Enforcement Policies. D. Background Screening.
Enforcement Policies f. Contractor agrees to conduct a background check of Contractor’s staff before they may access PII with more thorough screening done for those employees who are authorized to bypass significant technical and operational security controls. Contractor further agrees that screening documentation shall be retained for a period of three (3) years following conclusion of the employment relationship.
Enforcement Policies. The county department/agency must retain the non-disclosure agreements for at least five (5) to seven (7) years for all contractors and agents who processes, views, or encounters Medi-Cal PII as part of their duties Supplemental Guidance (from NIST 800-53) Third-party providers include, for example, service bureaus, contractors, and other organizations providing information system development, information technology services, outsourced applications, and network and security management. Organizations explicitly include personnel security requirements in acquisition-related documents. Third-party providers may have personnel working at organizational facilities with credentials, badges, or information system privileges issued by organizations. Notifications of third-party personnel changes ensure appropriate termination of privileges and credentials. Organizations define the transfers and terminations deemed reportable by security-related characteristics that include, for example, functions, roles, and nature of credentials/privileges associated with individuals transferred or terminated. Related controls: PS-2, PS-3, PS-4, PS-5, PS-6, SA-9, SA-21. Control Number PS-8
Enforcement Policies. Failure to follow stormwater pollution prevention regulations and requirements, and to provide adequate BMP’s will result in enforcement actions by appropriate agencies. Enforcement actions that could result include issuance of Notice of Violation of City Codes, Administrative Citations with fines, billing of costs for cleanup, issuance of stop work order for the subject project, referral to the appropriate State and Federal enforcement agencies, and filing criminal complaints. Contractor is reminded that they are responsible for their sub-contractors’ actions.
