Vendor Deliverables. The following items are to be provided by the vendor:
Vendor Deliverables. The following items are to be provided by the vendor prior to the contract finalization:
Vendor Deliverables. 13 1. The following items are to be provided by the vendor:
14 a. OCHCA Security Requirements and Guidelines for Application Vendors and 15 Application Service Providers - Questionnaire
16 b. Business Continuity Plan Summary (as related to service provided)
17 c. SSAE 16 SOC 2 Type 2 or SSAE 16 SOC 1 Type 2 compliance certificate
18 d. Network Diagram that demonstrates vendor network and application segmentation 19 including the security controls in place to protect HCA data 20 e. IT Security Staff Usage Policy 21 f. IT Security Policies and Procedures
Vendor Deliverables. The following items are to be provided by the vendor prior to the Contract finalization: • OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire • Vendor risk acceptance / compliance statement • Business Continuity Plan Summary (as related to service provided) • ISO SOX compliance certificate (if applicable) • Security Waiver form (if applicable) • IT Security Staff Usage Policy • IT Security Policies and Procedures • IT Operations Security Policy • Data Management Security Policy • Security Incident Notification and Management Process • Security Contact Identification (24x7x365) • Staff Related Items o Pre-Employment Screening Policy/Procedure o Background Checking Procedure o Ongoing Employment Status Validation Process o Staff Roster and Duties In order to enhance the child support collection efforts of the County of Orange Child Support Services, all contractors are required to provide the following information as listed on the attached form: • If the Contractor is an individual contractor: Name, date of birth, social security number, and residence address. • If Contractor is doing business in a form other than as an individual: Name, date of birth, social security number, and residence address of each individual who owns an interest of ten
Vendor Deliverables. A. All deliverables shall meet the following criteria:
1. All written deliverables shall be phrased in terms and language that can be easily understood by non- technical personnel (e.g., laypersons without subject matter expertise).
2. All document deliverables shall be in formats (hard copy and electronic) specified by TxDOT. At a minimum, the formats shall be in industry-accepted standards (e.g., MS Word, MS PowerPoint, and MS Project).
3. All deliverables shall have acceptance criteria established by TxDOT and a time period for testing or acceptance.
4. Each deliverable is to be delivered on or before its due date. Any changes to the delivery date must have prior approval (in writing) by TxDOT. If the deliverable cannot be provided within the scheduled time frame, Consultant shall contact the TxDOT POC in writing with a reason for the delay and the proposed revised schedule. The request for a revised schedule shall include the impact on related tasks and the overall project.
5. For the Phase 1 Deliverables, TxDOT will complete a review of each submitted deliverable within 5 business days from the date of receipt; any deliverable that has not been accepted or rejected within 5 business days after receipt of the deliverable by TxDOT shall be deemed accepted. For the Phase 2 Deliverables, TxDOT will complete a review of each submitted deliverable within 15 business days from the date of receipt; any deliverable that has not been accepted or rejected within 15 business days after receipt of the deliverable by TxDOT shall be deemed accepted.
6. Written acceptance or rejection of a deliverable shall be accompanied by a statement of known defects in the deliverable. If a deliverable is rejected, Consultant shall correct and resubmit it within 5 business days.
7. Written acceptance or rejection of a deliverable shall be effective when it is posted in the mail, faxed, or sent electronically to Consultant.
8. After every deliverable has been accepted or deemed accepted by TxDOT, Consultant may submit its invoice for that deliverable. TxDOT shall pay the invoice within the limits established by state law.
B. Consultant shall submit the following deliverables for each phase of the project:
Vendor Deliverables. County of Orange Page 40 of 53 MA-042-19011809 Health Care Agency File Folder No. C018820 This document provides a high-level overview of application security related guidelines and requirements set forth by the Orange County Health Care Agency (OCHCA), and applies to both software vendors for County-implemented applications and application service providers who provide hosted services. These requirements and guidelines are consistent with regulatory privacy and security requirements and guidelines as well as supportive of OCHCA’s position and practices on risk management in terms of appropriately safeguarding OCHCA’s information assets. The sections below are comprehensive and may apply in whole or in part based on specific implementation and scope of work. The expectation is that vendors will comply with relevant sections, as necessary. This information will be reviewed, validated and documented by OCHCA Security prior to any contract being finalized. Vendors are required to comply with all existing legal and regulatory requirements as they relate to OCHCA’s systems and data. Example of regulations, rules and laws include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), Senate Bill 1386, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx- Xxxxx (SOX). Vendors must also commit to ensuring compliance with all future local, state and federal laws and regulations related to privacy and security as they pertain to the application or service.
Vendor Deliverables. DocuSign Envelope ID: 2464DB96-258B-4365-A0E3-C78AF6EEDFF7
Vendor Deliverables. The following items are to be provided by the vendor:
A. OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire
B. Business Continuity Plan Summary (as related to service provided)
C. SSAE 18 SOC 2 Type 2 or SOC 3 compliance certificate for its hosting environment. Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data IT Security Staff Usage Policy County of Orange, Health Care Agency Software Maint. & Data Hosting Services Page 49 of 50 Data Management Security Policy Security Incident Notification and Management Process Security Contact Identification (24x7x365)
D. Staff Related Items
Vendor Deliverables. The following items are to be provided by the vendor: ▪ OCHCA Security Requirements and Guidelines for Application Vendors and Application Service Providers - Questionnaire ▪ SOC 2 Type 2 report ▪ Network Diagram that demonstrates vendor network and application segmentation including the security controls in place to protect HCA data This Addendum is an attachment to Contract No. MA-25010023 for Vital Records Management System between Tyler Technologies, Inc. and Orange County Health Care Agency.
