Common use of INFORMATION SECURITY TRAINING Clause in Contracts

INFORMATION SECURITY TRAINING. The contractor shall comply with the below training: 1. Mandatory Training a. All Contractor employees having access to (1) Federal information or a Federal information system or (2) sensitive data/information, shall complete the NIH Computer Security Awareness Training course at ▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇/ before performing any work under this contract. Thereafter, Contractor employees having access to the information identified above shall complete an annual NIH-specified refresher course during the life of this contract. The Contractor shall also ensure subcontractor compliance with this training requirement. b. The Contractor shall maintain a listing by name and title of each Contractor/Subcontractor employee working on this contract and having access of the kind in paragraph 1.a(1) above, who has completed the NIH required training. Any additional security training completed by the Contractor/Subcontractor staff shall be included on this listing. The list shall be provided to the COR and/or Contracting Officer upon request. 2. Role-based Training HHS requires role-based training when responsibilities associated with a given role or position, could, upon execution, have the potential to adversely impact the security posture of one or more HHS systems. Read further guidance about “NIH Information Security Awareness and Training Policy” at: ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇/InfoSecurity/Policy/Documents/Final- InfoSecAwarenessTrainPol.doc. The Contractor shall maintain a list of all information security training completed by each contractor/subcontractor employee working under this contract. The list shall be provided to the COR and/or Contracting Officer upon request.