Common use of Security Plan Clause in Contracts

Security Plan. a) Contractor shall provide a written security plan a minimum of two (2) weeks prior to Contract start date and the County must approve this plan prior to gaining access to County data. This plan will explain the procedures to be used by Contractor to prevent theft or unauthorized access to and/or dissemination of County data, documents, photographic images, sound recordings, CDs, DVDs, or other County-owned media. b) Contractor shall describe all safeguards in place to ensure compliance with legal and regulatory requirements as they relate to County data. These include, but are not limited to, Personal Identifying Information (PII), the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). c) Contractor shall describe all processes in place to ensure compliance with requirements for County data classification, including County Proprietary, Confidential and Sensitive classifications.

Security Plan. a) a. Contractor shall provide a written security plan a minimum of two (2) weeks prior to Contract start date and the County must approve this plan prior to gaining access to County data. This plan will explain the procedures to be used by Contractor to prevent theft or unauthorized access to and/or dissemination of County data, documents, photographic images, sound recordings, CDs, DVDs, or other County-County- owned media. b) b. Contractor shall describe all safeguards in place to ensure compliance with legal and regulatory requirements as they relate to County data. These include, but are not limited to, Personal Identifying Information (PII), the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). c) c. Contractor shall describe all processes in place to ensure compliance with requirements for County data classification, including County Proprietary, Confidential and Sensitive classifications. d. The County Information Security Officer (CISO) or designee may validate that Contractor’s security plan is being enforced and that all precautions are being taken to secure and protect County records.