CERTIFICATION REGARDING CERTAIN FOREIGN-OWNED COMPANIES IN CONNECTION WITH CRITICAL INFRASTRUCTURE (Texas law as of September 1, 2021) By submitting a proposal to this Solicitation, you certify that you agree to the following required by Texas law as of September 1, 2021: Proposing Company is prohibited from entering into a contract or other agreement relating to critical infrastructure that would grant to the company direct or remote access to or control of critical infrastructure in this state, excluding access specifically allowed by the Proposing Company for product warranty and support purposes. Company, certifies that neither it nor its parent company nor any affiliate of company or its parent company, is (1) owned by or the majority of stock or other ownership interest of the company is held or controlled by individuals who are citizens of China, Iran, North Korea, Russia, or a designated country; (2) a company or other entity, including governmental entity, that is owned or controlled by citizens of or is directly controlled by the government of China, Iran, North Korea, Russia, or a designated country; or (3) headquartered in China, Iran, North Korea, Russia, or a designated country. For purposes of this contract, “critical infrastructure” means “a communication infrastructure system, cybersecurity system, electric grid, hazardous waste treatment system, or water treatment facility.” See Tex. Gov’t Code § 2274.0101(2) of SB 1226 (87th leg.). The company verifies and certifies that company will not grant direct or remote access to or control of critical infrastructure, except for product warranty and support purposes, to prohibited individuals, companies, or entities, including governmental entities, owned, controlled, or headquartered in China, Iran, North Korea, Russia, or a designated country, as determined by the Governor.
Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law.
Responsibilities of Business Associate Business Associate agrees:
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Obligations and Activities of Business Associate Business Associate agrees to:
Business Continuity Planning Supplier shall prepare and maintain at no additional cost to Buyer a Business Continuity Plan (“BCP”). Upon written request of Buyer, Supplier shall provide a copy of Supplier’s BCP. The BCP shall be designed to ensure that Supplier can continue to provide the goods and/or services in accordance with this Order in the event of a disaster or other BCP-triggering event (as such events are defined in the applicable BCP). Supplier’s BCP shall, at a minimum, provide for: (a) the retention and retrieval of data and files; (b) obtaining resources necessary for recovery, (c) appropriate continuity plans to maintain adequate levels of staffing required to provide the goods and services during a disruptive event; (d) procedures to activate an immediate, orderly response to emergency situations; (e) procedures to address potential disruptions to Supplier’s supply chain; (f) a defined escalation process for notification of Buyer, within two (2) business days, in the event of a BCP-triggering event; and (g) training for key Supplier Personnel who are responsible for monitoring and maintaining Supplier’s continuity plans and records. Supplier shall maintain the BCP and test it at least annually or whenever there are material changes in Supplier’s operations, risks or business practices. Upon Xxxxx’s written and reasonable request, Supplier shall provide Buyer an executive summary of test results and a report of corrective actions (including the timing for implementation) to be taken to remedy any deficiencies identified by such testing. Upon Xxxxx’s request and with reasonable advance notice and conducted in such a manner as not to unduly interfere with Supplier’s operations, Supplier shall give Buyer and its designated agents access to Supplier’s designated representative(s) with detailed functional knowledge of Supplier’s BCP and relevant subject matter.
OBLIGATIONS AND ACTIVITIES OF CONTRACTOR AS BUSINESS ASSOCIATE 1. Contractor agrees not to use or further disclose PHI County discloses to Contractor other than as permitted or required by this Business Associate Contract or as required by law.