System Audit Requirements. Contractor has completed a recent independent security audit by a SOC 2 Type 2 accredited firm of their development and operational practices, or that an independent security audit by an accredited firm will be completed within 6 months after contract execution. This audit must include vulnerability assessments, and penetration tests, and confirm compliance with the security requirements herein. The audit should include any specific data center facility where the service is deployed, and all failover facilities unless those facilities provide their own SOC 2 Type 2 audit.
System Audit Requirements. 1. All County data in Contractor's production and test systems shall be encrypted in accordance with CJIS encryption standards while in transit, while at rest, and while being processed. Contractor shall store County data at rest in data centers that maintain, at a minimum, SOC 2 Type II compliance, and Contractor shall provide County upon request the most recent audit conducted on the data centers.
