Power Supply Information and Access to Information POWER SUPPLY INFORMATION
Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.
Public Information Public Records Disclosure Requests Washington’s Public Records Act. Unless statutorily exempt from public disclosure, this Cooperative Purchasing Agreement and all related records are subject to public disclosure as required by Washington’s Public Records Act, RCW 42.56.
ERISA Information and Compliance The Obligors will promptly furnish and will cause the Subsidiaries and any ERISA Affiliate to promptly furnish to the Administrative Agent with sufficient copies to the Lenders (i) promptly after the filing thereof with the United States Secretary of Labor, the Internal Revenue Service or the PBGC, copies of each annual and other report with respect to each Plan or any trust created thereunder, (ii) immediately upon becoming aware of the occurrence of any ERISA Event or of any “prohibited transaction,” as described in section 406 of ERISA or in section 4975 of the Code, in connection with any Plan or any trust created thereunder, a written notice signed by a Responsible Officer specifying the nature thereof, what action the Obligors, the Subsidiary or the ERISA Affiliate is taking or proposes to take with respect thereto, and, when known, any action taken or proposed by the Internal Revenue Service, the Department of Labor or the PBGC with respect thereto, and (iii) immediately upon receipt thereof, copies of any notice of the PBGCs intention to terminate or to have a trustee appointed to administer any Plan. With respect to each Plan (other than a Multiemployer Plan), the Obligors will, and will cause each Subsidiary and ERISA Affiliate to, (i) satisfy in full and in a timely manner, without incurring any late payment or underpayment charge or penalty and without giving rise to any lien, all of the contribution and funding requirements of section 412 of the Code (determined without regard to subsections (d), (e), (f) and (k) thereof) and of section 302 of ERISA (determined without regard to sections 303, 304 and 306 of ERISA), and (ii) pay, or cause to be paid, to the PBGC in a timely manner, without incurring any late payment or underpayment charge or penalty, all premiums required pursuant to sections 4006 and 4007 of ERISA.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
