IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections.
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by Contractor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The Contractor shall be held liable to the time- tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor must: Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. Comply with reasonable requests by the County for onsite physical inspections of the location from which the Contractor provides services. Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis.
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. ▪ Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. ▪ Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis. 13 Business Continuity / Disaster Recovery Plans Application Service Providers must have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) must identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the mutually agreed upon recovery time and point objectives.
IT Operations Security Policy. The Contractor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist. These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections.
IT Operations Security Policy. The vendor shall provide for review by County its written 36 standards for operational security for any facilities where County data, staff or systems shall 37 exist. These documents shall include, but not be limited to, physical security, network security, 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 // logical security, systems/platform security, wireless access, remote access, and data protections.
IT Operations Security Policy. Contractor shall provide for review by County its written standards for operational security for any facilities where County data, staff or systems shall exist. These documents shall include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. Data Management Security Policy. Contractor shall provide its policy for the safeguarding and management of all data provided by the County or accessed as part of system integration testing and maintenance. This policy shall, at a minimum, cover check-in, check-out, copy control, audit logs and separation of duties. Security Incident Notification and Management Process. Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall: Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers. Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration. Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits. Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis.
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. • Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. • Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must:
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. 14 Business Continuity / Disaster Recovery Plans
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. ▪ Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties. ▪ Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: DocuSign Envelope ID: 2464DB96-258B-4365-A0E3-C78AF6EEDFF7 ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, HITRUST, ISO or SOC audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis.
IT Operations Security Policy. Written standards for operational security for any facilities where the County data, staff or systems shall exist. These documents must include, but not be limited to, physical security, network security, logical security, systems/platform security, wireless access, remote access, and data protections. County of Orange MA-042-20012181 Health Care Agency Page 52 of 65 Folder No. C025988 ▪ Data Management Security Policy. Policy for the safeguarding and management of all data provided by the County or accessed by vendor as part of implementation and ongoing maintenance. This policy must, at a minimum, include check-in, check-out, copy control, audit logs and separation of duties.