and Load Shedding, except that each Transmission Owner continues to physically operate and maintain its facilities.
Internal Control Effective control and accountability must be maintained for all cash, real and personal property, and other assets. Grantee must adequately safeguard all such property and must provide assurance that it is used solely for authorized purposes. Grantee must also have systems in place that provide reasonable assurance that the information is accurate, allowable, and compliant with the terms and conditions of this Agreement. 2 CFR 200.303.