Configuration Management The Contractor shall maintain a configuration management program, which shall provide for the administrative and functional systems necessary for configuration identification, control, status accounting and reporting, to ensure configuration identity with the UCEU and associated cables produced by the Contractor. The Contractor shall maintain a Contractor approved Configuration Management Plan that complies with ANSI/EIA-649 2011. Notwithstanding ANSI/EIA-649 2011, the Contractor’s configuration management program shall comply with the VLS Configuration Management Plans, TL130-AD-PLN-010-VLS, and shall comply with the following:
Quality Management Grantee will:
1. comply with quality management requirements as directed by the System Agency.
2. develop and implement a Quality Management Plan (QMP) that conforms with 25 TAC § 448.504 and make the QMP available to System Agency upon request. The QMP must be developed no later than the end of the first quarter of the Contract term.
3. update and revise the QMP each biennium or sooner, if necessary. ▇▇▇▇▇▇▇’s governing body will review and approve the initial QMP, within the first quarter of the Contract term, and each updated and revised QMP thereafter. The QMP must describe ▇▇▇▇▇▇▇’s methods to measure, assess, and improve -
i. Implementation of evidence-based practices, programs and research-based approaches to service delivery;
ii. Client/participant satisfaction with the services provided by ▇▇▇▇▇▇▇;
iii. Service capacity and access to services;
iv. Client/participant continuum of care; and
v. Accuracy of data reported to the state.
4. participate in continuous quality improvement (CQI) activities as defined and scheduled by the state including, but not limited to data verification, performing self-reviews; submitting self-review results and supporting documentation for the state’s desk reviews; and participating in the state’s onsite or desk reviews.
5. submit plan of improvement or corrective action plan and supporting documentation as requested by System Agency.
6. participate in and actively pursue CQI activities that support performance and outcomes improvement.
7. respond to consultation recommendations by System Agency, which may include, but are not limited to the following:
i. Staff training;
ii. Self-monitoring activities guided by System Agency, including use of quality management tools to self-identify compliance issues; and
iii. Monitoring of performance reports in the System Agency electronic clinical management system.
Business Continuity Registry Operator shall maintain a business continuity plan, which will provide for the maintenance of Registry Services in the event of an extraordinary event beyond the control of the Registry Operator or business failure of Registry Operator, and may include the designation of a Registry Services continuity provider. If such plan includes the designation of a Registry Services continuity provider, Registry Operator shall provide the name and contact information for such Registry Services continuity provider to ICANN. In the case of an extraordinary event beyond the control of the Registry Operator where the Registry Operator cannot be contacted, Registry Operator consents that ICANN may contact the designated Registry Services continuity provider, if one exists. Registry Operator shall conduct Registry Services Continuity testing at least once per year.
Business Continuity Planning Supplier shall prepare and maintain at no additional cost to Buyer a Business Continuity Plan (“BCP”). Upon written request of Buyer, Supplier shall provide a copy of Supplier’s BCP. The BCP shall be designed to ensure that Supplier can continue to provide the goods and/or services in accordance with this Order in the event of a disaster or other BCP-triggering event (as such events are defined in the applicable BCP). Supplier’s BCP shall, at a minimum, provide for: (a) the retention and retrieval of data and files; (b) obtaining resources necessary for recovery, (c) appropriate continuity plans to maintain adequate levels of staffing required to provide the goods and services during a disruptive event; (d) procedures to activate an immediate, orderly response to emergency situations; (e) procedures to address potential disruptions to Supplier’s supply chain; (f) a defined escalation process for notification of Buyer, within two (2) business days, in the event of a BCP-triggering event; and (g) training for key Supplier Personnel who are responsible for monitoring and maintaining Supplier’s continuity plans and records. Supplier shall maintain the BCP and test it at least annually or whenever there are material changes in Supplier’s operations, risks or business practices. Upon ▇▇▇▇▇’s written and reasonable request, Supplier shall provide Buyer an executive summary of test results and a report of corrective actions (including the timing for implementation) to be taken to remedy any deficiencies identified by such testing. Upon ▇▇▇▇▇’s request and with reasonable advance notice and conducted in such a manner as not to unduly interfere with Supplier’s operations, Supplier shall give Buyer and its designated agents access to Supplier’s designated representative(s) with detailed functional knowledge of Supplier’s BCP and relevant subject matter.
Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.