Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Identification of Goods Identification of the goods shall not be deemed to have been made until both Buyer and Seller have agreed that the goods in question are to be appropriate to the performance of this Agreement.
JOC Pricing of Itemized List of RS Means Non-Prepriced Items No response The Vendor may download the optional Pricing of Itemized List of RS Means Non-Prepriced Items form from the attachment tab, fill in the requested information, and upload the completed spreadsheet. DO NOT UPLOAD encrypted or password protected files. Valid Reference Email addresses are REQUIRED on the spreadsheet. The vendor must download the References spreadsheet from the attachment tab, fill in the requested information and upload the completed spreadsheet. DO NOT UPLOAD encrypted or password protected files.
Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor’s Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: ● SAO Toll Free Hotline: 1-800-TX-AUDIT ● SAO website: ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇▇▇.▇▇.▇▇/ All reports made to the OIG must be made through one of the following avenues: ● OIG Toll Free Hotline ▇-▇▇▇-▇▇▇-▇▇▇▇ ● OIG Website: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ ● Internal Affairs Email: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇.▇▇ ● OIG Hotline Email: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇.▇▇. ● OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200
