System of Records Notification Sample Clauses

System of Records Notification. (SORN). For each new development activity, each incremental system update, or system recertification, a PIA and SORN shall be evaluated. If the system (or modification) triggers a PIA the contractor shall support the development of PIA and SORN as required. The Privacy Act of 1974 requires the PIA and shall be part of the SDLC process performed at either System or Release Definition. • Contingency Plan (CP): This plan describes the steps to be taken to ensure that an automated system or facility can be recovered from service disruptions in the event of emergencies and/or disasters. The Contractor shall support annual contingency plan testing and shall provide a Contingency Plan Test Results Report. • Security Test and Evaluation (ST&E): This document evaluates each security control and countermeasure to verify operation in the manner intended. Test parameters are established based on results of the RA. An ST&E shall be conducted for each Major Application and each General Support System as part of the certification process. The Contractor shall support this process. • Risk Assessment (RA): This document identifies threats and vulnerabilities, assesses the impacts of the threats, evaluates in-place countermeasures, and identifies additional countermeasures necessary to ensure an acceptable level of security. The RA shall be completed after completing the NIST 800-53 evaluation, Contingency Plan Testing, and the ST&E. Identified weakness shall be documented in a Plan of Action and Milestone (POA&M) in the USCIS Trusted Agent FISMA (TAF) tool. Each POA&M entry shall identify the cost of mitigating the weakness and the schedule for mitigating the weakness, as well as a POC for the mitigation efforts. • Certification and Accreditation (C&A): This program establishes the extent to which a particular design and implementation of an automated system and the facilities housing that system meet a specified set of security requirements, based on the RA of security features and other technical requirements (certification), and the management authorization and approval of a system to process sensitive but unclassified information (accreditation). As appropriate the Contractor shall be granted access to the USCIS TAF and Risk Management System (RMS) tools to support C&A and its annual assessment requirements. Annual assessment activities shall include completion of the NIST 800-26 Self-Assessment in TAF, annual review of user accounts, and annual review of the FIPS cate...
Sample 1Sample 2
AutoNDA by SimpleDocs
System of Records Notification. Information obtained from this form is part of the Agency’s Privacy Act System of Records, Loan Systems (“SOR 21”) and may become part of SBA’s System of Records for Suspension and Debarment Files (“SOR 36”). As such this record and the information contained therein may be used, disclosed, or referred to See 77 FR 61467 (October 9, 2012), 77 FR 15835 (March 16, 2012), 74 FR 14890 (April 1, 2009) and as amended from time to time for additional background and other routine uses. • To the Federal, State, local or foreign agency or professional organization which investigates, prosecutes or enforces violations of statutes, rules, regulations or orders, or which undertakes procurement of goods or services, when SBA determines that disclosure will promote programmatic integrity or protect the public interest. • To SBA employees, contractors, interns, volunteers, and other regulators or legal authorities for the review of Loan Agent fees and activities and for the review of loans generated by Loan Agents (e.g. for performance and other trends). • To GSA and the public for publication of Loan Agent suspensions, revocations, debarments, other enforcement actions, and exclusions in the System Awards Management’s (XXX) Excluded Parties List System (EPLS) or any successor system and on the SBA website consistent with Executive Order 12549 and other applicable law. • To SBA employees, contractors, interns, volunteers and other regulators for regulatory purposes.
Sample 1
System of Records Notification. Information obtained from this form is part of the Agency’s Privacy Act Systems of
Sample 1
System of Records Notification. Information obtained from this form is part of the Agency’s Privacy Act Systems of Records (SOR), Disaster Loan Case Files – SBA 20 (and may become part of SBA’s System of Records for Suspension and Debarment Files SBA 36.) The information contained in the system of records may be used, disclosed, or referred as a routine matter in certain circumstances, including: • To the Federal, State, local or foreign agency or professional organization which investigates, prosecutes or enforces violations of statutes, rules, regulations or orders, or which undertakes procurement of goods or services, when SBA determines that disclosure will promote programmatic integrity or protect the public interest. See 74 FR 14890, 14911 (April 1, 2009) for additional routine uses.
Sample 1

Related to System of Records Notification

  • Review of Records Business Associate agrees to make internal practices, books, and records relating to the use and Disclosure of PHI received from, or created or received by Business Associate on behalf of Covered Entity available to Covered Entity, or at the request of Covered Entity to the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s compliance with the HIPAA Regulations. Business Associate agrees to make copies of its HIPAA training records and HIPAA business associate agreements with agents and subcontractors available to Covered Entity at the request of Covered Entity.

  • Marking of Records At its expense, the Seller will xxxx its master data processing records evidencing Pool Receivables and related Contracts with a legend evidencing that Receivable Interests related to such Pool Receivables and related Contracts have been sold in accordance with the Agreement.

  • Location of Records The offices where the initial Servicer keeps all of its records relating to the servicing of the Pool Receivables are located at Xxx XXX Xxxxxx, Xxxxxxx, XX 00000.

  • REMOVAL OF RECORDS FROM PREMISES Where performance of the Contract involves use by the Contractor (or the Contractor’s subsidiaries, affiliates, partners, agents or subcontractors) of Authorized User owned or licensed papers, files, computer disks or other electronic storage devices, data or records at Authorized User facilities or offices, or via remote access, the Contractor (or the Contractor’s subsidiaries, affiliates, partners, agents or subcontractors) shall not remotely access, modify, delete, copy or remove such Records without the prior written approval of the Authorized User. In no case, with or without the written approval of the Authorized User, can the Authorized User data be accessed, moved or sent outside the continental United States.

  • Inspection of Records Upon reasonable notice to the Administrative Trustees and the Property Trustee, the records of the Trust shall be open to inspection by Securityholders during normal business hours for any purpose reasonably related to such Securityholder's interest as a Securityholder.

  • Inspection of Records and Reports Every Trustee shall have the right at any reasonable time to inspect all books, records, and documents of every kind and the physical properties of the Trust. This inspection by a Trustee may be made in person or by an agent or attorney and the right of inspection includes the right to copy and make extracts of documents. No Shareholder shall have any right to inspect any account, book or document of the Trust that is not publicly available, except as conferred by the Trustees. The books and records of the Trust may be kept at such place or places as the Board of Trustees may from time to time determine, except as otherwise required by law.

  • PROFESSIONAL RECORDS You should be aware that, according to the rules of HIPAA, I keep Protected Health Information about you in two sets of professional records. One set constitutes your Clinical Record. It includes information about your reasons for seeking therapy, a description of the ways in which your problem impacts on your life, your diagnosis, the goals that we set for treatment, your progress towards those goals, your medical and social history, your treatment history, any past treatment records that I receive from other providers, reports of any professional consultations, your billing records, and any reports that have been sent to anyone, including reports to your insurance carrier. In addition, I also keep a set of Psychotherapy Notes. These Notes are for my own use and are designed to assist me in providing you with the best treatment, While the content of Psychotherapy Notes vary from client to client, they can include notes regarding the contents of our conversations, my analysis of those conversations, and how they impact on your therapy. They also can contain particularly sensitive information that you may reveal to me that is not required to be included in your Clinical Record. These Psychotherapy Notes are kept separate from your Clinical Record. While insurance companies can request and receive a copy of your Clinical Record, they cannot receive a copy of your Psychotherapy Notes without your signed, written Authorization. Insurance companies cannot require your Authorization as a condition of coverage nor penalize you in any way for your refusal. You may examine and/or receive a copy of both sets of records, if you request it in writing. Because these are professional records, they can be misinterpreted and/or upsetting to untrained readers. For this reason, I recommend that you initially review them in my presence, or have them forwarded to another mental health professional so you can discuss the contents. In most circumstances, I am allowed to charge a fee for copying records. The exceptions to this policy are contained in the Privacy Notice form. HIPAA provides you with several new or expanded rights with regard to your Clinical Record and disclosures of protected health information. These rights include requesting that I amend your record; requesting restrictions on what information from your Clinical Record is disclosed to others; requesting an accounting of most disclosures of Protected Health Information that you have neither consented to nor authorized; determining the location to which protected information disclosures are sent; having any complaints you make about my policies and procedures recorded in your records; and the right to a paper copy of this Agreement, the Privacy Notice form, and my privacy policies and procedures. I am happy to discuss any of these rights and/or issues with you. Patients under 18 years of age who are not emancipated and their parents should be aware that the law may allow parents to examine their child’s treatment records. Because privacy in psychotherapy is often crucial to successful progress, particularly with teenagers, it is sometimes my policy to request an agreement from parents that they consent to give up their access to their child’s records. If they agree, during treatment, I will typically provide them only with general information about the progress of the child’s treatment, and his/her attendance at scheduled sessions. I also may provide parents with a summary of their child’s treatment when it is complete. Most other communication will require the child’s Authorization, unless I feel that the child is in danger or is a danger to someone else, in which case, I will notify the parents of my concern. Before giving parents information, I will discuss the matter with the child, if possible, and do my best to handle any objections he/she may have.

  • COMPLIANCE WITH GOVERNMENTAL RULES AND REGULATIONS; RECORDS The Trust assumes full responsibility for its compliance with all securities, tax, commodities and other laws, rules and regulations applicable to it.

  • Identifying of Records The Servicer shall identify its master data processing records relating to Pool Receivables and related Contracts with a legend that indicates that the Pool Receivables have been pledged in accordance with this Agreement.

  • Notification Procedures To address non-compliance, the receiving Competent Authority would notify the providing Competent Authority pursuant to Article 5 of the IGA. The notification procedures would differ depending upon whether the receiving Competent Authority seeks to address administrative or other minor errors or significant non-compliance.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!