Common use of REQUIRED PROJECT POLICIES, GUIDELINES AND METHODOLOGIES Clause in Contracts

REQUIRED PROJECT POLICIES, GUIDELINES AND METHODOLOGIES. The Contractor shall be required to comply with all applicable laws, regulations, policies, standards and guidelines affecting information technology projects, which may be created or changed periodically. It is the responsibility of the Contractor to ensure adherence and to remain abreast of new or revised laws, regulations, policies, standards and guidelines affecting specific project execution. The most recent version of the following State policies can be found online at xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/working-us/policies • Information Security Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docu ments/policy/SoV_Information_Security_Standard.pdf • Cybersecurity Directive 2019 xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS_Cybersecurity_Directive_19-01.pdf • Physical Security for Computer Protection xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Physical-Security-for-Computer-Protection.pdf • Third-Party Connectivity xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docum ents/policy/ADS-Third-Party-Network-Connectivity.pdf • Mobile Device Policy • System/Service Password Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-InformationSecurityPolicies_FINAL.pdf • User Password Policy and Guidelines xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documen ts/policy/ADS-InformationSecurityPolicies_FINAL.pdf • Digital Media and Hardware Disposal Policy, Standard and Procedure xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Digital-Media-and-Hardware-Disposal-Policy.pdf • Phishing and Incident Response Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-Phishing%20Incident-Response-Process-9-19-17.pdf • Vermont Accessibility Standard xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents /web-policy/ADS-VermontAccessibilityStandard2017.pdf

REQUIRED PROJECT POLICIES, GUIDELINES AND METHODOLOGIES. The Contractor shall be required to comply with all applicable laws, regulations, policies, standards and guidelines affecting information technology projects, which may be created or changed periodically. It is the responsibility of the Contractor to ensure adherence and to remain abreast of new or revised laws, regulations, policies, standards and guidelines affecting specific project execution. The most recent version of the following State policies can be found online at xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/working-us/policies • Information Security Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docu ments/xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/ policy/SoV_Information_Security_Standard.pdf • Cybersecurity Directive 2019 xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS_Cybersecurity_Directive_19-01.pdf • Physical Security for Computer Protection xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Physical-Security-for-Computer-Protection.pdf • Third-Party Connectivity xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docum ents/policy/ADS-Third-Party-Network-Connectivity.pdf • Mobile Device Policy • System/Service Password Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-InformationSecurityPolicies_FINAL.pdf • User Password Policy and Guidelines xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documen ts/policy/ADS-InformationSecurityPolicies_FINAL.pdf • Digital Media and Hardware Disposal Policy, Standard and Procedure xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Digital-Media-and-Hardware-Disposal-Policy.pdf • Phishing and Incident Response Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-Phishing%20Incident-Response-Process-9-19-17.pdf • Vermont Accessibility Standard xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents /web-policy/ADS-VermontAccessibilityStandard2017.pdf

REQUIRED PROJECT POLICIES, GUIDELINES AND METHODOLOGIES. The Contractor shall be required to comply with all applicable laws, regulations, policies, standards and guidelines affecting information technology projects, which may be created or changed periodically. It is the responsibility of the Contractor to ensure adherence and to remain abreast of new or revised laws, regulations, policies, standards and guidelines affecting specific project execution. The most recent version of the following State policies can be found online at xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/working-us/policies • Information Security Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docu mentsxxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/po licy/policy/SoV_Information_Security_Standard.pdf ADS-InformationSecurityPolicies_FINAL.pdf • Cybersecurity Directive 2019 xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS_Cybersecurity_Directive_19-01.pdf • Physical Security for Computer Protection xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Physical-Security-for-Computer-Protection.pdf • Third-Party Connectivity xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docum ents/policy/ADS-Third-Party-Network-Connectivity.pdf • Mobile Device Policy • System/Service Password Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-InformationSecurityPolicies_FINAL.pdf • User Password Policy and Guidelines xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documen ts/policy/ADS-InformationSecurityPolicies_FINAL.pdf • Digital Media and Hardware Disposal Policy, Standard and Procedure xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Digital-Media-and-Hardware-Disposal-Policy.pdf • Phishing and Incident Response Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-Phishing%20Incident-Response-Process-9-19-17.pdf • Vermont Accessibility Standard xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents /web-policy/ADS-VermontAccessibilityStandard2017.pdf

REQUIRED PROJECT POLICIES, GUIDELINES AND METHODOLOGIES. The Contractor shall comply with all applicable State security policies as determined by Vermont leadership and adhere to all legal, statutory, and regulatory requirements. The Contractor shall implement security controls in accordance with all applicable federal and State security policy and regulations. The Contractor will be required to comply with all applicable laws, regulations, policies, standards standards, and guidelines affecting information technology projects, which may be created or changed periodically. It is the responsibility of the Contractor to ensure insure adherence to and to remain abreast of new or revised laws, regulations, policies, standards standards, and guidelines affecting specific project execution. Contractor shall comply with the HIPAA confidentiality and privacy policies, as further set forth in the Business Associate Agreement attached hereto. These may include, but are not limited to: • The most recent version State’s Information Technology Policies & Procedures at: xxxx://xxx.xxxxxxx.xxx/Policy_Central • The State’s Record Management Best Practice at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxxxxXxxxxxxxxxXxxxXxxxxxxx.xxx • The State Information Security Best Practice Guideline at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxxxxxxxxXxxxxxxxXxxxXxxxxxxx_Xxx.00000000.xxx • The State Digital Imaging Guidelines at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxxxxXxxxxxxxx0000.xxx • The State File Formats Best Practice at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxXxxxxxxXxxxXxxxxxxx_Xxx.00000000.xxx • The State File Formats Guideline at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxXxxxxxxXxxxxxxxx0000.xxx • The State Metadata Guideline at: xxxx://xxxxxxx- xxxxxxxx.xxx/xxxxxxx/xxxxxxxxx/xxx/XxxxxxxxXxxxxxxxx0000.xxx The Contractor agrees not to publish, reproduce, or otherwise divulge any State Data in whole or in part, in any manner or form or authorize or permit others to do so. Contractor will take reasonable measures as are necessary to restrict access to State Data in the Contractor’s possession to only those employees on its staff who must have the information on a “need to know” basis. The Contractor shall use State Data only for the purposes of and in accordance with this Contract. The Contractor shall provide at a minimum the same care to avoid disclosure or unauthorized use of State Data as it provides to protect its own similar confidential and proprietary information. The Contractor shall promptly notify the State of any request or demand by any court, governmental agency or other person asserting a demand or request for State Data to which the Contractor or any third party hosting service of the following Contractor may have access, so that the State policies can be found online at xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/working-us/policies • Information Security Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docu ments/policy/SoV_Information_Security_Standard.pdf • Cybersecurity Directive 2019 xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS_Cybersecurity_Directive_19-01.pdf • Physical Security for Computer Protection xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Physical-Security-for-Computer-Protection.pdf • Third-Party Connectivity xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/docum ents/policy/ADS-Third-Party-Network-Connectivity.pdf • Mobile Device Policy • System/Service Password Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-InformationSecurityPolicies_FINAL.pdf • User Password Policy and Guidelines xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documen ts/policy/ADS-InformationSecurityPolicies_FINAL.pdf • Digital Media and Hardware Disposal Policy, Standard and Procedure xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/document s/policy/ADS-Digital-Media-and-Hardware-Disposal-Policy.pdf • Phishing and Incident Response Policy xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents/policy/A DS-Phishing%20Incident-Response-Process-9-19-17.pdf • Vermont Accessibility Standard xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/sites/digitalservices/files/documents /web-policy/ADS-VermontAccessibilityStandard2017.pdfmay seek an appropriate protective order.