Procurement Controls Clause Samples

The Procurement Controls clause establishes the rules and procedures that must be followed when acquiring goods or services under the agreement. It typically outlines requirements such as obtaining competitive bids, adhering to approved vendor lists, or following specific approval processes before making purchases. By setting these standards, the clause ensures transparency, prevents unauthorized spending, and helps maintain compliance with organizational or regulatory procurement policies.
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data. 2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
View SourceView Similar (8)
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data. 2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
View SourceView Similar (3)
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts for systems containing sensitive information. 2.2.20.2 Contractor shall report to the County immediately or within 24 hours when contractor becomes aware of any potential or suspected data breach of contractor’s or subcontractor’s systems involving County’s data. 2.2.20.3 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the contractor) that transmits, stores, or processes sensitive information to Docusign Envelope ID: F05240E6-2D08-4CA2-83E0-A38DCDBCDCC1 ensure that contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, or consultants’ compliance with County’s cybersecurity policies such as: • SOC 1 Type 2SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • FedRAMP certification • Penetration Test Results
View Source

Related to Procurement Controls

  • Agreement Controls The terms and conditions of this Master Agreement control over the terms and conditions contained in an Approved Service Order – even if the Approved Service Order expressly states that it is intended to control. Any conflicting terms and conditions in an Approved Service Order are invalid and unenforceable.

  • Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Export Controls Both Parties will adhere to all applicable laws, regulations and rules relating to the export of technical data and will not export or re-export any technical data, any products received from the other Party or the direct product of such technical data to any proscribed country listed in such applicable laws, regulations and rules unless properly authorized.

  • Input Control The possibility to subsequently verify and determine whether, and by whom, personal data was entered into, changed or removed from data processing systems must be ensured. • Definition of entry authorisation • Logging of logins

  • Personnel Controls The County agrees to advise Contractor Staff, who have access to PII, of the confidentiality of the information, the safeguards required to protect the information, and the civil and criminal sanctions for non-compliance contained in applicable federal and state laws. For that purpose, the Contractor shall implement the following personnel controls: