Proposed Policies and Procedures Regarding New Online Content and Functionality By February 1, 2017, the Division will submit to OCR for its review and approval proposed policies and procedures (“the Plan for New Content”) to ensure that all new, newly-added, or modified online content and functionality will be accessible to people with disabilities as measured by conformance to the Benchmarks for Measuring Accessibility set forth above, except where doing so would impose a fundamental alteration or undue burden.
a) When fundamental alteration or undue burden defenses apply, the Plan for New Content will require the Division to provide equally effective alternative access. The Plan for New Content will require the Division, in providing equally effective alternate access, to take any actions that do not result in a fundamental alteration or undue financial and administrative burdens, but nevertheless ensure that, to the maximum extent possible, individuals with disabilities receive the same benefits or services as their nondisabled peers. To provide equally effective alternate access, alternatives are not required to produce the identical result or level of achievement for persons with and without disabilities, but must afford persons with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement, in the most integrated setting appropriate to the person’s needs.
b) The Plan for New Content must include sufficient quality assurance procedures, backed by adequate personnel and financial resources, for full implementation. This provision also applies to the Division online content and functionality developed by, maintained by, or offered through a third-party vendor or by using open sources.
c) Within thirty (30) days of receiving OCR’s approval of the Plan for New Content, the Division will officially adopt and fully implement the amended policies and procedures.
Vendor Logo (Supplemental Vendor Information Only) No response Optional. If Vendor desires that their logo be displayed on their public TIPS profile for TIPS and TIPS Member viewing, Vendor may upload that logo at this location. These supplemental documents shall not be considered part of the TIPS Contract. Rather, they are Vendor Supplemental Information for marketing and informational purposes only. Some participating public entities are required to seek Disadvantaged/Minority/Women Business & Federal HUBZone ("D/M/WBE/Federal HUBZone") vendors. Does Vendor certify that their entity is a D/M/WBE/Federal HUBZone vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. NO Some participating public entities are required to seek Historically Underutilized Business (HUB) vendors as defined by the Texas Comptroller of Public Accounts Statewide HUB Program. Does Vendor certify that their entity is a HUB vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. No Can the Vendor provide its proposed goods and services to all 50 US States? Yes
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Public Records Requirements Pursuant to Section 119.0701, F.S Solely for the purpose of this section, the Department’s Contract Manager is the agency custodian of public records. If, under the Term Contract, the Contractor is providing services and is acting on behalf of the public agency, as provided in section 119.0701, F.S., the Contractor shall:
i. Keep and maintain public records required by the Department to perform the service.
ii. Upon request from the Department’s custodian of public records, provide the Department with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in Chapter 119, F.S., or as otherwise provided by law.
iii. Ensure that public records that are exempt or confidential and exempt from public records disclosure are not disclosed except as authorized by law for the duration of the Term Contract term and following the completion of the Term Contract if the Contractor does not transfer the records to the Department.
iv. Upon completion of the Term Contract, transfer, at no cost, to the Department all public records in possession of the Contractor or keep and maintain public records required by the Department to perform the service. If the Contractor transfers all public records to the Department upon completion of the contract, the Contractor shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If the Contractor keeps and maintains public records upon completion of the Term Contract, the Contractor shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the Department, upon request from the Department’s custodian of public records, in a format that is compatible with the information technology systems of the Department. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR’S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS TERM CONTRACT, CONTACT THE DEPARTMENT’S CUSTODIAN OF PUBLIC RECORDS AT ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇.▇▇.▇▇▇, (▇▇▇) ▇▇▇-▇▇▇▇ OR ▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇,
Certification Regarding Lobbying Applicable to Grants Subgrants, Cooperative Agreements, and Contracts Exceeding $100,000 in Federal Funds Submission of this certification is a prerequisite for making or entering into this transaction and is imposed by section 1352, Title 31, U.S. Code. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with the awarding of a Federal contract, the making of a Federal grant, the making of a Federal loan, the entering into a cooperative agreement, and the extension, continuation, renewal, amendment, or modification of a Federal contract, grant, loan, or cooperative agreement.