Common use of General Security Requirements Clause in Contracts

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements.  The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. •  The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. •  For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. •  Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. •  OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. •  All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. •  In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. 31 1. The application/system must meet the general security standards based upon 32 ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in 33 Health Using ISO 17799. 34 2. • The application must run on an operating system that is consistently and currently 35 supported by the operating systems vendor. Applications under maintenance are expected to always be 36 current in regards to the current version of the relevant operating system. • 37 // 1 3. For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor 3 and or any third party vendors. The vendors must keep their software current and compatible with such 4 updated releases in order for the application to operate in this environment. 5 4. • Vendors must provide timely updates to address any applicable security vulnerabilities 6 found in the application. 7 5. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and 8 manage the health and performance of the application server, network connectivity, power etc. The 9 application must function appropriately while the monitoring tools are actively running. 10 6. • All application services must run as a true service and not require a user to be logged into 11 the application for these services to continue to be active. OCHCA will provide an account with the 12 appropriate security level to logon as a service, and an account with the appropriate administrative rights 13 to administer the application. The account password must periodically expire, as per OCHCA policies 14 and procedures. 15 7. • In order for the application to run on OCHCA server and network resources, the application 16 must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. 1. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. 2. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. 3. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. 4. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. 5. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. 6. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. 7. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the County of Orange MA-042-20012181 Health Care Agency Page 47 of 65 Folder No. C025988 operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will shall routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will shall provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements.  The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. •  The application must run on an operating system that is consistently and currently supported by the operating systems vendorContractor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. •  For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor Contractor and or any third party vendorscontractors. The vendors Contractors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors  Contractors must provide timely updates to address any applicable security vulnerabilities found in the application. •  OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. •  All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. •  In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. DocuSign Envelope ID: 32AC7F38-40B4-4FD7-9103-57D01A9AA5C7 • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the County of Orange Page 41 of 53 MA-042-19011809 Health Care Agency File Folder No. C018820 operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements.  The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. •  The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. •  For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • County of Orange, Health Care Agency Software Maint. & Data Hosting Services Page 39 of 50  Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. •  OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. •  All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. •  In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The To the extent applicable application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements.  The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. •  The application must run on an operating system that is consistently and currently supported by the operating systems vendorContractor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. •  For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor Contractor and or any third party vendorscontractors. The vendors Contractors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. • Vendors  Contractors must provide timely updates to address any applicable security vulnerabilities found in the application. •  OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. •  All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. •  In order for the application to run on OCHCA server and network resources, the application must mus t not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. 1. The application/system must meet the general security standards based upon ISO 17799 – Code of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799. 2. • The application must run on an operating system operatingsystem that is consistently and currently supported currentlysupported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. 3. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. 4. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. 5. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. 6. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account DocuSign Envelope ID: 2464DB96-258B-4365-A0E3-C78AF6EEDFF7 with the appropriate security level to logon as a service, and an account with the appropriate administrative rights erights to administer the application. The account password must periodically expire, as per xxxxx OCHCA policies and procedures. 7. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.

General Security Requirements. The application/system must meet 1. Vendor will undergo SOC 2 Type 2 audit, or equivalent, throughout the general security standards based upon ISO 17799 – Code term of Practice for Information Security and ISO 27799 – Security Management in Health Using ISO 17799the Contract to demonstrate compliance with relevant standards. 2. • The application must run on an operating system that is consistently and currently supported by the operating systems vendor. Applications under maintenance are expected to always be current in regards to the current version of the relevant operating system. 3. • For applications hosted by OCHCA, OCHCA will routinely apply patches to both the operating system and subsystems as updated releases are available from the operating system vendor and or any third party vendors. The vendors must keep their software current and compatible with such updated releases in order for the application to operate in this environment. 4. • Vendors must provide timely updates to address any applicable security vulnerabilities found in the application. 5. • OCHCA utilizes a variety of proactive, generally available, monitoring tools to assess and manage the health and performance of the application server, network connectivity, power etc. The application must function appropriately while the monitoring tools are actively running. 6. • All application services must run as a true service and not require a user to be logged into the application for these services to continue to be active. OCHCA will provide an account with the appropriate security level to logon as a service, and an account with the appropriate administrative rights to administer the application. The account password must periodically expire, as per OCHCA policies and procedures. 7. • In order for the application to run on OCHCA server and network resources, the application must not require the end users to have administrative rights on the server or subsystems.