Physical Security Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to:
A. Secure all areas of Contractor facilities where personnel assist in the administration of the Medi-Cal program and use or disclose Medi-Cal PII. The Contractor shall ensure that these secure areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and access to premises is by official identification.
B. Ensure that there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at Contractor facilities and leased facilities where a large volume of Medi-Cal PII is stored.
C. Issue Contractor personnel who assist in the administration of the Medi-Cal program identification badges and require County Workers to wear the identification badges at facilities where Medi-Cal PII is stored or used.
D. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks or locked offices in facilities which are multi-use (meaning that there are personnel other than contractor personnel using common areas that are not securely segregated from each other.) The contractor shall have policies which indicate that Contractor and their personnel are not to leave records with Medi-Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airlines.
E. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.
Data Protection and Security A. In this Agreement the following terms shall have the meanings respectively ascribed to them:
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.
Personnel Security 6.1 Staff recruitment in accordance with government requirements for pre- employment checks;
6.2 Staff training and awareness of Departmental security and any specific contract requirements.
Physical and Environmental Security DST shall: (i) restrict entry to DST’s area(s) where Fund Confidential Information is stored, accessed, or processed solely to DST’s personnel or DST authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety.
Child Protection The Contractor acknowledges that it (and its personnel) are aware of the requirements of the Child Protection (Working with Children) Act 2012 (NSW) and all related laws concerning child protection (Child Protection Laws). The Contractor will ensure that it (and its personnel) comply with the requirements of the Child Protection Laws and policies of the DoE relating to child protection as notified to the Contractor from time to time. The Contractor must, at the Contractor’s expense, certify that the Contractor and the Contractor’s personnel are not a prohibited person under any Child Protection Laws and undergo any other screening, such as the ‘Working with Children Check’, as required under Child Protection Laws or by the School (or DoE). Any of the Contractor’s personnel that is a prohibited person under any Child Protection Laws must not be engaged in providing any Services. The Contractor is to immediately advise the Department if it becomes aware that it (or its personnel) are the subject of a reportable allegation involving children.
Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.
