Common use of Noncompliance and Applicability Clause in Contracts

Noncompliance and Applicability. The Web-broker must develop a corrective action plan to mitigate any security and privacy risks if the SPA identifies a deficiency in the Web-broker’s security and privacy controls as documented in a Plan of Action & Milestones (PO&M). Alternatively, the Web-broker may document why it believes a critical control is not applicable to its system or circumstances. The SPA results do not alter this Agreement, including any penalties for non-compliance. If the Web-broker’s SPA includes findings suggesting significant security or privacy risks, and the Web-broker does not commence development and implementation of a corrective action plan to the reasonable satisfaction of CMS, a comprehensive audit may be initiated by CMS, and/or this Agreement may be terminated for cause. In addition, CMS may delay providing final approval or may withdraw prior approval of Web-broker’s DE Environment if the Web-broker does not address to the reasonable satisfaction of CMS the findings suggesting significant security or privacy risks. 10F