Site Security While providing services at a DSHS location, the Contractor, its agents, employees, or Subcontractors shall conform in all respects with physical, fire, or other security regulations specific to the DSHS location.
Security Rule “Security Rule” shall mean the Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
SOFTWARE SECURITY If applicable, BA warrants that software security features will be compatible with the CE’s HIPAA compliance requirements. This HIPAA Business Associate Agreement-Addendum shall supersede any prior HIPAA Business Associate Agreements between CE and BA.
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
STATE SECURITY 4.01 Nothing in this Agreement shall be construed as requiring the Employer to do or refrain from doing anything contrary to any instruction, direction or regulations given or made by or on behalf of the Government of Canada in the interest of the safety or security of Canada or any state allied or associated with Canada.
Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.
Resolution of Conflicts of Interest; Standards of Conduct and Modification of Duties (a) Unless otherwise expressly provided in this Agreement or any Group Member Agreement, whenever a potential conflict of interest exists or arises between the General Partner or any of its Affiliates, on the one hand, and the Partnership, any Group Member or any Partner, on the other, any resolution or course of action by the General Partner or its Affiliates in respect of such conflict of interest shall be permitted and deemed approved by all Partners, and shall not constitute a breach of this Agreement, of any Group Member Agreement, of any agreement contemplated herein or therein, or of any duty stated or implied by law or equity, if the resolution or course of action in respect of such conflict of interest is (i) approved by Special Approval, (ii) approved by the vote of a majority of the Common Units (excluding Common Units owned by the General Partner and its Affiliates), (iii) on terms no less favorable to the Partnership than those generally being provided to or available from unrelated third parties or (iv) fair and reasonable to the Partnership, taking into account the totality of the relationships between the parties involved (including other transactions that may be particularly favorable or advantageous to the Partnership). The General Partner shall be authorized but not required in connection with its resolution of such conflict of interest to seek Special Approval of such resolution, and the General Partner may also adopt a resolution or course of action that has not received Special Approval. If Special Approval is not sought and the Board of Directors of the General Partner determines that the resolution or course of action taken with respect to a conflict of interest satisfies either of the standards set forth in clauses (iii) or (iv) above, then it shall be presumed that, in making its decision, the Board of Directors of the General Partner acted in good faith, and in any proceeding brought by any Limited Partner or by or on behalf of such Limited Partner or any other Limited Partner or the Partnership challenging such approval, the Person bringing or prosecuting such proceeding shall have the burden of overcoming such presumption. Notwithstanding anything to the contrary in this Agreement or any duty otherwise existing at law or equity, the existence of the conflicts of interest described in the Registration Statement are hereby approved by all Partners and shall not constitute a breach of this Agreement.
(b) Whenever the General Partner makes a determination or takes or declines to take any other action, or any of its Affiliates causes it to do so, in its capacity as the general partner of the Partnership as opposed to in its individual capacity, whether under this Agreement, any Group Member Agreement or any other agreement contemplated hereby or otherwise, then, unless another express standard is provided for in this Agreement, the General Partner, or such Affiliates causing it to do so, shall make such determination or take or decline to take such other action in good faith and shall not be subject to any other or different standards imposed by this Agreement, any Group Member Agreement, any other agreement contemplated hereby or under the Delaware Act or any other law, rule or regulation or at equity. In order for a determination or other action to be in “good faith” for purposes of this Agreement, the Person or Persons making such determination or taking or declining to take such other action must believe that the determination or other action is in the best interests of the Partnership, unless the context otherwise requires.
(c) Whenever the General Partner makes a determination or takes or declines to take any other action, or any of its Affiliates causes it to do so, in its individual capacity as opposed to in its capacity as the general partner of the Partnership, whether under this Agreement, any Group Member Agreement or any other agreement contemplated hereby or otherwise, then the General Partner, or such Affiliates causing it to do so, are entitled to make such determination or to take or decline to take such other action free of any fiduciary duty or obligation whatsoever to the Partnership, any Limited Partner, and the General Partner, or such Affiliates causing it to do so, shall not be required to act in good faith or pursuant to any other standard imposed by this Agreement, any Group Member Agreement, any other agreement contemplated hereby or under the Delaware Act or any other law, rule or regulation or at equity. By way of illustration and not of limitation, whenever the phrase, “at the option of the General Partner,” or some variation of that phrase, is used in this Agreement, it indicates that the General Partner is acting in its individual capacity. For the avoidance of doubt, whenever the General Partner votes or transfers its Partnership Interests, or refrains from voting or transferring its Partnership Interests, it shall be acting in its individual capacity.
(d) Notwithstanding anything to the contrary in this Agreement, the General Partner and its Affiliates shall have no duty or obligation, express or implied, to (i) sell or otherwise dispose of any asset of the Partnership Group other than in the ordinary course of business or (ii) permit any Group Member to use any facilities or assets of the General Partner and its Affiliates, except as may be provided in contracts entered into from time to time specifically dealing with such use. Any determination by the General Partner or any of its Affiliates to enter into such contracts shall be at its option.
(e) Except as expressly set forth in this Agreement, neither the General Partner nor any other Indemnitee shall have any duties or liabilities, including fiduciary duties, to the Partnership or any Limited Partner and the provisions of this Agreement, to the extent that they restrict, eliminate or otherwise modify the duties and liabilities, including fiduciary duties, of the General Partner or any other Indemnitee otherwise existing at law or in equity, are agreed by the Partners to replace such other duties and liabilities of the General Partner or such other Indemnitee.
(f) The Unitholders hereby authorize the General Partner, on behalf of the Partnership as a partner or member of a Group Member, to approve of actions by the general partner or managing member of such Group Member similar to those actions permitted to be taken by the General Partner pursuant to this Section 7.9.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
