Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who ▇▇▇ may contact if there are any data security concerns or questions.
Acknowledgement and Consent to Bail-In of EEAAffected Financial Institutions Notwithstanding anything to the contrary in any Loan Document or in any other agreement, arrangement or understanding among any such parties, each party hereto acknowledges that any liability of any EEAAffected Financial Institution arising under any Loan Document may be subject to the Write-Down and Conversion Powers of an EEAthe applicable Resolution Authority and agrees and consents to, and acknowledges and agrees to be bound by: (a) the application of any Write-Down and Conversion Powers by an EEAthe applicable Resolution Authority to any such liabilities arising hereunder which may be payable to it by any party hereto that is an EEAAffected Financial Institution; and (b) the effects of any Bail-In Action on any such liability, including, if applicable: (i) a reduction in full or in part or cancellation of any such liability; (ii) a conversion of all, or a portion of, such liability into shares or other instruments of ownership in such EEAAffected Financial Institution, its parent entity, or a bridge institution that may be issued to it or otherwise conferred on it, and that such shares or other instruments of ownership will be accepted by it in lieu of any rights with respect to any such liability under this Agreement or any other Loan Document; or (iii) the variation of the terms of such liability in connection with the exercise of the Write-Down and Conversion Powers of any EEAthe applicable Resolution Authority.
Amendments to Security Agreement (a) Section 1 of the Security Agreement is hereby amended by adding the following definitions in the appropriate alphabetical order to such Section:
Amendment to Exhibit A to Services Agreement Solely with respect to Accounts that are not investment companies registered under the 1940 Act, the section of Exhibit A to the Services Agreement entitled “Administration and Risk Management” shall be, and hereby is, deleted in its entirety and replaced with the following:
