DTC DIRECT REGISTRATION SYSTEM AND PROFILE MODIFICATION SYSTEM (a) Notwithstanding the provisions of Section 2.04, the parties acknowledge that the Direct Registration System (“DRS”) and Profile Modification System (“Profile”) shall apply to uncertificated American Depositary Shares upon acceptance thereof to DRS by DTC. DRS is the system administered by DTC pursuant to which the Depositary may register the ownership of uncertificated American Depositary Shares, which ownership shall be evidenced by periodic statements issued by the Depositary to the Owners entitled thereto. Profile is a required feature of DRS which allows a DTC participant, claiming to act on behalf of an Owner of American Depositary Shares, to direct the Depositary to register a transfer of those American Depositary Shares to DTC or its nominee and to deliver those American Depositary Shares to the DTC account of that DTC participant without receipt by the Depositary of prior authorization from the Owner to register such transfer.
(b) In connection with and in accordance with the arrangements and procedures relating to DRS/Profile, the parties understand that the Depositary will not verify, determine or otherwise ascertain that the DTC participant which is claiming to be acting on behalf of an Owner in requesting a registration of transfer and delivery as described in subsection (a) has the actual authority to act on behalf of the Owner (notwithstanding any requirements under the Uniform Commercial Code). For the avoidance of doubt, the provisions of Sections 5.03 and 5.08 shall apply to the matters arising from the use of the DRS. The parties agree that the Depositary’s reliance on and compliance with instructions received by the Depositary through the DRS/Profile System and in accordance with this Deposit Agreement shall not constitute negligence or bad faith on the part of the Depositary.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Procedures for Providing NP Through Full NXX Code Migration Where a Party has activated an entire NXX for a single Customer, or activated at least eighty percent (80%) of an NXX for a single Customer, with the remaining numbers in that NXX either reserved for future use by that Customer or otherwise unused, if such Customer chooses to receive Telephone Exchange Service from the other Party, the first Party shall cooperate with the second Party to have the entire NXX reassigned in the LERG (and associated industry databases, routing tables, etc.) to an End Office operated by the second Party. Such transfer will be accomplished with appropriate coordination between the Parties and subject to appropriate industry lead times for movements of NXXs from one switch to another. Neither Party shall charge the other in connection with this coordinated transfer.
Safeguarding and Protecting Children and Vulnerable Adults The Supplier will comply with all applicable legislation and codes of practice, including, where applicable, all legislation and statutory guidance relevant to the safeguarding and protection of children and vulnerable adults and with the British Council’s Child Protection Policy, as notified to the Supplier and amended from time to time, which the Supplier acknowledges may include submitting to a check by the UK Disclosure & Barring Service (DBS) or the equivalent local service; in addition, the Supplier will ensure that, where it engages any other party to supply any of the Services under this Agreement, that that party will also comply with the same requirements as if they were a party to this Agreement.
Meteorological Data Reporting Requirement (Applicable to wind generation facilities only)
Data Universal Number System (DUNS) number Requirement Grantee will provide their valid DUNS number contemporaneous with execution of this Agreement.
Exceptional Access to Thick Registration Data In case of a registrar failure, deaccreditation, court order, etc. that prompts the temporary or definitive transfer of its domain names to another registrar, at the request of ICANN, Registry Operator will provide ICANN with up-‐to-‐date data for the domain names of the losing registrar. The data will be provided in the format specified in Specification 2 for Data Escrow. The file will only contain data related to the domain names of the losing registrar. Registry Operator will provide the data as soon as commercially practicable, but in no event later than five (5) calendar days following ICANN’s request. Unless otherwise agreed by Registry Operator and ICANN, the file will be made available for download by ICANN in the same manner as the data specified in Section 3.1 of this Specification.
Workstation/Laptop encryption All workstations and laptops that process and/or store DHCS PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the DHCS Information Security Office.
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
System Logging The system must maintain an automated audit trail which can 20 identify the user or system process which initiates a request for PHI COUNTY discloses to 21 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, 22 or which alters such PHI. The audit trail must be date and time stamped, must log both successful and 23 failed accesses, must be read only, and must be restricted to authorized users. If such PHI is stored in a 24 database, database logging functionality must be enabled. Audit trail data must be archived for at least 3 25 years after occurrence.
