Vendor Deliverables. The following items are to be provided by the vendor:
Vendor Deliverables. The following items are to be provided by the vendor: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) ▪ SSAE 18 SOC 2 Type 2 or SOC 3 compliance certificate • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365)
Vendor Deliverables. The following items are to be provided by the vendor prior to the Contract finalization: • OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire • Vendor risk acceptance / compliance statement • Business Continuity Plan Summary (as related to service provided) • ISO SOX compliance certificate (if applicable) • Security Waiver form (if applicable) • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) • Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process o Staff Roster and Duties EXHIBIT 1 COUNTY OF ORANGE CHILD SUPPORT ENFORCEMENT REQUIREMENTS In order to enhance the child support collection efforts of the County of Orange Child Support Services, all contractors are required to provide the following information as listed on the attached form: • If the Contractor is an individual contractor: Name, date of birth, social security number, and residence address. • If Contractor is doing business in a form other than as an individual: Name, date of birth, social security number, and residence address of each individual who owns an interest of ten
Vendor Deliverables. The following items are to be provided by the vendor: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) ▪ SSAE 18 SOC 2 Type 2 or SOC 3 compliance certificate • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) ▪ Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process
Vendor Deliverables. The following items are to be provided by the vendor prior to the contract finalization: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) ▪ SSAE 16 SOC 2 Type 2 or SSAE 16 SOC 1 Type 2 compliance certificate (if applicable) • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) ▪ Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process
Vendor Deliverables. The following items are to be provided by the vendor: County of Orange Health Care Agency Page 50 Contract MA-042-17011420 ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) ▪ Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process o Staff Roster and Duties
Vendor Deliverables. The following items are to be provided by the vendor: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) ▪ SSAE 18 SOC 2 Type 2 or SOC 3 compliance certificate County of Orange MA-042-21011323 Page 74 of 75 Health Care Agency File No.: C032735 • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) ▪ Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process o Staff Roster and Duties
Vendor Deliverables. The following items are to be provided by the vendor: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ Business Continuity Plan Summary (as related to service provided) • Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) ▪ Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process
Vendor Deliverables. A. All deliverables shall meet the following criteria:
