Common use of Security and Policies Clause in Contracts

Security and Policies. All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods, and all applicable HIPAA privacy and security regulations with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary information-access mechanisms, including access IDs and passwords, and Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations to secure such mechanisms. Contractor shall provide each Contractor personnel with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date.

Security and Policies. All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods, and all applicable HIPAA privacy and security regulations with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary information-access mechanisms, including access IDs and passwords, and Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations to secure such mechanisms. Contractor shall provide each Contractor personnel with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) County of Orange Health Care Agency Page 21 Contract MA-042-17011420 shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date.

Security and Policies. All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods, and all applicable HIPAA privacy and security regulations with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. However, Contractor shall not be liable under this section if an inappropriate or unauthorized access to County systems is not due to fault of Contractor. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary information-access mechanisms, including access IDs and passwords, and Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations to secure such mechanisms. Contractor shall provide each Contractor personnel with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date.

Security and Policies. All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods, and all applicable HIPAA privacy and security regulations with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary information-access mechanisms, including access IDs and passwords, and Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations to secure such mechanisms. Contractor shall provide each Contractor personnel with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date, Breach of Security Any breach or violation by Contractor of any of the foregoing shall be deemed a material breach of a material obligation of Contractor under this Contract and may be deemed an incurable and material breach of a material obligation of Contractor under this Contract resulting in termination. Conduct on County Premises Contractor shall, at all times, comply with and abide by all reasonable policies and procedures of County (or that may be established thereby, from time to time) that pertain to conduct on County’s premises, possession or distribution of contraband, or the access to, and security of, the Party’s real property or facilities, to the extent that Contractor has been provided with a copy of each such policy or procedure. Contractor shall exercise due care and diligence to prevent any injury to persons or damage to property while on the other Party’s premises. The operation of vehicles by either Party’s personnel on the other Party’s property shall conform to posted and other applicable regulations and safe-driving practices. Vehicular accidents occurring on a Party’s property and involving either Party’s personnel shall be reported promptly to the appropriate Party’s personnel. Each Party covenants that at all times during the Term, it, and its employees, agents, and subcontractors shall comply with, and take no action that results in the other Party being in violation of, any applicable federal, state, and local laws, ordinances, regulations, and rules. Each Party’s personnel shall clearly identify themselves as the appropriate Party’s personnel and not as employees of the other Party. When on the other Party’s premises, each Party’s personnel shall wear and clearly display identification badges or tags, as approved by the other Party.

Security and Policies. the performance of services in this Contract. All performance under this Contract Contract, shall be in accordance with the County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by the County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best practices and methods, and all applicable HIPAA privacy and security regulations methods with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. 24 25 26 27 28 29 30 31 32 33 34 Information Access EXHIBIT E TO CONTRACT FOR PROVISION OF TRANSITIONAL AGE YOUTH CRISIS RESIDENTIAL SERVICES BETWEEN COUNTY OF ORANGE AND WAYMAKERS JULY 1, 2021 THROUGH JUNE 30, 2024 35 The County may require all Contractor personnel performing services under this Contract to execute a 36 confidentiality and non-disclosure agreement and Contract concerning access protection and data security in the form 37 provided by County. The County shall authorize, and Contractor shall issue, any necessary information-information- access mechanisms, including access IDs and passwords, and in no event shall Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations permit any such mechanisms to secure such mechanismsbe shared or used by other than the individual Contractor personnel to whom issued. Contractor shall provide each Contractor personnel Person with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures 4 5 6 7 8 9 measures and procedures as of such date. The County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. The County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures Enhanced Security Procedures 13 14 15 18 breach of a material obligation of Contractor under this Contract resulting in termination. Any breach or violation by Contractor of any of the foregoing shall be deemed a material breach of a material obligation of Contractor under this Contract and may be deemed an incurable and material Breach of Security 20 22 23 Contractor shall, at all times, comply with and abide by all reasonable policies and procedures of the County (or that may be established thereby, from time to time) that pertain to conduct on the County’s premises, possession or distribution of contraband, or the access to, and security of, the Party’s real property or facilities, to the extent that the Contractor has been provided with a copy of each such policy or procedure. Contractor shall exercise due care and diligence to prevent any injury to persons or damage to property while on the other Party’s premises. The operation of vehicles by either Party’s personnel on the other Party’s property shall conform to posted and other applicable regulations and safe-driving practices. Vehicular accidents occurring on a Party’s property and involving either Party’s personnel shall be reported promptly to the appropriate Party’s personnel. Each Party covenants that at all times during the Term, it, and its employees, agents, and Subcontractors shall comply with, and take no action that results in the other Party being in violation of, any applicable federal, state, and local laws, ordinances, regulations, and rules. Each Party’s personnel shall clearly identify themselves as the Conduct on County Premises 24 26 27 28 29 30 31 32 33 34 35 36 37 1 appropriate Party’s personnel and not as employees of the other Party. When on the other Party’s 2 premises, each Party’s personnel shall wear and clearly display identification badges or tags, as Each Contract Year, County may perform or have performed security reviews and testing based on an Security Audits 3 approved by the other Party. 4 IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well Security Requirements 8 as any customer agency requirements, such date.as federal tax requirements or HIPPA. 9

Security and Policies. All performance under this Contract shall be in accordance with County’s security requirements, policies, and procedures as set forth above and as modified, supplemented, or replaced by County from time to time, in its sole discretion, by providing Contractor with a written copy of such revised requirements, policies, or procedures reasonably in advance of the date that they are to be implemented and effective (collectively, the “Security Policies”). Contractor shall at all times use industry best commercially reasonable practices and methods, and all applicable HIPAA privacy and security regulations regulations, if applicable to Contractor’s provision of service with regard to the prevention, detection, and elimination, by all appropriate means, of fraud, abuse, and other inappropriate or unauthorized access to County systems accessed in the performance of services in this Contract. Information Access County may require all Contractor personnel performing services under this Contract to execute a confidentiality and non-disclosure agreement and concerning access protection and data security in the form provided by County. County shall authorize, and Contractor shall issue, any necessary information-information- access mechanisms, including access IDs and passwords, and Contractor shall take all commercially reasonable measures that comply with HIPAA security and privacy regulations to secure such mechanisms. Contractor shall provide each Contractor personnel with only such level of access as is required for such individual to perform his or her assigned tasks and functions. All County systems, and all data and software contained therein, including County data, County hardware and County software, used or accessed by Contractor: (a) shall be used and accessed by such Contractor solely and exclusively in the performance of their assigned duties in connection with, and in furtherance of, the performance of Contractor’s obligations hereunder; and (b) shall not be used or accessed except as expressly permitted hereunder, or commercially exploited in any manner whatsoever, by Contractor, at any time. Enhanced Security Procedures County may, in its discretion, designate certain areas, facilities, or systems as requiring a higher level of security and access control. County shall notify Contractor in writing reasonably in advance of any such designation becoming effective. Any such notice shall set forth in reasonable detail the enhanced security or access-control procedures, measures, or requirements that Contractor shall be required to implement and enforce, as well as the date on which such procedures and measures shall take effect. Contractor shall fully comply with and abide by all such enhanced security and access measures and procedures as of such date.