Electronic Payment The Debt Collection Improvement Act of 1996 requires that all payments except IRS tax refunds be made by Electronic Funds Transfer. It is the policy of the Nuclear Regulatory Commission to pay vendors by the Automated Clearing House (ACH) electronic funds transfer payment system. The electronic system is known as Vendor Express. Payment shall be made in accordance with FAR 52.232-33, entitled "Mandatory Information for Electronic Funds Transfer Payment" . To receive payment, the contractor shall complete the "Company Information" portion of the Standard Form 3881, entitled "ACH Vendor/Miscellaneous Payment Enrollment Form" found as an attachment to this document. The contractor shall take the form to the ACH Coordinator at the financial institution that maintains its company's bank account. The contractor shall discuss with the ACH Coordinator how the payment identification information (addendum record) will be passed to them once the payment is received by the financial institution. Further information concerning the addendum is provided at Attachment 2. The ACN Coordinator should fill out the "Financial Institution Information" portion of the form and return it to the Office of the Controller at the following address: Nuclear Regulatory Commission, Division of Accounting and Finance, Financial Operations Section, Mail Stop T-9-H-4, Washington, DC 20555, ATTN: ACH/Vendor Express. It is the responsibility of the contractor to ensure that the financial institution returns the completed form to the above cited NRC address. If the contractor can provide the financial information, signature of the financial institutions ACH Coordinator is not required. The NRC is under no obligation to send reminders. Only after the Office of the Controller has processed the contractor's sign-up form will the contractor be eligible to receive payments. Once electronic funds transfer is established for payments authorized by NRC, the contractor needs to submit an additional SF 3881 only to report changes to the information supplied. Questions concerning ACH/Vendor Express should be directed to the Financial Operations staff at (000) 000-0000."
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53). Contractor also shall provide technical and organizational safeguards against accidental, unlawful, or unauthorized access or use, destruction, loss, alteration, disclosure, transfer, commingling, or processing of such information that ensure a level of security appropriate to the risks presented by the processing of County Data, Contractor personnel and/or subcontractor personnel and affiliates approved by County to perform work under this Contract may use or disclose County personal and confidential information only as permitted in this Contract. Any other use or disclosure requires express approval in writing by the County of Orange. No Contractor personnel and/or subcontractor personnel or affiliate shall duplicate, disseminate, market, sell, or disclose County personal and confidential information except as allowed in this Contract. Contractor personnel and/or subcontractor personnel or affiliate who access, disclose, market, sell, or use County personal and confidential information in a manner or for a purpose not authorized by this Contract may be subject to civil and criminal sanctions contained in applicable federal and state statutes. Contractor shall take all reasonable measures to secure and defend all locations, equipment, systems, and other materials and facilities employed in connection with the Services against hackers and others who may seek, without authorization, to disrupt, damage, modify, access, or otherwise use Contractor systems or the information found therein; and prevent County data from being commingled with or contaminated by the data of other customers or their users of the Services and unauthorized access to any of County data. Contractor shall also continuously monitor its systems for potential areas where security could be breached. In no case shall the safeguards of Contractor’s data privacy and information and cyber security program be less stringent than the safeguards used by County. Without limiting any other audit rights of County, County shall have the right to review Contractor’s data privacy and information and cyber security program prior to commencement of Services and from time to time during the term of this Contract. All data belongs to the County and shall be destroyed or returned at the end of the contract via digital wiping, degaussing, or physical shredding as directed by County.
