Common use of ACKNOWLEDGE Clause in Contracts

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSES

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. STATE OF CALIFORNIA CALIFORNIA DEPARTMENT OF AGING INFORMATION INTEGRITY AND SECURITY STATEMENT CDA 1024 (REV 03/2020) CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxx Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date HICAP HI-2425-31 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) Merced County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxx Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSES

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. STATE OF CALIFORNIA CALIFORNIA DEPARTMENT OF AGING INFORMATION INTEGRITY AND SECURITY STATEMENT CDA 1024 (REV 03/2020) CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. XxxxxxxxXxxxxxx, Board ChairXx., Merced County Chairman of the Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date MSSP MS-2223-28 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 STATE OF CALIFORNIA CALIFORNIA DEPARTMENT OF AGING CALIFORNIA CIVIL RIGHTS LAWS CERTIFICATION ICDA 9026 (NEW 04/2018) Pursuant to Public Contract Code section 2010, a person that submits a bid or proposal to, or otherwise proposes to enter into or renew a contract with, a state agency with respect to any contract in the official named belowamount of $100,000 or above shall certify, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind under penalty of perjury, at the prospective Contractor to time the clause(s) listed below. This certification bid or proposal is made under submitted or the laws contract is renewed, all of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESfollowing:

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date Modernizing Older Californians Nutrition NM-2324-31 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) Merced County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESMerced

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 STATE OF CALIFORNIA CALIFORNIA DEPARTMENT OF AGING CALIFORNIA CIVIL RIGHTS LAWS CERTIFICATION ICDA 9026 (NEW 04/2018) Pursuant to Public Contract Code section 2010, a person that submits a bid or proposal to, or otherwise proposes to enter into or renew a contract with, a state agency with respect to any contract in the official named belowamount of $100,000 or above shall certify, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind under penalty of perjury, at the prospective Contractor to time the clause(s) listed below. This certification bid or proposal is made under submitted or the laws contract is renewed, all of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESfollowing:

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. XxxxxxxxXxxxxxx, Board Chair, Merced County Xx.; Chairman of the Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESDate

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date MIPPA MI-2324-31 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) Merced County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Chair Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESMerced

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. XxxxxxxxXxxxxxx, Board ChairXx., Merced County Chairman Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 STATE OF CALIFORNIA CALIFORNIA DEPARTMENT OF AGING CALIFORNIA CIVIL RIGHTS LAWS CERTIFICATION ICDA 9026 (NEW 04/2018) Pursuant to Public Contract Code section 2010, a person that submits a bid or proposal to, or otherwise proposes to enter into or renew a contract with, a state agency with respect to any contract in the official named belowamount of $100,000 or above shall certify, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind under penalty of perjury, at the prospective Contractor to time the clause(s) listed below. This certification bid or proposal is made under submitted or the laws contract is renewed, all of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESfollowing:

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date Area Plan AP-2324-31 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) Merced County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESMerced

ACKNOWLEDGE. Any wrongful access, inspection, use, or disclosure of Personal, Confidential or Sensitive Information (PSCI) is a crime and is prohibited under state and federal laws, including but not limited to California Penal Code Section 502, California Government Code Section 15619, California Civil Code Section 1798.53 and 1798.55, and the Health Insurance Portability and Accountability Act. Acknowledge. • Any wrongful access, inspection, use, disclosure, or modification of PSCI information may result in termination of this Contract/Agreement. MEET THE FOLLOWING REQUIREMENTS: • PSCI information shall be protected from disclosure in accordance with all applicable laws, regulations, and policies. • PSCI data be protected by authorized access using the principles of least privilege. • Any occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies will immediately be reported to CDA by completing a Security Incident Report CDA (1025A and 1025B). • All access codes which allow access to confidential information will be properly safeguarded. • Obligations to protect PSCI information obtained under this Contract/Agreement will continue after termination of the Contract/Agreement with CDA. • All employees/subcontractors of the Contractor/Vendor will complete the required Security Awareness Training module located at xxxxx://xxxxx.xx.xxx/Information_security/ within 30 days of the start date of the Contract/Agreement or within 30 days of the start date of any new employee or subcontractor. This training must be completed annually. • All employees/subcontractors of the Contractor/Vendor must comply with CDA’s confidentiality and data security requirements as outlined in the Contract/Agreement. • All employees/subcontractors of the Contract/Vendor must comply with the Appendix D, section XVIII encryption and self-certification requirements as outlined in the contract. CERTIFY: To protect PSCI information by: • Accessing, inspecting, using, disclosing or modifying PSCI information only for the purpose of performing official duties. • Never accessing, inspecting, using, disclosing, or modifying PSCI information for curiosity, personal gain, or any non-business-related reason. • Securing PSCI information in approved locations. • Never removing PSCI information from the work site without authorization. Meets the encryption requirements in Exhibit D Article 18: ✔ Is in full compliance with the 128 Encryption requirements. Is not in compliance with the 128 Encryption requirements and will achieve compliance by . I hereby certify that I have reviewed this Confidentiality Statement and will comply with the above statements. Xxxxx X. XxxxxxxxXxxxxxxx , Board Chair, Merced County Board of Supervisors Contractor/Vendor Printed Name and Title Contractor/Vendor Signature Date Public Health Workforce Program PH-2223-31 CDA Program/Project Contract Number Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) County of Merced Federal ID Number 00-0000000 By (Authorized Signature) Printed Name and Title of Person Signing Xxxxx X. Xxxxxxxx, Board Chair, Merced County Board of Supervisors Date Executed Executed in the County of Merced CONTRACTOR CERTIFICATION CLAUSESMerced