Technical Specifications and Systems Security. 1. The Requesting Party will not have direct access to SSA’s databases. The verification requests must be encrypted using either the Advanced Encryption Standard (AES) or triple DES (DES3) encryption methods to secure the data in transport to SSA. SSA will use the same method of encryption when returning data to the Requesting Party. To accomplish the transmission of data, the parties will use TLS protocol (TLS 1.0). 2. The Requesting Party must obtain, at its own expense, the hardware, software, or other equipment that may be necessary to establish connection to CBSV either through the BSO website or the web service. The Requesting Party must obtain, at its own expense, Internet service in order to access the CBSV portion of the BSO website. The Requesting Party must provide SSA with a valid e-mail address for communications via e-mail. 3. The Requesting Party may use more than one method of CBSV services (online and web service) at the same time. If the Requesting Party chooses to use both online and web service, it must assign two different Authorized Users, due to the unique registration needs of CBSV Web Service. The Requesting Party is only responsible for the one-time enrollment fee ($5000) and one annual advance payment for estimated transactions, regardless of the number of methods of services it uses. 4. The Requesting Party must bear all costs it incurs for site preparation, connection, operating costs, and any other miscellaneous costs to participate in CBSV. SSA reserves the right to conduct on-site visits to review the Requesting Party’s documentation and in- house procedures for protection of and security arrangements for confidential information and adherence to terms of this User Agreement. 5. SSA’s User Guide is available online at xxxx://xxx.xxx.xxx/cbsv/docs/, which SSA may amend at its discretion. The detailed requirements and procedures for using CBSV are set forth in the User Guide. 6. If the Requesting Party and its Principals access CBSV through the web service platform client application, the Requesting Party must maintain an automated audit trail record identifying either the individual Authorized User or the system process that initiated a request for information from SSA. Every request for information must be traceable to the individual Authorized User or the system process that initiated the transaction. At a minimum, individual audit trail records must contain the data needed to associate each request to its initiator and the relevant business purpose (e.g., the outside entity’s client record for which SSA data was requested), and each request must be time and date stamped. Each request must be stored in the audit file as a separate record, not overlaid by subsequent requests. 7. If the Requesting Party retains in its system any verification results from SSA, or if certain data elements within the Requesting Party’s system indicate that the information has been verified by SSA, the Requesting Party must restrict access to the files to the Responsible Company Official and/or his or her designee and ensure that its system also captures an audit trail record, with the same requirements as for the web service platform client application, of any user who views the SSA-verified information stored within the Requesting Party’s system. 8. The Requesting Party shall process all confidential information under the immediate supervision and control of authorized personnel in a manner that will protect the confidentiality of the records; prevent the unauthorized use of confidential information; and prevent access to the records by unauthorized persons.
Appears in 10 contracts
Samples: User Agreement for Consent Based Social Security Number Verification (Cbsv), User Agreement, User Agreement for Consent Based Social Security Number Verification (Cbsv)
Technical Specifications and Systems Security.
1. The Requesting Party will not have direct access to SSA’s databases. The verification requests must be encrypted using either the Advanced Encryption Standard (AES) or triple DES (DES3) encryption methods to secure the data in transport to SSA. SSA will use the same method of encryption when returning data to the Requesting Party. To accomplish the transmission of data, the parties will use TLS protocol (TLS 1.0). .
2. The Requesting Party must obtain, at its own expense, the hardware, software, or other equipment that may be necessary to establish connection to CBSV either through the BSO website or the web service. The Requesting Party must obtain, at its own expense, Internet service in order to access the CBSV portion of the BSO website. The Requesting Party must provide SSA with a valid e-mail address for communications via e-mail.
3. The Requesting Party may use more than one method of CBSV services (online online, web service and web servicebatch) at the same time. If the Requesting Party chooses to use both online and web service, it must assign two different Authorized Users, due to the unique registration needs of CBSV Web Service. The Requesting Party is only responsible for the one-time enrollment fee ($5000) and one combined annual advance payment for estimated transactions, regardless of the number of methods of services it uses.
4. The Requesting Party must bear all costs it incurs for site preparation, connection, operating costs, and any other miscellaneous costs to participate in CBSV. SSA reserves the right to conduct on-site visits to review the Requesting Party’s documentation and in- house procedures for protection of and security arrangements for confidential information and adherence to terms of this User Agreement.
5. SSA will provide the Requesting Party with a copy of SSA’s User Guide is available online at xxxx://xxx.xxx.xxx/cbsv/docs/Guide, which SSA may amend at its discretion. The detailed requirements and procedures for using submitting files, checking status, and retrieving results through CBSV are set forth in the User Guide.
6. If the Requesting Party and its Principals access accesses CBSV through the web service platform client application, the Requesting Party must maintain an automated audit trail record identifying either the individual Authorized User or the system process that initiated a request for information from SSA. Every request for information must be traceable to the individual Authorized User or the system process that initiated the transaction. At a minimum, individual audit trail records must contain the data needed to associate each request to its initiator and the relevant business purpose (e.g., the outside entity’s client record for which SSA data was requested), and each request must be time and date stamped. Each request must be stored in the audit file as a separate record, not overlaid by subsequent requests.
7. If the Requesting Party retains in its system any verification results from SSA, or if certain data elements within the Requesting Party’s system indicate that the information has been verified by SSA, the Requesting Party must restrict access to the files to the Responsible Company Official and/or his or her designee and ensure that its system also captures an audit trail record, with the same requirements as for the web service platform client application, of any user who views the SSA-verified information stored within the Requesting Party’s system.
8. The Requesting Party shall process all confidential information under the immediate supervision and control of authorized personnel in a manner that will protect the confidentiality of the records; prevent the unauthorized use of confidential information; information and prevent access to the records by unauthorized persons.
Appears in 2 contracts
Samples: User Agreement, User Agreement
Technical Specifications and Systems Security.
1. The Requesting Party will not have direct access to SSA’s databases. The verification requests must be encrypted using either the Advanced Encryption Standard (AES) or triple DES (DES3) encryption methods to secure the data in transport to SSA. SSA will use the same method of encryption when returning data to the Requesting Party. To accomplish the transmission of data, the parties will use TLS protocol (TLS 1.0).
2. The Requesting Party must obtain, at its own expense, the hardware, software, or other equipment that may be necessary to establish connection to CBSV either through the BSO website or the web service. The Requesting Party must obtain, at its own expense, Internet service in order to access the CBSV portion of the BSO website. The Requesting Party must provide SSA with a valid e-mail address for communications via e-mail.
3. The Requesting Party may use more than one method of CBSV services (online and web service) at the same time. If the Requesting Party chooses to use both online and web service, it must assign two different Authorized Users, due to the unique registration needs of CBSV Web Service. The Requesting Party is only responsible for the one-time enrollment fee ($5000) and one annual advance payment for estimated transactions, regardless of the number of methods of services it uses.
4. The Requesting Party must bear all costs it incurs for site preparation, connection, operating costs, and any other miscellaneous costs to participate in CBSV. SSA reserves the right to conduct on-site visits to review the Requesting Party’s documentation and in- house procedures for protection of and security arrangements for confidential information and adherence to terms of this User Agreement.
5. SSA’s User Guide is available online at xxxx://xxx.xxx.xxx/cbsv/docs/, which SSA may amend at its discretion. The detailed requirements and procedures for using CBSV are set forth in the User Guide.
6. If the Requesting Party and its Principals access CBSV through the web service platform client application, the Requesting Party must maintain an automated audit trail record identifying either the individual Authorized User or the system process that initiated a request for information from SSA. Every request for information must be traceable to the individual Authorized User or the system process that initiated the transaction. At a minimum, individual audit trail records must contain the data needed to associate each request to its initiator and the relevant business purpose (e.g., the outside entity’s client record for which SSA data was requested), and each request must be time and date stamped. Each request must be stored in the audit file as a separate record, not overlaid by subsequent requests.
7. If the Requesting Party retains in its system any verification results from SSA, or if certain data elements within the Requesting Party’s system indicate that the information has been verified by SSA, the Requesting Party must restrict access to the files to the Responsible Company Official and/or his or her designee and ensure that its system also captures an audit trail record, with the same requirements as for the web service platform client application, of any user who views the SSA-verified information stored within the Requesting Party’s system.
8. The Requesting Party shall process all confidential information under the immediate supervision and control of authorized personnel in a manner that will protect the confidentiality of the records; prevent the unauthorized use of confidential information; and prevent access to the records by unauthorized persons.
Appears in 1 contract
Samples: User Agreement
Technical Specifications and Systems Security.
1. The Requesting Party will not have direct access to SSA’s databases. The verification requests must be encrypted using either the Advanced Encryption Standard (AES) or triple DES (DES3) encryption methods to secure the data in transport to SSA. SSA will use the same method of encryption when returning data to the Requesting Party. To accomplish the transmission of data, the parties will use TLS protocol (TLS 1.01.2).
2. The Requesting Party must obtain, at its own expense, the hardware, software, or other equipment that may be necessary to establish connection to CBSV either through the BSO website or the web service. The Requesting Party must obtain, at its own expense, Internet service in order to access the CBSV portion of the BSO website. The Requesting Party must provide SSA with a valid e-mail address for communications via e-mail.
3. The Requesting Party may use more than one method of CBSV services (online and web service) at the same time. If the Requesting Party chooses to use both online and web service, it must assign two different Authorized Users, due to the unique registration needs of CBSV Web Service. The Requesting Party is only responsible for the one-time enrollment fee ($5000) and one annual advance payment for estimated transactions, regardless of the number of methods of services it uses.
4. The Requesting Party must bear all costs it incurs for site preparation, connection, operating costs, and any other miscellaneous costs to participate in CBSV. SSA reserves the right to conduct on-site visits to review the Requesting Party’s documentation and in- house procedures for protection of and security arrangements for confidential information and adherence to terms of this User Agreement.
5. SSA’s User Guide is available online at xxxx://xxx.xxx.xxx/cbsv/docs/, which SSA may amend at its discretion. The detailed requirements and procedures for using CBSV are set forth in the User Guide.
6. If the Requesting Party and its Principals access CBSV through the web service platform client application, the Requesting Party must maintain an automated audit trail record identifying either the individual Authorized User or the system process that initiated a request for information from SSA. Every request for information must be traceable to the individual Authorized User or the system process that initiated the transaction. At a minimum, individual audit trail records must contain the data needed to associate each request to its initiator and the relevant business purpose (e.g., the outside entity’s client record for which SSA data was requested), and each request must be time and date stamped. Each request must be stored in the audit file as a separate record, not overlaid by subsequent requests.
7. If the Requesting Party retains in its system any verification results from SSA, or if certain data elements within the Requesting Party’s system indicate that the information has been verified by SSA, the Requesting Party must restrict access to the files to the Responsible Company Official and/or his or her designee and ensure that its system also captures an audit trail record, with the same requirements as for the web service platform client application, of any user who views the SSA-verified information stored within the Requesting Party’s system.
8. The Requesting Party shall process all confidential information under the immediate supervision and control of authorized personnel in a manner that will protect the confidentiality of the records; prevent the unauthorized use of confidential information; and prevent access to the records by unauthorized persons.
Appears in 1 contract
Samples: User Agreement
