General Security Controls. Contractor and its sub-contractors or vendors shall take all steps necessary to ensure the continuous security of all computerized data systems containing Protected Information, and to protect paper documents containing Protected Information. These steps shall include, at a minimum:
1. Complying with and ensuring its sub-contractors or vendors comply with all the data system security precautions listed in this Exhibit including all documents incorporated by reference; and,
2. As applicable for the Contractor’s information systems, providing a level and scope of security that is at least comparable to the level and scope of security established by the Office of Management and Budget in OMB Circular No. A-130, Appendix III- Security of Federal Automated Information Systems, which sets forth guidelines for automated information systems in Federal agencies; and
3. Preserving and ensuring its sub-contractors or vendors preserve, the confidentiality, integrity, and availability of Protected Information with administrative, technical and physical measures that conform to generally recognized industry standards and best practices that contractor then applies to its own processing environment. Maintenance of a secure processing environment includes, but is not limited to, the timely application of patches, fixes and updates to operating systems and applications as provided by Contractor and/or its sub-contractors or vendors. Contractor agrees to, and shall ensure that its sub-contractors or venders, comply with County’s current and future information security policies, standards, procedures, and guidelines.
General Security Controls
