Common use of Violation of User Agreement Terms, or Clause in Contracts

Violation of User Agreement Terms, or. Temporary Fix for an Active Record Noncompliance can fall into one of three tiers: Type I noncompliance consists of multiple infractions that significantly place PII at risk or have resulted in unauthorized disclosure of PII and are systemic in nature. Type II noncompliance consists of an infraction that could result in an unauthorized verification being submitted to SSA or a failure to comply with the consent requirements or a failure to comply with securing data containing PII. A Type II noncompliance may also be a failure that might prevent the completion of the Compliance Review. Type III noncompliance consists of failures that are only minor in nature. Type III noncompliance would not result in either unauthorized disclosure of PII or unauthorized SSN verification requests being submitted to SSA. The following are the three types of noncompliance and their resulting penalties. Tier Noncompliance Penalty Type I Multiple failures to comply with CBSV User Agreement requirements determined by SSA to be detrimental to protection of PII Multiple Type II noncompliance Fraudulent use of CBSV access privileges Other issues considered by SSA to place a significant quantity of PII at risk. Suspension of CBSV user privileges for 90 days Type II Verification not authorized by SSN holder including missing, unsigned, or fraudulent Form SSA-89, Form SSA-89 accepted without date of authorization, Multiple verifications authorized by one Form SSA-89, Form SSA-89 submission date exceeds 90-day timeframe or exceeds alternate timeframe or is submitted before date of authorization. Acceptance of electronic/digital signature on Form SSA-89, Retention requirements not followed, Purpose stated on Form SSA-89 not specific or allowable, Significant alteration of Form SSA-89, Requesting Party fails to keep the SSA-88 current, Agreements between Requesting Party and Principals do not contain required elements or constraints as outlined in Section III.A, Form SSA-89s are not stored securely, Audit trail requirements are not followed. Suspension of CBSV user privileges for 60 days Type III Illegible Form SSA-89 (fields not specified above), Requesting Party address and Principal address (if applicable) are not included on Form SSA-89, Requesting Party information incorrect on the SSA-89, Minor alteration of Form SSA-89 wording Late submission of examination attestation report Suspension of CBSV user privileges for 30 days Annual Renewal This User Agreement does not authorize SSA to incur obligations through the performance of the services described herein. Performance of such services is authorized only by execution of Form SSA-1235 (Agreement Covering Reimbursable Services – Attachment C). Moreover, SSA may incur obligations by performing services under this User Agreement only on a fiscal year basis. Accordingly, attached to, and made a part of, this User Agreement, is a Form SSA-1235 that provides the authorization for SSA to perform services under this User Agreement in fiscal year [2016]. Because SSA’s performance under this User Agreement spans multiple fiscal years, SSA and the Requesting Party will prepare a new Form SSA-1235 at the beginning of each succeeding fiscal year during which SSA will incur obligations through the performance of the services described in this User Agreement. The parties will sign the Form SSA-1235 by September 15 before the beginning of the Federal fiscal year (October 1st). SSA’s ability to perform work for fiscal years beyond the current fiscal year is subject to the availability of funds. SSA will refund to the Requesting Party any excess funds remaining in the Requesting Party’s account at the end of the fiscal year. The remaining balance from one fiscal year does not carry over to the following fiscal year. The Requesting Party must sign a new Form SSA-1235 and submit advance payment prior to the beginning of each fiscal year in a transaction separate from any refund due from SSA from the previous fiscal year. The Responsible Company Officials for the Requesting Parties must complete an annual Attestation Statement which advises them of their obligations to establish effective internal controls for compliance with CBSV requirements.

Violation of User Agreement Terms, or. 3. Temporary Fix for an Active Record Noncompliance can fall into one of three tiers: • Type I noncompliance consists of multiple infractions failures that significantly place PII at risk or have resulted in unauthorized disclosure of PII and are systemic in nature. • Type II noncompliance consists of an infraction a failure that could result in an unauthorized verification being submitted to SSA or a failure related to comply with the consent requirements a specific Consent Form or a failure to comply with securing data containing PIIverification that places PII at risk. A Type II noncompliance may also be a failure that which might prevent the completion of the Compliance Reviewexamination attestation engagement by a CPA. • Type III noncompliance consists of failures that are only minor in nature. Type III noncompliance would not result in either unauthorized disclosure of PII or unauthorized SSN verification requests being submitted to SSA. The following are the three types of noncompliance and their resulting penalties. Tier Noncompliance Penalty Type I • Multiple failures to comply with CBSV User Agreement user agreement requirements determined by SSA to be detrimental to protection of PII • Multiple Type II noncompliance • Fraudulent use of CBSV access privileges • Other issues considered by SSA to place a significant quantity of PII at risk. Suspension of CBSV user privileges for 90 days Type II • Verification not authorized by SSN holder including missing, unsigned, or fraudulent Form SSA-89, • Form SSA-89 accepted without date of authorization, • Multiple verifications authorized by one Form SSA-89, • Form SSA-89 submission submitted beyond 90 days from the date exceeds 90-day timeframe or exceeds authorization was signed, outside alternate timeframe or is submitted before date of authorization. • Acceptance of electronic/digital signature on Form SSA-89, • Retention requirements not followed, • Purpose stated on Form SSA-89 not specific or allowable, • Significant alteration of Form SSA-89, Requesting Party fails to keep the • SSA-88 not current, • CBSV system access codes are not safeguarded, • Agreements between Requesting Party and Principals do not contain required elements or constraints as outlined in Section III.Aelements, • Form SSA-89s are not stored securely, • Audit trail requirements are not followed, or • Other issues determined by SSA to be compliance failures. Suspension of CBSV user privileges for 60 days Type III • Illegible Form SSA-89 (fields not specified above), • Requesting Party address and Principal address (if applicable) are phone number not included on Form SSA-89, Requesting Party information incorrect • Principal address not included on the Form SSA-89, Minor alteration of Form SSA-89 wording Late submission of examination attestation report Suspension of CBSV user privileges for 30 days Annual Renewal This User Agreement does not authorize Tier Noncompliance Penalty • Requesting Party information incorrect, • Minor alteration of Form SSA-89 wording • Late submission of examination attestation report • Other issues determined by SSA to incur obligations through the performance of the services described herein. Performance of such services is authorized only by execution of Form SSA-1235 (Agreement Covering Reimbursable Services – Attachment C). Moreover, SSA may incur obligations by performing services under this User Agreement only on a fiscal year basis. Accordingly, attached to, and made a part of, this User Agreement, is a Form SSA-1235 that provides the authorization for SSA to perform services under this User Agreement in fiscal year [2016]. Because SSA’s performance under this User Agreement spans multiple fiscal years, SSA and the Requesting Party will prepare a new Form SSA-1235 at the beginning of each succeeding fiscal year during which SSA will incur obligations through the performance of the services described in this User Agreement. The parties will sign the Form SSA-1235 by September 15 before the beginning of the Federal fiscal year (October 1st). SSA’s ability to perform work for fiscal years beyond the current fiscal year is subject to the availability of funds. SSA will refund to the Requesting Party any excess funds remaining in the Requesting Party’s account at the end of the fiscal year. The remaining balance from one fiscal year does not carry over to the following fiscal year. The Requesting Party must sign a new Form SSA-1235 and submit advance payment prior to the beginning of each fiscal year in a transaction separate from any refund due from SSA from the previous fiscal year. The Responsible Company Officials for the Requesting Parties must complete an annual Attestation Statement which advises them of their obligations to establish effective internal controls for compliance with CBSV requirementsbe minor noncompliance.

Violation of User Agreement Terms, or. 3. Temporary Fix for an Active Record Noncompliance can fall into one of three tiers: • Type I noncompliance consists of multiple infractions failures that significantly place PII at risk or have resulted in unauthorized disclosure of PII and are systemic in nature. • Type II noncompliance consists of an infraction a failure that could result in an unauthorized verification being submitted to SSA or a failure related to comply with the consent requirements a specific Consent Form or a failure to comply with securing data containing PIIverification that places PII at risk. A Type II noncompliance may also be a failure that which might prevent the completion of the Compliance Reviewexamination attestation engagement by a CPA. • Type III noncompliance consists of failures that are only minor in nature. Type III noncompliance would not result in either unauthorized disclosure of PII or unauthorized SSN verification requests being submitted to SSA. The following are the three types of noncompliance and their resulting penalties. Tier Noncompliance Penalty Type I • Multiple failures to comply with CBSV User Agreement user agreement requirements determined by SSA to be detrimental to protection of PII • Multiple Type II noncompliance • Fraudulent use of CBSV access privileges • Other issues considered by SSA to place a significant quantity of PII at risk. Suspension of CBSV user privileges for 90 days Type II • Verification not authorized by SSN holder including missing, unsigned, or fraudulent Form SSA-89, • Form SSA-89 accepted without date of authorization, • Multiple verifications authorized by one Form SSA-89, • Form SSA-89 submission submitted beyond 90 days from the date exceeds 90-day timeframe or exceeds authorization was signed, outside alternate timeframe or is submitted before date of authorization. • Acceptance of electronic/digital signature on Form SSA-89, • Retention requirements not followed, • Purpose stated on Form SSA-89 not specific or allowable, • Significant alteration of Form SSA-89, Requesting Party fails to keep the • SSA-88 not current, • CBSV system access codes are not safeguarded, • Agreements between Requesting Party and Principals do not contain required elements or constraints as outlined in Section III.Aelements, • Form SSA-89s are not stored securely, • Audit trail requirements are not followed, or • Other issues determined by SSA to be compliance failures. Suspension of CBSV user privileges for 60 days Type III • Illegible Form SSA-89 (fields not specified above), • Requesting Party address and Principal address (if applicable) are phone number not included on Form SSA-89, • Principal address not included on Form SSA-89, • Requesting Party information incorrect on the SSA-89incorrect, Minor alteration of Form SSA-89 wording Late submission of examination attestation report Suspension of CBSV user privileges for 30 days Annual Renewal This User Agreement does not authorize Tier Noncompliance Penalty • Minor alteration of Form SSA-89 wording • Late submission of examination attestation report • Other issues determined by SSA to incur obligations through the performance of the services described herein. Performance of such services is authorized only by execution of Form SSA-1235 (Agreement Covering Reimbursable Services – Attachment C). Moreover, SSA may incur obligations by performing services under this User Agreement only on a fiscal year basis. Accordingly, attached to, and made a part of, this User Agreement, is a Form SSA-1235 that provides the authorization for SSA to perform services under this User Agreement in fiscal year [2016]. Because SSA’s performance under this User Agreement spans multiple fiscal years, SSA and the Requesting Party will prepare a new Form SSA-1235 at the beginning of each succeeding fiscal year during which SSA will incur obligations through the performance of the services described in this User Agreement. The parties will sign the Form SSA-1235 by September 15 before the beginning of the Federal fiscal year (October 1st). SSA’s ability to perform work for fiscal years beyond the current fiscal year is subject to the availability of funds. SSA will refund to the Requesting Party any excess funds remaining in the Requesting Party’s account at the end of the fiscal year. The remaining balance from one fiscal year does not carry over to the following fiscal year. The Requesting Party must sign a new Form SSA-1235 and submit advance payment prior to the beginning of each fiscal year in a transaction separate from any refund due from SSA from the previous fiscal year. The Responsible Company Officials for the Requesting Parties must complete an annual Attestation Statement which advises them of their obligations to establish effective internal controls for compliance with CBSV requirementsbe minor noncompliance.