Risk Management Framework Sample Clauses

Risk Management Framework. The National Institute of Standards and Technology (NIST) working with the Department of Defense and other organizations developed a common information security framework for the Federal Government and its contractors. The Risk Management Framework (RMF) replaces the traditional certification and accreditation (C&A) process and includes a continuous monitoring process. The RMF steps2 include: 1 Additional Functional Capabilities may be identified in the Task Order 2 National Institute of Standards and Technology Special Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Section 1.1 and Section 2.1 The Contractor will develop a Risk Management Framework Plan that includes processes and procedures to accomplish all of the above steps except Authorize3. The Authorize step will be completed for each Task Order by the Ordering Activity. The Risk Management Framework Plan will be a post-award contract deliverable (see Section F.6).

Risk Management Framework. You must mitigate security risks for which you are responsible, including those identified during continuous monitoring activities. All vulnerabilities and findings must be remediated, in accordance with timelines specified in the HHS POA&M Standard, from discovery: (1) critical vulnerabilities no later than seven (7) days and (2) high within fifteen (15) days (3) medium within forty five (45) days and (4) low vulnerabilities no later than ninety (90) days. In the event a vulnerability or other risk finding cannot be mitigated within the prescribed timelines above, they must be added to the designated POA&M and mitigated within the newly designated timelines. You must maintain inventory of your information system assets, refreshed annually, that documents the identification, ownership, usage, location and configuration for each item. Ensure that changes to assets follow a documented change management procedure. You must support Records Management requirements during the period of performance. We recommend that the vendor pattern their record retention and disposition actions in accordance with one of the two Retention Schedules:

Risk Management Framework. This SOW’s goal is to design a remedy consistent with the ROD that will reduce key human and ecological risks cost effectively given Site characteristics, which results in a cleanup that is protective of public health and the environment and meets all federal and state applicable and relevant and appropriate requirements (ARARs). The risk lines of evidence used in the ROD will guide risk management for the Gasco Sediments Site. The design will also use a risk management framework consistent with EPA guidance (EPA 2005 and EPA 1988) on developing sediment remedies and specifically recognizes the risk management goals for the project throughout the evaluation and design process. The risk management related approaches that are specifically important to this project and are consistent with guidance include:  The Gasco Sediments Site clean up boundary will be consistent with Portland Harbor EPA approved BLRA.  Evaluate remedial alternatives with regard to total net risk reduction within the overall framework of the NCP remedy selection criteria.  Use the Portland Harbor risk assessment protocols, procedures, data, and outcomes whenever possible to set clean up boundaries and evaluate risk reduction, unless use of these would cause an unacceptable delay to the Gasco Sediments Site remediation.  Evaluate alternatives for long term effectiveness for a range of technologies including dredging, capping, and Monitored Natural Recovery (MNR).2 Alternatives will include combinations of technologies that are tailored to the physical, chemical and other conditions of the Site.  Evaluate the short term risks (i.e., sediment resuspension, water borne releases, and dredge residuals) posed by different dredge methods (i.e., hydraulic and clam shell) and the installation and removal of various containment systems (i.e., sheet pile and ▇▇▇▇▇▇ dam).  Because the level of some of the risk is related to biota exposures, evaluate migration pathways, bioavailability, and future exposure (e.g., sediment stability under various river current and vessel propeller scour conditions) when predicting risk reduction.  Evaluate future exposures and risks potentially posed by the presence of potentially mobile product in sediment.  Preference for removal of “substantial product” as defined in Section 3.6.2.1 of this SOW from the project area for offsite disposal, where consistent with the other risk management framework approaches. Remedial alternatives analysis will be conducted usi...

Risk Management Framework. This section is not applicable if contract has DHS Sensitive Information Required Special Contract Terms (MARCH 2015), SAFEGUARDING OF SENSITIVE INFORMATION (MAR 2015)

Risk Management Framework. The Grantee acknowledges and agrees that it is responsible for all risks associated with the Grant Activity. The following risks and mitigation strategies have been identified by the Grantee with respect to the Activity: Description of Risk Analysis Management/mitigation strategy [insert risks or ‘Not applicable’] [insert additional rows as required] Signed for and on behalf of the Commonwealth of Australia as represented by [insert entity] Name: (print) Position: (print) Signature and date: Witness Name: (print) Signature and date: [If Grantee is an Individual] Full legal name of the Grantee: [insert name of the Grantee and any ABN] Signatory Name: (print) Signature and date: Witness Name: (print) Signature and date: [OR] [If Grantee is a Company] Name of Company: [insert name of company and any ABN, ACN or ARBN] Director’s Name: (print) Signature and date: Director/Company Secretary Name: (print) Signature and date: [OR] If Grantee is an Incorporated Association] insert grant ref number/24/3884#15 Full legal name of the Grantee: [insert name of incorporated association and any ABN or other registration number] Public Officer’s Name: (print) Signature and date: Committee Member/Secretary Name: (print) Signature and date: [OR] [If Grantee is a Partnership] Full legal name of the Grantee: [insert name of partnership and any ABN] Partner’s Name: (print) Signature and date: Partner’s/Witness Name: (print) Signature and date: [OR] [If Grantee is a trustee of a Trust, you should confirm the legal status of the trustee and use the appropriate ABN and execution clause. For example, if the trustee is a company, use the company execution clause. Make sure that you use the full legal name and ABN of the trustee (NOT the Trust) as the 'name' of the Grantee - as the trustee is the legal entity entering into the Agreement. The words 'as trustee of the XXX Trust' could be included after the name of the Trustee.] 1. Undertaking the Activity 1.1 The Grantee agrees to undertake the Activity for the purpose of the Grant in accordance with this Agreement. 1.2 The Grantee is fully responsible for the Activity and for ensuring the performance of all its obligations under this Agreement in accordance with all relevant Laws. The Grantee will not be relieved of that responsibility because of: (a) the grant or withholding of any approval or the exercise or non-exercise of any right by the Commonwealth; or (b) any payment to, or withholding of any payment from, the Grantee under th...

Risk Management Framework. 7.01 The MDBA maintains a Risk Management Framework based on the Australian Standard for Risk Management (AS/NZS ISO 31000:2009). Risks are identified at the sub-program level identified in the Corporate Plan and assessed through a consistently applied and replicable methodology and follow a structured approach which encompasses the context, identification, assessment, analysis and treatment of risks. 7.02 A risk assessment and treatment control register is maintained by the Authority for each sub-program. The Authority reports progress on implementation of controls in the quarterly performance reporting process. 7.03 The parties agree to advise all parties, at the earliest possible opportunity, of any matters that the initiating party believes may have a material impact on how the other parties may discharge their responsibilities under the Agreement or this SLA. On receipt of any advice, the impacted party(s) will notify all other parties of the implications of the matter on the delivery of authorised joint activities so consideration can be given to how to address the matter. 7.04 Should any significant risks arise during the year the Authority will undertake to report the risk and proposed treatments to the BOC and the Council as soon as possible. 7.05 In addition, consistent with the Council’s Statement of Intent and to complement the new reporting arrangements, the parties agree that any matter relating to the conduct of authorised joint activities may be referred to the Council where a member of the Council has notified the Chair of the Council that the matter should be referred to the Council. 7.06 The Council will consider the matter at its earliest opportunity. Prior to this consideration, the Council may seek the advice of the BOC and the Authority. If requested for advice, the BOC and the Authority must ensure the provision to Council of all necessary information to enable an informed consideration of the matter. 7.07 In the event of a Council determination on the matter, the BOC and the Authority (consistent with their respective roles and responsibilities under the Agreement) will ensure timely implementation of that determination.

Risk Management Framework. Based on the Risk Management Framework (RMF) of February 2016, the risks which could impact the proposed programme, include those which are mostly minor or moderate and one of them has been identified as a major risk. Regarding the political aspects, although Albania’s transport sector has been one of its Government’s top priorities, there remains a potential for lacking commitment given that there are other reforms that are considered of a higher priority. Shortfalls in cross-party cooperation and lacking political support for following up with processes for policies and implementation are other risks which are foreseen. Mitigation of these risks could be done by maintaining these issues in a high level dialogue and receiving support from the European Union. Cross-party cooperation and lacking political support can be mitigated with the aid of EU dialogue regarding cross-party work support to the parliament and independent institutions for assistance with oversight and monitoring. While positive growth has been taking place in Albania during the last decades, it still strives for economic renovation and other risks still remain at hand, given the high unemployment and spending and low income. There are risks concerning an increase in public debt weak tax collection, accumulation of new liabilities and arrears. Macroeconomic stability needs to be further anchored beyond the ongoing IMF program; Weak commitment and political support are the main risks for Public Financial Management and developmental issues, but can be reduced through mitigation measures such as close monitoring and continuous dialogue with the government Corruption and Fraud is the most substantial risk due to resistance to prevention and control. In order to mitigate this high risk, corruption cases must be brought to justice while participation of stake holders and law enforcement agencies need to be enhanced. Lack of commitment from the Government for undertaking targeted reforms in the area of rule of law, public administration reform, anti-corruption and respect of fundamental rights. Shortfalls in cross-party cooperation on key EU- related reform issues, political cooperation and the effective functioning of independent institutions. Lack of high level political support to monitor and follow up on the policy making and implementation processes. Moderate Continuous policy dialogue in the context of the High Level Dialogue and the EU support for the implementation of the Roadmap concer...

Risk Management Framework. The Group’s risk management framework should be based on an appropriate industry accepted standard such as AS/NZS ISO 31000 2009 series (or similar) with such adaptation (as appropriate) having regard to the Group’s particular needs. Policy 22 |Version 2.0 | Issue Date 18/12/2019 Page 2 of 2 APPENDIX B6 TRADING OF COMPANY SECURITIES POLICY RESPONSIBILITY: COMPANY SECRETARY 1 GENERAL PRINCIPLES The principle behind this policy on trading (buying, selling or other dealing in) Company securities (being shares, options, or any other equity, debt or derivative instruments, including instruments to limit the economic risk of other securities held), is as follows: a. Directors, officers and employees, and persons associated with them, including family members and business associates (together “Insiders”), must not trade in the Company’s securities nor place themselves in a position where it may reasonably be perceived they have been trading in the Company’s securities other than in compliance with this policy. b. The policy is designed to seek to ensure that: • Insiders do not breach “▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇” laws under the Corporations Act (See Annexure (1)); • Insiders do not trade Company securities while they may be in possession of market price sensitive information which has not been released to the ASX announcements platform by the Company (including due to exceptions that may apply to the need to release that information); • perceptions cannot arise that Insiders may be taking advantage of their position in the Group (or that of a person with whom they are associated), even if such perceptions are wrong or unsubstantiated. c. This policy has been made to meet regulatory requirements and generally accepted principles and standards of conduct. Policy – Trading of Company Securities |Version 1.0 | Issue Date 18/12/2019 Page 1 of 8