Common use of Contractors of Electronic Information Exchange Partners Clause in Contracts

Contractors of Electronic Information Exchange Partners. (The Privacy Act of 1974, E-Government Act of 2002 (P.L. 107-347), and Risk Assessment (RA), System and Services Acquisition (SA), Awareness and Training (AT), Personnel Security (PS), and Program Management (PM) Families, NIST SP 800-53 rev. 4) The state agency’s employees, contractors, and agents who access, use, or disclose SSA data in a manner or purpose not authorized by the Agreement may be subject to both civil and criminal sanctions pursuant to applicable Federal statutes. The state agency will provide its contractors and agents with copies of the Agreement, related IEAs, and all related attachments before initial disclosure of SSA data to such contractors and agents. Prior to signing the Agreement, and thereafter at SSA’s request, the state agency will obtain from its contractors and agents a current list of the employees of such contractors and agents with access to SSA data and provide such lists to SSA. Contractors of the state agency must adhere to the same security requirements as employees of the state agency. The state agency is responsible for the oversight of its contractors and the contractor’s compliance with the security requirements. The state agency must enter into a written agreement with each of its contractors and agents who need SSA data to perform their official duties. Such contractors or agents agree to abide by all relevant Federal laws, restrictions on access, use, disclosure, and the security requirements contained within the state agency’s agreement with SSA. The state agency must provide proof of the contractual agreement with all contractors and agents who encounter SSA-provided information as part of their duties. If the contractor processes, handles, or transmits information provided to the state agency by SSA or has authority to perform on the state agency’s behalf, the state agency should clearly state the specific roles and functions of the contractor within the agreement. The state agency will provide SSA written certification that the contractor is meeting the terms of the agreement, including SSA security requirements. The service level agreements with the contractors and agents must contain non-disclosure language as it pertains to SSA-provided information. The state agency must also require that contractors and agents who will process, handle, or transmit information provided to the state agency by SSA to include language in their signed agreement that obligates the contractor to follow the terms of the state agency’s data exchange agreement with SSA. The state agency must also make certain that the contractor and agent’s employees receive the same security awareness training as the state agency’s employees. The state agency, the contractor, and the agent should maintain awareness- training records for their employees and require the same mandatory annual certification procedures. SSA requires the state agency to subject the contractor to ongoing security compliance reviews that must meet SSA standards. The state agency will conduct compliance reviews at least triennially commencing no later than three

Contractors of Electronic Information Exchange Partners. ( As previously stated in The Privacy Act General Systems Security Standards, contractors of 1974the EIEP must adhere to the same security requirements as employees of the EIEP. The EIEP is responsible for the oversight of its contractors and the contractor’s compliance with the security requirements. The EIEP will enter into a written agreement with each of its contractors and agents who need SSA data to perform their official duties, E-Government Act of 2002 (P.L. 107-347)whereby such contractors or agents agree to abide by all relevant Federal laws, restrictions on access, use, disclosure, and Risk Assessment (RA), System and Services Acquisition (SA), Awareness and Training (AT), Personnel Security (PS), and Program Management (PM) Families, NIST SP 800-53 revthe security requirements in this Agreement. 4) The state agencyEIEP’s employees, contractors, and agents who access, use, or disclose SSA data in a manner or purpose not authorized by the this Agreement may be subject to both civil and criminal sanctions pursuant to applicable Federal statutes. The state agency EIEP will provide its contractors and agents with copies of the this Agreement, related IEAs, and all related attachments before initial disclosure of SSA data to such contractors and agents. Prior to signing the this Agreement, and thereafter at SSA’s request, the state agency EIEP will obtain from its contractors and agents a current list of the employees of such contractors and agents with access to SSA data and provide such lists to SSA. Contractors of the state agency The EIEP must adhere be able to the same security requirements as employees of the state agency. The state agency is responsible for the oversight of its contractors and the contractor’s compliance with the security requirements. The state agency must enter into a written agreement with each of its contractors and agents who need SSA data to perform their official duties. Such contractors or agents agree to abide by all relevant Federal laws, restrictions on access, use, disclosure, and the security requirements contained within the state agency’s agreement with SSA. The state agency must provide proof of the contractual agreement with all contractors and agents who encounter SSA-provided information as part of their duties. If the contractor processes, handles, or transmits information provided to the state agency EIEP by SSA or has authority to perform on the state agencyEIEP’s behalf, the state agency EIEP should clearly state the specific roles and functions of the contractor within the agreementcontractor. The state agency EIEP will provide SSA written certification that the contractor is meeting the terms of the agreement, including SSA security requirements. The service level agreements with the contractors and agents must contain non-disclosure language as it pertains certification will be subject to SSA-provided our final approval before redisclosing our information. The state agency EIEP must also require that contractors and agents who will process, handle, or transmit information provided to the state agency EIEP by SSA to include language in their signed sign an agreement with the EIEP that obligates the contractor to follow the terms of the state agencyEIEP’s data exchange agreement with SSA. The state agency EIEP or the contractor must also provide a copy of the data exchange agreement to each of the contractor’s employees before disclosing data and make certain that the contractor and agentcontractor’s employees receive the same security awareness training as the state agencyEIEP’s employees. The state agency, the contractor, and the agent EIEP should maintain awareness- awareness-training records for their the contractor’s employees and require the same mandatory annual certification procedures. SSA requires The EIEP will be required to conduct the state agency to review of contractors and is responsible for ensuring compliance of its contractors with security and privacy requirements and limitations. As such, the EIEP will subject the contractor to ongoing security compliance reviews that must meet SSA standards. The state agency EIEP will conduct compliance reviews at least triennially commencing no later than threethree (3) years after the approved initial security certification to SSA; and must provide SSA with written documentation of recurring compliance reviews, with the contractor, subject to our approval. If the EIEP’s contractor will be involved with the processing, handling, or transmission of information provided to the EIEP by SSA offsite from the EIEP, the EIEP must have the contractual option to perform onsite reviews of that offsite facility to ensure that the following meet SSA’s requirements: o safeguards for sensitive information o computer system safeguards o security controls and measures to prevent, detect, and resolve unauthorized access to, use of, and redisclosure of SSA-provided information o continuous monitoring of the EIEP contractors’ network infrastructures and assets

Contractors of Electronic Information Exchange Partners. (As previously stated in The Privacy Act General Systems Security Standards, contractors of 1974the EIEP must adhere to the same security requirements as employees of the EIEP. The EIEP is responsible for the oversight of its contractors and the contractor’s compliance with the security requirements. The EIEP will enter into a written agreement with each of its contractors and agents who need SSA data to perform their official duties, E-Government Act of 2002 (P.L. 107-347)whereby such contractors or agents agree to abide by all relevant Federal laws, restrictions on access, use, disclosure, and Risk Assessment (RA), System and Services Acquisition (SA), Awareness and Training (AT), Personnel Security (PS), and Program Management (PM) Families, NIST SP 800-53 revthe security requirements in this Agreement. 4) The state agencyEIEP’s employees, contractors, and agents who access, use, or disclose SSA data in a manner or purpose not authorized by the this Agreement may be subject to both civil and criminal sanctions pursuant to applicable Federal statutes. The state agency EIEP will provide its contractors and agents with copies of the this Agreement, related IEAs, and all related attachments before initial disclosure of SSA data to such contractors and agents. Prior to signing the this Agreement, and thereafter at SSA’s request, the state agency EIEP will obtain from its contractors and agents a current list of the employees of such contractors and agents with access to SSA data and provide such lists to SSA. Contractors of the state agency The EIEP must adhere be able to the same security requirements as employees of the state agency. The state agency is responsible for the oversight of its contractors and the contractor’s compliance with the security requirements. The state agency must enter into a written agreement with each of its contractors and agents who need SSA data to perform their official duties. Such contractors or agents agree to abide by all relevant Federal laws, restrictions on access, use, disclosure, and the security requirements contained within the state agency’s agreement with SSA. The state agency must provide proof of the contractual agreement with all contractors and agents who encounter SSA-provided information as part of their duties. If the contractor processes, handles, or transmits information provided to the state agency EIEP by SSA or has authority to perform on the state agencyEIEP’s behalf, the state agency EIEP should clearly state the specific roles and functions of the contractor within the agreementcontractor. The state agency EIEP will provide SSA written certification that the contractor is meeting the terms of the agreement, including SSA security requirements. The service level agreements with the contractors and agents must contain non-disclosure language as it pertains certification will be subject to SSA-provided our final approval before redisclosing our information. The state agency EIEP must also require that contractors and agents who will process, handle, or transmit information provided to the state agency EIEP by SSA to include language in their signed sign an agreement with the EIEP that obligates the contractor to follow the terms of the state agencyEIEP’s data exchange agreement with SSA. The state agency EIEP or the contractor must also provide a copy of the data exchange agreement to each of the contractor’s employees before disclosing data and make certain that the contractor and agentcontractor’s employees receive the same security awareness training as the state agencyEIEP’s employees. The state agency, the contractor, and the agent EIEP should maintain awareness- awareness-training records for their the contractor’s employees and require the same mandatory annual certification procedures. SSA requires The EIEP will be required to conduct the state agency to review of contractors and is responsible for ensuring compliance of its contractors with security and privacy requirements and limitations. As such, the EIEP will subject the contractor to ongoing security compliance reviews that must meet SSA standards. The state agency EIEP will conduct compliance reviews at least triennially commencing no later than threethree (3) years after the approved initial security certification to SSA; and must provide SSA with written documentation of recurring compliance reviews, with the contractor, subject to our approval. If the EIEP’s contractor will be involved with the processing, handling, or transmission of information provided to the EIEP by SSA offsite from the EIEP, the EIEP must have the contractual option to perform onsite reviews of that offsite facility to ensure that the following meet SSA’s requirements: o safeguards for sensitive information o computer system safeguards o security controls and measures to prevent, detect, and resolve unauthorized access to, use of, and redisclosure of SSA-provided information o continuous monitoring of the EIEP contractors’ network infrastructures and assets