Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
FOREIGN SECURITIES SYSTEMS Foreign securities shall be maintained in a Foreign Securities System in a designated country through arrangements implemented by the Custodian or a Foreign Sub-Custodian, as applicable, in such country.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.
Monitoring and Risk Assessment of Securities Depositories Prior to the placement of any assets of the Fund with a non-U.S. Securities Depository, the Custodian: (a) shall provide to the Fund or its authorized representative an assessment of the custody risks associated with maintaining assets within such Securities Depository; and (b) shall have established a system to monitor the custody risks associated with maintaining assets with such Securities Depository on a continuing basis and to promptly notify the Fund or its Investment Adviser of any material changes in such risk. In performing its duties under this subsection, the Custodian shall use reasonable care and may rely on such reasonable sources of information as may be available including but not limited to: (i) published ratings; (ii) information supplied by a Subcustodian that is a participant in such Securities Depository; (iii) industry surveys or publications; (iv) information supplied by the depository itself, by its auditors (internal or external) or by the relevant Foreign Financial Regulatory Authority. It is acknowledged that information procured through some or all of these sources may not be independently verifiable by the Custodian and that direct access to Securities Depositories is limited under most circumstances. Accordingly, the Custodian shall not be responsible for errors or omissions in its duties hereunder provided that it has performed its monitoring and assessment duties with reasonable care. The risk assessment shall be provided to the Fund or its Investment Advisor by such means as the Custodian shall reasonably establish. Advices of material change in such assessment may be provided by the Custodian in the manner established as customary between the Fund and the Custodian for transmission of material market information.
Financial Security Arrangements At least 20 Business Days prior to the commencement of the design, procurement, installation, or construction of a discrete portion of the Connecting Transmission Owner’s Interconnection Facilities and Upgrades, the Interconnection Customer shall provide the Connecting Transmission Owner, at the Interconnection Customer’s option, a guarantee, a surety bond, letter of credit or other form of security that is reasonably acceptable to the Connecting Transmission Owner and is consistent with the Uniform Commercial Code of the jurisdiction where the Point of Interconnection is located. Such security for payment shall be in an amount sufficient to cover the costs for constructing, designing, procuring, and installing the applicable portion of the Connecting Transmission Owner’s Interconnection Facilities and Upgrades and shall be reduced on a dollar-for-dollar basis for payments made to the Connecting Transmission Owner under this Agreement during its term. The Connecting Transmission Owner may draw on any such security to the extent that the Interconnection Customer fails to make any payments due under this Agreement. In addition: 6.3.1 The guarantee must be made by an entity that meets the creditworthiness requirements of the Connecting Transmission Owner, and contain terms and conditions that guarantee payment of any amount that may be due from the Interconnection Customer, up to an agreed-to maximum amount. 6.3.2 The letter of credit or surety bond must be issued by a financial institution or insurer reasonably acceptable to the Connecting Transmission Owner and must specify a reasonable expiration date. 6.3.3 Notwithstanding the above, Security posted for System Upgrade Facilities for a Small Generating Facility required to enter the Class Year process, or cash or Security provided for System Deliverability Upgrades, shall meet the requirements for Security contained in Attachment S to the ISO OATT.
