Common use of Security and Compliance Clause in Contracts

Security and Compliance. ‌ A. Contractor agrees to comply with all provisions of the then-current The State of Maryland security procedures, published by the Maryland Department of information Technology (DoIT) and which may be found at: ▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/support/pages/securitypolicies.aspx or any successor URL(s), as are pertinent to Contractor's operation. Contractor further agrees to comply with all provisions of the relevant Authorized User's then-current security procedures as are pertinent to Contractor's operation and which have been supplied to Contractor by such Authorized User. Contractor shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Contractor Personnel. Contractor may, at any time, be required to execute and complete, for each individual Contractor Personnel, additional forms which may include non-disclosure agreements to be signed by Contractor Personnel acknowledging that all Authorized User information with which such Contractor Personnel come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by Contractor or Contractor Personnel shall constitute a breach of its obligations under this Section and the Contract. Contractor shall immediately notify DGS and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as defined in Md. STATE GOVERNMENT Code ▇▇▇. §§10-1301 to 10-1308, and other personal identifying information, such as insurance data or date of birth, provided by DGS or Authorized User to Contractor. Contractor shall provide DGS the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Contractor shall indemnify, defend, and hold the State, DGS, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the State, the Authorized User, their officers, directors, agents or employees, on account of the failure of Contractor to perform its obligations pursuant this Section. B. DGS shall have the right to review Contractor’s information security program prior to the commencement of Licensed Services and from time to time during the term of this Contract. During the performance of the Licensed Services, on an ongoing basis from time to time, DGS, at its own expense, shall be entitled to perform, or to have performed, an on-site audit of Contractor's information security program. In lieu of an on-site audit, upon request by DGS, Contractor shall implement any reasonably required safeguards as identified by any program audit.

Security and Compliance. ‌ A. Contractor agrees to comply with all provisions of the then-current The State of Maryland security procedures, published by the Maryland Department of information Technology (DoIT) and which may be found at: ▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/support/pages/securitypolicies.aspx or any successor URL(s), as are pertinent to Contractor's operation. Contractor further agrees to comply with all provisions of the relevant Authorized User's then-current security procedures as are pertinent to Contractor's operation and which have been supplied to Contractor by such Authorized User. Contractor shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Contractor Personnel. Contractor may, at any time, be required to execute and complete, for each individual Contractor Personnel, additional forms which may include non-disclosure agreements to be signed by Contractor Personnel acknowledging that all Authorized User information with which such Contractor Personnel come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by Contractor or Contractor Personnel shall constitute a breach of its obligations under this Section and the Contract. Contractor shall immediately notify DGS and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as defined in Md. STATE GOVERNMENT Code ▇▇▇. §§10-1301 to 10-1308, and other personal identifying information, such as insurance data or date of birth, provided by DGS or Authorized User to Contractor. Contractor shall provide DGS the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Contractor shall indemnify, defend, and hold the State, DGS, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the State, the Authorized User, their officers, directors, agents or employees, on account of the failure of Contractor to perform its obligations pursuant this Section. B. DGS shall have the right to review Contractor’s information security program prior to the commencement of Licensed Services and from time to time during the term of this Contract. During the performance of the Licensed Services, on an ongoing basis from time to time, DGS, at its own expense, shall be entitled to perform, or to have performed, an on-site audit of Contractor's information security program. In lieu of an on-site audit, upon request by DGS, Contractor shall implement any reasonably required safeguards as identified by any program audit.