Common use of Application Guidelines and Requirements Clause in Contracts

Application Guidelines and Requirements. 14 1. This Exhibit B provides a high-level overview of the CONTRACTOR guidelines and 15 requirements set forth by ADMINISTRATOR. It is intended to provide Application Service Providers 16 (ASP) with an understanding of ADMINISTRATOR’s expectations in relation to an application’s 17 functionality. Before being considered for deployment into ADMINISTRATOR’s network environment, 18 the proposed application/system will be reviewed by our information security department to ensure that 19 all risks related to the software and its implementation are documented and then acknowledged by the 20 applicable department(s). Be aware that not all of the sections listed below may be applicable to your 21 specific application, but ADMINISTRATOR requires that all potential CONTRACTORs complete a 22 questionnaire to document the application’s functionality or lack thereof in relation to our guidelines and 24 2. Occasionally, ASPs will gain access to ADMINISTRATOR’s data during various phases of 25 the application’s life cycle including the initial setup phase, application maintenance, or providing 26 remote support services. All County data will be considered confidential unless otherwise designated in 27 writing. Furthermore, the CONTRACTOR may not use or disclose ADMINISTRATOR’s data other 28 than as permitted or required by contract or law. The ASP will also be required to agree to use 29 appropriate safeguards to prevent the unauthorized use or disclosure of ADMINISTRATOR’s data 30 during those times which that data is stored or transported by said CONTRACTOR. If COUNTY’s data 31 is temporarily in the possession of the CONTRACTOR during any phase of the application’s life cycle, 32 the CONTRACTOR must agree to return or securely destroy all of that data at the end of the 33 CONTRACTOR’s usage as it is related to an application setup, upgrade, export, decommission, etc. 34 unless otherwise permitted by contract or law. 35 3. Finally, there are strict requirements in relation to the handling of ADMINISTRATOR’s 36 data both within and outside of ADMINISTRATOR’s network. CONTRACTORs are required to 37 comply with all legal and regulatory requirements as they relate to COUNTY’s systems and data. These 1 include, but are not limited to, the HIPAA, SB1386 compliance, Payment Card Industry (PCI) Data 2 Security Standards, and ▇▇▇▇▇▇▇▇-▇▇▇▇▇ (SOX). In the event that ADMINISTRATOR’s data 3 will be stored by the ASP beyond an initial setup phase, the CONTRACTOR may be required to meet 4 further CONTRACTOR Security Requirements as dictated by COUNTY’s Provider IT Security Policy.

Application Guidelines and Requirements. 14 15 1. This Exhibit B D provides a high-level overview of the CONTRACTOR guidelines and 15 16 requirements set forth by ADMINISTRATOR. It is intended to provide Application Service Providers 16 17 (ASP) with an understanding of ADMINISTRATOR’s expectations in relation to an application’s 17 18 functionality. Before being considered for deployment into ADMINISTRATOR’s network 19 environment, 18 the proposed application/system will be reviewed by our information security department 20 to ensure that 19 all risks related to the software and its implementation are documented and then 21 acknowledged by the 20 applicable department(s). Be aware that not all of the sections listed below may be 22 applicable to your 21 specific application, but ADMINISTRATOR requires that all potential 23 CONTRACTORs complete a 22 questionnaire to document the application’s functionality or lack thereof in 24 relation to our guidelines andand requirements upon request. 24 25 2. Occasionally, ASPs will gain access to ADMINISTRATOR’s data during various phases of 25 26 the application’s life cycle including the initial setup phase, application maintenance, or providing 26 27 remote support services. All County data will be considered confidential unless otherwise designated in 27 28 writing. Furthermore, the CONTRACTOR may not use or disclose ADMINISTRATOR’s data other 28 29 than as permitted or required by contract or law. The ASP will also be required to agree to use 29 30 appropriate safeguards to prevent the unauthorized use or disclosure of ADMINISTRATOR’s data 30 31 during those times which that data is stored or transported by said CONTRACTOR. If COUNTY’s data 31 32 is temporarily in the possession of the CONTRACTOR during any phase of the application’s life cycle, 32 33 the CONTRACTOR must agree to return or securely destroy all of that data at the end of the 33 34 CONTRACTOR’s usage as it is related to an application setup, upgrade, export, decommission, etc. 34 35 unless otherwise permitted by contract or law. 35 36 3. Finally, there are strict requirements in relation to the handling of ADMINISTRATOR’s 36 37 data both within and outside of ADMINISTRATOR’s network. CONTRACTORs are required to 37 1 comply with all legal and regulatory requirements as they relate to COUNTY’s systems and data. These 1 2 include, but are not limited to, the HIPAA, SB1386 compliance, Payment Card Industry (PCI) Data 2 3 Security Standards, and ▇▇▇▇▇▇▇▇-▇▇▇▇▇ (SOX). In the event that ADMINISTRATOR’s data 3 will be 4 stored by the ASP beyond an initial setup phase, the CONTRACTOR may be required to meet 4 further 5 CONTRACTOR Security Requirements as dictated by COUNTY’s Provider IT Security Policy.