Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 14 contracts
Samples: Iconnect Consulting, The Urban Institute, Regional Cooperative Agreement
Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 10 contracts
Samples: Consent Agreement, To Agreement, To Agreement
Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) calendar or business days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 9 contracts
Samples: Agreement for Provision, Anne Sippi Clinic Treatment, Referenced Contract
Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which that determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 3 contracts
Samples: cams.ocgov.com, cams.ocgov.com, cams.ocgov.com
Patch Management. All workstations, laptops and other systems that process and/or store 4 PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits 5 on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk 6 assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 7 thirty (30) days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Samples: Master Agreement
Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits 16 on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There 17 must be a documented patch management process which that determines installation timeframe based on risk 18 assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched due to operational reasons 19 must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Samples: cams.ocgov.com
Patch Management. All workstations, laptops and other systems that process and/or store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory havecompensatory controls implemented to minimize risk, where possible.
Appears in 1 contract