Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR or by any of VENDOR’s subcontractors. Each data center utilized and/or hosted by VENDOR or one of VENDOR’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR or the VENDOR’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 2 contracts
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR Digital Promise or by one of VENDORDigital Promise’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR Digital Promise or by any of VENDORDigital Promise’s subcontractors. Each data center utilized and/or hosted by VENDOR Digital Promise or one of VENDORDigital Promise’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR Digital Promise or by one of VENDORDigital Promise’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR Digital Promise to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR Digital Promise or the VENDORDigital Promise’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. Notwithstanding any of the above, Westat, in compliance with the Federal Information Security Management Act (“FISMA”) follows The National Institute of Standards and Technology (“NIST”) standards and guidance for conducting assessments of security and privacy controls of its data center(s) utilized under this Agreement. Westat hereby confirms it has undergone control assessments in accordance with NIST standards and will provide SBBC with the FISMA Authorization to Operate attestation throughout the term of the Agreement and within (10) calendar days after its/their receipt by Westat and/or Westat’s subcontractors. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR Digital Promise or Westat or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 1 contract
Samples: Participation Agreement
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR NFTE or by one of VENDORNFTE’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR NFTE or by any of VENDORNFTE’s subcontractors. Each data center utilized and/or hosted by VENDOR NFTE or one of VENDORNFTE’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR NFTE or by one of VENDORNFTE’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR NFTE to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR NFTE or the VENDORNFTE’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR NFTE or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 1 contract
Samples: To Agreement
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR or by any of VENDOR’s subcontractors. Each data center utilized and/or hosted by VENDOR or one of VENDOR’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR or the VENDOR’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.;
Appears in 1 contract
Samples: Agreement
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR or by one of VENDOR’s 's subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR or by any of VENDOR’s 's subcontractors. Each data center utilized and/or hosted by VENDOR or one of VENDOR’s 's subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR or by one of VENDOR’s 's subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR or the VENDOR’s 's subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 1 contract
Samples: Agreement
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR or by any of VENDOR’s subcontractors. Each data center utilized and/or hosted by VENDOR or one of VENDOR’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR or by one of VENDOR’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR or the VENDOR’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality confidentiality, and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR or any of its subcontractors that is are clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 1 contract
Samples: Agreement
Data Center Control Standards. The Statement on Standards for Attestation Engagements (“SSAE”) 16 or SSAE 18 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”), for redefining and updating how service companies report on compliance controls. An SSAE 16 or SSAE 18 compliance assessment must be completed and an SSAE 16 or SSAE 18 compliance assessment report(s) must be issued before the commencement of services for each data center to be utilized and/or hosted by VENDOR SOLIDPROFESSOR or by one of VENDORSOLIDPROFESSOR’s subcontractors in the performance of this Agreement. A copy of each SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided to SBBC within ten (10) calendar days after the Effective Date of this Agreement and before the commencement of services by the VENDOR SOLIDPROFESSOR or by any of VENDORSOLIDPROFESSOR’s subcontractors. Each data center utilized and/or hosted by VENDOR SOLIDPROFESSOR or one of VENDORSOLIDPROFESSOR’s subcontractors in the performance of this Agreement shall have and maintain a current SSAE 16 or SSAE 18 certification. Each data center utilized and/or hosted by VENDOR SOLIDPROFESSOR or by one of VENDORSOLIDPROFESSOR’s subcontractors in the performance of this Agreement thereafter must, at minimum, annually complete an SSAE 16 or SSAE 18 compliance assessment and maintain SSAE 16 or SSAE 18 certification. The resulting annual SSAE 16 or SSAE 18 compliance assessment report(s) shall be provided by VENDOR SOLIDPROFESSOR to SBBC throughout the term of the Agreement and within ten (10) calendar days after its/their receipt by the VENDOR SOLIDPROFESSOR or the VENDORSOLIDPROFESSOR’s subcontractors. Along with the two types of audits, the copies of the SSAE 16 or SSAE 18 compliance assessment reports provided to SBBC shall include any completed Service Organization Control (“SOC”) reports including (a) SOC 1 reports containing internal controls over financial reporting; (b) SOC 2 reports covering security, processing integrity, privacy controls, confidentiality and availability; and/or (c) the final SOC 3 report. SBBC is unable to execute a nondisclosure agreement (“NDA”) for its receipt of any such reports. However, any information or documents provided to SBBC by the VENDOR SOLIDPROFESSOR or any of its subcontractors that is clearly labeled as “Confidential and Exempt from Public Inspection as a Trade Secret pursuant to Section 812.081(1)(f), Florida Statutes” will only be viewed by such SBBC personnel as is necessary and will not be made available for public inspection or copying pursuant to Chapter 119, Florida Statutes, and with Section 24(a), Article I of the Florida Constitution.
Appears in 1 contract
Samples: Agreement
