Authorization & Access Management Sample Clauses

Authorization & Access Management. A. All access requests must be documented and approved, using the appropriate forms located on the Intranet, according to SVHC procedures. B. Authorization and access management procedures must follow the least privileges /minimum necessary information requirements of the HIPAA Privacy Rule. C. Access must be granted and used only for authorized business purposes. D. User IDs and passwords, or other authentication methods must uniquely identify individuals accessing ePHI. E. Sharing a user ID or using another user's ID is prohibited. F. Users are responsible for all activities performed under their user IDs. G. All user passwords must be kept confidential, must be periodically changed, and are not to be shared with any other individual. H. Passwords must be at least 8 characters in length or the maximum length allowed by an application. The configuration and/or use of strong passwords are required when technically and operationally feasible. I. A password must be changed if the security of the password is believed to be breached or compromised. J. Whenever possible, user IDs must not give any indication of administrative privilege level assigned to the account. K. Users must log out or invoke a password protected screen saver or equivalent when leaving a workstation unattended. L. Auto logoff must be implemented whenever technically feasible.
View SourceView Similar (2)

Related to Authorization & Access Management

  • Access Management The Engineer shall coordinate and evaluate access management within the project limits in accordance with the latest State Access Management Manual or as directed by the State.

  • Authorization of Services a. The Contractor and its subcontractors shall have in place, and follow, written authorization policies and procedures. b. The Contractor shall have in effect mechanisms to ensure consistent application of review criteria for authorization decisions. c. The Contractor shall consult with the requesting provider for medical services when appropriate. d. Any decision to deny a service authorization request or to authorize a service in an amount, duration, or scope that is less than requested, shall be made by an individual who has appropriate expertise in addressing the beneficiary’s medical and behavioral health.

  • Cloud Computing State Risk and Authorization Management Program In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.0593, Contractor acknowledges and agrees that, if providing cloud computing services for System Agency, Contractor must comply with the requirements of the state risk and authorization management program and that System Agency may not enter or renew a contract with Contractor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless Contractor demonstrates compliance with program requirements. If providing cloud computing services for System Agency that are subject to the state risk and authorization management program, Contractor certifies it will maintain program compliance and certification throughout the term of the Contract.

  • Cloud Computing State Risk and Authorization Management Program (TX-RAMP In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.0593, Contractor acknowledges and agrees that, if providing cloud computing services for System Agency, Contractor must comply with the requirements of the state risk and authorization management program and that System Agency may not enter or renew a contract with Contractor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless Contractor demonstrates compliance with program requirements. If providing cloud computing services for System Agency that are subject to the state risk and authorization management program, Contractor certifies it will maintain program compliance and certification throughout the term of the Contract.

  • Coordination, Oversight and Monitoring of Service Providers As set forth in the Administrative Services Agreement between the Fund and CRMC, CRMC shall coordinate, monitor and oversee the activities performed by the Service Providers with which AFS contracts. AFS shall monitor Service Providers’ provision of services including the delivery of Customer account statements and all Fund-related material, including summary prospectuses and/or prospectuses, shareholder reports, and proxies.