Security Controls Annually, upon Fund’s reasonable request, Transfer Agent shall provide Fund’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent’s Security Policy and an opportunity to discuss Transfer Agent’s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent’s information technology management team. Transfer Agent shall review its Security Policy annually.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.
Paper Document Controls In order to comply with the following paper document controls, the Contractor agrees to:
Financial Controls At all times, the Charter School shall maintain appropriate governance and managerial procedures and financial controls which procedures and controls shall include, but not be limited to: (1) commonly accepted accounting practices and the capacity to implement them (2) a checking account; (3) adequate payroll procedures; (4) procedures for the creation and review of monthly and quarterly financial reports, which procedures shall specifically identify the individual who will be responsible for preparing such financial reports in the following fiscal year; (5) internal control procedures for cash receipts, cash disbursements and purchases; and (6) maintenance of asset registers and financial procedures for grants in accordance with applicable state and federal law.
Data Integrity Control Personal Data will remain intact, complete and current during processing activities.
Audit Controls P. Contractor agrees to an annual system security review by the County to assure that systems processing and/or storing Medi-Cal PII are secure. This includes audits and keeping records for a period of at least three (3) years. A routine procedure for system review to catch unauthorized access to Medi-Cal PII shall be established by the Contractor.
Operator’s Security Contact Information Xxxxxxx X. Xxxxxxx Named Security Contact xxxxxxxx@xxxxxxxxx.xxx Email of Security Contact (000) 000-0000 Phone Number of Security Contact
Administrative Controls The Contractor must have the following controls in place:
Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
