Personnel Controls The County Department/Agency agrees to advise County Workers who have access to Pll, of the confidentiality of the information, the safeguards required to protect the information, and the civil and criminal sanctions for non- compliance contained in applicable federal and state laws. For that purpose, the County Department/Agency shall implement the following personnel controls:
Audit Controls P. Contractor agrees to an annual system security review by the County to assure that systems processing and/or storing Medi-Cal PII are secure. This includes audits and keeping records for a period of at least three (3) years. A routine procedure for system review to catch unauthorized access to Medi-Cal PII shall be established by the Contractor.
Input Control The possibility to subsequently verify and determine whether, and by whom, personal data was entered into, changed or removed from data processing systems must be ensured. • Definition of entry authorisation • Logging of logins
Expansive Controls Where the capability exists, originating or terminating traffic reroutes may be implemented by either Party to temporarily relieve network congestion due to facility failures or abnormal calling patterns. Reroutes will not be used to circumvent normal trunk servicing. Expansive controls will only be used when mutually agreed to by the Parties.
Administrative Controls The Contractor must have the following controls in place:
Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
Internal Controls The Company shall maintain a system of internal accounting controls sufficient to provide reasonable assurances that: (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary in order to permit preparation of financial statements in accordance with GAAP and to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
Agreement Controls In the event that any term of any of the Loan Documents other than this Agreement conflicts with any express term of this Agreement, the terms and provisions of this Agreement shall control to the extent of such conflict.
Programme Management The Government will establish a programme management office and the Council will be able to access funding support to participate in the reform process. The Government will provide further guidance on the approach to programme support, central and regional support functions and activities and criteria for determining eligibility for funding support. This guidance will also include the specifics of any information required to progress the reform that may be related to asset quality, asset value, costs, and funding arrangements.
Personal Controls a. Employee Training. All workforce members who assist in the performance of functions or activities on behalf of COUNTY in connection with Agreement, or access or disclose PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, must complete information privacy and security training, at least annually, at CONTRACTOR’s expense. Each workforce member who receives information privacy and security training must sign a certification, indicating the member’s name and the date on which the training was completed. These certifications must be retained for a period of six (6) years following the termination of Agreement.