FINDINGS AND ORDERING PARAGRAPHS The Commission, having reviewed the entire record and being fully advised in the premises, is of the opinion and finds that:
(1) Ameritech Illinois and Voicestream are telecommunications carriers as defined in Section 13-202 of the Public Utilities Act;
(2) the Commission has jurisdiction over the parties hereto and the subject matter hereof;
(3) the recitals of fact and conclusions reached in the prefatory portion of this Order are supported by the record and are hereby adopted as findings of fact;
(4) Ameritech Illinois and Voicestream have entered into an Amendment to the Interconnection Agreement dated November 18, 2002, which has been submitted to the Commission for approval under Section 252(e) of the Telecommunications Act of 1996;
(5) the Amendment to the Agreement between Ameritech Illinois and Voicestream does not discriminate against a telecommunications carrier not a party to the Amendment;
(6) in order to assure that the Amendment is in the public interest, Ameritech Illinois should implement the Amendment by filing a verified statement with the Chief Clerk of the Commission, within five (5) days of approval by the Commission, that the approved Amendment is the same as the Amendment filed in this docket with the verified Petition. The Chief Clerk shall place the Amendment on the Commission’s website under Interconnection Agreements;
(7) Ameritech Illinois should also place replacement sheets in its tariffs, located at Ill.C.C. No. 21 Section 19.15;
(8) the Amendment should be approved as hereinafter set forth;
(9) approval of the Amendment does not have any precedential effect on any future negotiated agreements or Commission Orders.
Provisions Solely to Define Relative Rights The provisions of this Article XII are and are intended solely for the purpose of defining the relative rights of the Holders of the Securities on the one hand and the holders of Senior Debt on the other hand. Nothing contained in this Article XII or elsewhere in this Indenture or in the Securities is intended to or shall (a) impair, as between the Company and the Holders of the Securities, the obligations of the Company, which are absolute and unconditional, to pay to the Holders of the Securities the principal of and any premium and interest (including any Additional Interest) on the Securities as and when the same shall become due and payable in accordance with their terms, (b) affect the relative rights against the Company of the Holders of the Securities and creditors of the Company other than their rights in relation to the holders of Senior Debt or (c) prevent the Trustee or the Holder of any Security (or to the extent expressly provided herein, the holder of any Preferred Security) from exercising all remedies otherwise permitted by applicable law upon default under this Indenture, including filing and voting claims in any Proceeding, subject to the rights, if any, under this Article XII of the holders of Senior Debt to receive cash, property and securities otherwise payable or deliverable to the Trustee or such Holder.
Requirements Pertaining Only to Federal Grants and Subrecipient Agreements If this Agreement is a grant that is funded in whole or in part by Federal funds:
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
EDD Independent Subrecipient Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, Subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the State.” The term is further defined by the California Employment Development Department to refer specifically to independent Subrecipients. An independent Subrecipient is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at ▇▇▇▇://▇▇▇.▇▇▇.▇▇.▇▇▇/Employer_Services.htm