Contractor security deliverables Clause Samples

Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance: 1. IT Security Plan (IT-SP) – due within 30 days after contract award. The IT-SP shall be consistent with, and further detail the approach to, IT security contained in the Contractor's bid or proposal that resulted in the award of this contract. The IT-SP shall describe the processes and procedures that the Contractor will follow to ensure appropriate security of IT resources that are developed, processed, or used under this contract. If the IT-SP only applies to a portion of the contract, the Contractor shall specify those parts of the contract to which the IT-SP applies. a. The Contractor's IT-SP shall comply with applicable Federal laws that include, but are not limited to, the Federal Information Security Management Act (FISMA) of 2002 (Title III of the E-Government Act of 2002, Public Law 107-347), and the following Federal and HHS policies and procedures: i. Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automation Information Resources. ii. National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Systems, in form and content, and with any pertinent contract Statement of Work/Performance Work Statement (SOW/PWS) requirements. The IT-SP shall identify and document appropriate IT security controls consistent with the sensitivity of the information and the requirements of Federal Information Processing Standard (FIPS) 200, Recommend Security Controls for Federal Information Systems. The Contractor shall review and update the IT-SP in accordance with NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. iii. HHS-OCIO Information Systems Security and Privacy Policy. 2. IT Risk Assessment (IT-RA) – due within 30 days after contract award. The IT- RA shall be consistent, in form and content, with NIST SP 800-30, Risk Management Guide for Information Technology Systems, and any additions or augmentations described in the HHS-OCIO Information Systems Security and Privacy Policy. After resolution of any comments provided by the Government on the draft IT-RA, the Contracting Officer shall accept the IT-RA and incorporate the Contractor's final version into...
View SourceView Similar (20)
Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance:
View Source
Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance: 1. IT Security Plan (IT-SP) – due within 30 days after contract award. The IT-SP shall be consistent with, and further detail the approach to, IT security contained in the Contractor's bid or proposal that resulted in the award of this contract. The IT-SP shall describe the processes and procedures that the Contractor will follow to ensure appropriate security of IT resources that are developed, processed, or used under this contract. If the IT-SP only applies to a portion of the contract, the Contractor shall specify those parts of the contract to which the IT-SP applies. a. The Contractor's IT-SP shall comply with applicable Federal laws that include, but are not limited to, the Federal Information Security Management Act (FISMA) of 2002 (Title III of the E-Government Act of 2002, Public Law 107-347), and the following Federal and HHS policies and procedures:
View Source

Related to Contractor security deliverables

  • Contractor Security Clearance Customers may designate certain duties and/or positions as positions of “special trust” because they involve special trust responsibilities, are located in sensitive locations, or have key capabilities with access to sensitive or confidential information. The designation of a special trust position or duties is at the sole discretion of the Customer. Contractor or Contractor’s employees and Staff who, in the performance of this Contract, will be assigned to work in positions determined by the Customer to be positions of special trust, may be required to submit to background screening and be approved by the Customer to work on this Contract.

  • Contractor Certification for Contractor Employees Introduction Texas Education Code Chapter 22 requires entities that contract with school districts to provide services to obtain criminal history record information regarding covered employees. Contractors must certify to the district that they have complied. Covered employees with disqualifying criminal histories are prohibited from serving at a school district. Definitions: Covered employees: Employees of a contractor or subcontractor who have or will have continuing duties related to the service to be performed at the District and have or will have direct contact with students. The District will be the final arbiter of what constitutes direct contact with students. Disqualifying criminal history: Any conviction or other criminal history information designated by the District, or one of the following offenses, if at the time of the offense, the victim was under 18 or enrolled in a public school: (a) a felony offense under Title 5, Texas Penal Code; (b) an offense for which a defendant is required to register as a sex offender under Chapter 62, Texas Code of Criminal Procedure; or (c) an equivalent offense under federal law or the laws of another state. I certify that: NONE (Section A) of the employees of Contractor and any subcontractors are covered employees, as defined above. If this box is checked, I further certify that Contractor has taken precautions or imposed conditions to ensure that the employees of Contractor and any subcontractor will not become covered employees. Contractor will maintain these precautions or conditions throughout the time the contracted services are provided. OR SOME (Section B) or all of the employees of Contractor and any subcontractor are covered employees. If this box is checked, I further certify that: (1) Contractor has obtained all required criminal history record information regarding its covered employees. None of the covered employees has a disqualifying criminal history.

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.

  • SERVICES & DELIVERABLES Seller agrees to perform the services ("Services") and/or provide the goods ("Goods", which term shall include goods provided as part of any Services), described in any PO, in accordance with the applicable PO and with this Agreement. Acceptance of a PO and this Agreement shall occur (i) within five (5) days of receipt by the Seller; or, (ii) upon shipment of Goods; or, (iii) upon commencement of a Service, (whichever is the earlier). Seller shall be bound by the provisions of this Agreement, including all provisions set forth on the face of any applicable PO, whether Seller acknowledges or otherwise signs this Agreement or the PO, unless Seller objects to such terms in writing within five (5) days of receiving the Agreement and/or the PO, prior to shipping Goods or prior to commencing Services. This writing does not constitute a firm offer and may be revoked at any time prior to acceptance. This Agreement may not be added to, modified, superseded, or otherwise altered, except by a writing signed by an authorized Apple representative and specifically stated to be an amendment of this Agreement. Any terms or conditions contained in any acknowledgment, invoice, or other communication of Seller which are inconsistent with the terms and conditions of this Agreement, are hereby rejected. To the extent that this Agreement might be treated as an acceptance of Seller's prior offer, such acceptance is expressly made on condition of assent by Seller to the terms hereof and shipment of the Goods or beginning performance of any Services by Seller shall constitute such acceptance. Apple hereby reserves the right to reschedule any delivery or cancel any PO issued at any time prior to shipment of the Goods or prior to commencement of any Services. Apple shall not be subject to any charges or other fees as a result of such cancellation.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.