Securities Law Requirements The Company shall not be required to issue Shares pursuant to the Award, to the extent required, unless and until (a) such Shares have been duly listed upon each stock exchange on which the Common Shares are then registered; and (b) a registration statement under the Securities Act of 1933 with respect to such Shares is then effective.
Securities Law Compliance Notwithstanding anything to the contrary contained herein, you may not exercise your option unless the shares of Common Stock issuable upon such exercise are then registered under the Securities Act or, if such shares of Common Stock are not then so registered, the Company has determined that such exercise and issuance would be exempt from the registration requirements of the Securities Act. The exercise of your option also must comply with other applicable laws and regulations governing your option, and you may not exercise your option if the Company determines that such exercise would not be in material compliance with such laws and regulations.
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
Regulation AB Compliance If at any time the Custodian is not also serving as Servicer under the Servicing Agreement, the Custodian shall:
(i) deliver to the Servicer on or before March 10 of each year, beginning March 10, 2012 (or, if such date is not a Business Day, the next succeeding Business Day), a report, dated as of December 31 of the preceding calendar year, of its assessment of compliance with the Servicing Criteria applicable to it with respect to such calendar year (or, in the case of the first year, since no later than the Closing Date), including disclosure of any material instance of non-compliance identified by the Custodian, as required by Rule 13a-18 and 15d-18 of the Exchange Act and Item 1122 of Regulation AB under the Securities Act, and
(ii) cause a firm of registered public accountants that is qualified and independent within the meaning of Rule 2-01 of Regulation S-X under the Securities Act to deliver to the Servicer on or before March 15 (or, if such date is not a Business Day, the next succeeding Business Day) of each year, beginning March 15, 2012, an attestation report that satisfies the requirements of Rule 13a-18 or Rule 15d-18 under the Exchange Act, as applicable, of the assessment of compliance with Servicing Criteria with respect to the prior calendar year (or, in the case of the first year, since no later than the Closing Date).
(iii) The reports under this Section 4(f) shall be delivered on or before April 15 (or, if such date is not a Business Day, the next succeeding Business Day) of each calendar year if the Issuing Entity is not required to file periodic reports under the Exchange Act or any other law, beginning April 15, 2013.