Common use of Information Security Requirements Clause in Contracts

Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services E-Verify Employer Agent and its clients; 2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. Implement procedures for detecting, reporting, and responding to security incidents; 8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer Agent’s application. 12. Web Services E-Verify Employer Agents and Software Developers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.

Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services EServicesE-Verify Employer Agent and its clients; 2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s 's personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. Implement procedures for detecting, reporting, and responding to security incidents; 8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer Agent’s 's application. 12. Web Services E-Verify Employer Agents and Software Developers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.

Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services E-E- Verify Employer Agent and its clients; 2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. Implement procedures for detecting, reporting, and responding to security incidents; 8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer Agent’s application. 12. Web Services E-Verify Employer Agents and Software Developers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.

Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services EServicesE-Verify Employer Agent and its clients; 2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. Implement procedures for detecting, reporting, and responding to security incidents; 8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer Agent’s application. 12. Web Services E-Verify Employer Agents and Software Developers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.

Information Security Requirements. Web Services E-Verify Employer Agents performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services E-Verify Employer Agent and its clients; 2. Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. Conduct security awareness training to inform the Web Services E-Verify Employer Agent’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. Implement procedures for detecting, reporting, and responding to security incidents; 8. Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer Agent’s application. 12. Web Services E-Verify Employer Agents and Software Developers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.

Information Security Requirements. Web Services E-Verify Employer Agents Employers performing verification services under this MOU must ensure that information that is shared between the Web Services E-Verify Employer Agent and DHS is appropriately protected comparable to the protection provided when the information is within the DHS environment [OMB Circular A-130 Appendix III]. To achieve this level of information security, the Web Services E-Verify Employer Agent agrees to institute the following procedures: 1. : Conduct periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the DHS, SSA, and the Web Services E-Verify Employer Agent and its clients; 2. Employer; Develop policies and procedures that are based on risk assessments, cost-effectively reduce information security risks to an acceptable level, and ensure that information security is addressed throughout the life cycle of each organizational information system; 3. ; Implement subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate; 4. ; Conduct security awareness training to inform the Web Services E-Verify Employer AgentEmployer’s personnel (including contractors and other users of information systems that support the operations and assets of the organization) of the information security risks associated with their activities and their responsibilities in complying with organizational policies and procedures designed to reduce these risks; 5. ; Develop periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than once per year; 6. ; Develop a process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of the organization; 7. ; Implement procedures for detecting, reporting, and responding to security incidents; 8. ; Create plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the organization; 9. ; In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information and retains that responsibility even when the information is shared with or provided to other organizations [NIST SP 800-37]. 10]. DHS reserves the right to restrict Web Services calls from certain IP addresses. 11. DHS reserves the right to audit the Web Services E-Verify Employer AgentEmployer’s application. 12. Web Services E-Verify Employer Agents and Software Developers Employers agree to cooperate willingly with the DHS assessment of information security and privacy practices used by the company to develop and maintain the software.