Common use of Oversight of Security Compliance Clause in Contracts

Oversight of Security Compliance. (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor’s operations and the nature and scope of its activities. (B) Upon the County’s written request, to confirm the Contractor’s compliance with this Exhibit E, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County’s election, a third party on the County’s behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor’s physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County’s behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor’s information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit E. (C) The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit E. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons or amending any written agreements to provide same.

Oversight of Security Compliance. (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor’s operations and the nature and scope of its activities. (B) Upon the County’s prior written requestrequest with at least 30 days notice, to confirm the Contractor’s compliance with this Exhibit E, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County’s election, a third party on the County’s behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor’s physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully reasonably cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County’s behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor’s information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit E. (C) E. Notwithstanding the foregoing, Contractor, in its reasonable discretion may refuse to allow access to certain environments during an assessment, audit, or examination if in the Contractor’s sole discretion, it will present a security risk to Contractor. The Contractor shall ensure that all Authorized Persons who Use use Personal Information agree to the same restrictions and conditions in this Exhibit E. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons Persons, or amending any written agreements to provide same.