IT Security Compliance and Training. The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. At a minimum, the vendor is expected to: ▪ Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. ▪ Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. ▪ Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County. The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the vendor is expected to: ▪ Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. ▪ Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. ▪ Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. ▪ Document details related to attempted or actual security violations and provide documentation to the County. ▪ Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. 4 1. The vendor must ensure that all vendor employees comply with security policies and 5 procedures and take all reasonable measures to reduce the opportunity for unauthorized access, 6 transmission, modification or misuse of the County’s data by vendor employees.
IT Security Compliance and Training. The Contractor shall ensure that all Contractor employees comply with security policies and procedures and shall take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by Contractor employees. The Contractor shall ensure that all Contractor employees are trained on security measures and practices. The Contractor will assume the cost to provide training. At a minimum, the Contractor is expected to: Ensure that a formal disciplinary process is defined and followed for Contractor employees who violate established security policies and procedures. Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of Contractor employees’ access to systems used to provide services to the County. The Contractor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the Contractor is expected to: Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. Document details related to attempted or actual security violations and provide documentation to the County. Provide necessary documentation and evidence to the County in connection with any legal action or investigation. Ensure that all equipment used to provide services to the County is protected by antivirus software with the latest patches installed Data Privacy Encryption shall be used to protect data whenever technically possible.
IT Security Compliance and Training. The Contractor must ensure that all Contractor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by Contractor employees. The Contractor must ensure that all Contractor employees are trained on security measures and practices. The Contractor will be responsible for any costs related to such training. At a minimum, the Contractor is expected to: ▪ Ensure that a formal disciplinary process is defined and followed for Contractor employees who violate established security policies and procedures. ▪ Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. ▪ Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of Contractor employees’ access to systems used to provide services to the County. The Contractor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the Contractor is expected to: ▪ Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. ▪ Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. ▪ Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. ▪ Document details related to attempted or actual security violations and provide documentation to the County. County of Orange Health Care Agency 44 MA-042-16011679 Environmental Health Data Management System ▪ Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. County of Orange Health Care Agency Page 47 MA-042-17011367 At a minimum, the vendor is expected to: Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County. The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the vendor is expected to: Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. Document details related to attempted or actual security violations and provide documentation to the County. Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. At a minimum, the vendor is expected to: ▪ Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. ▪ Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. ▪ Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County. The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. DocuSign Envelope ID: 32AC7F38-40B4-4FD7-9103-57D01A9AA5C7 At a minimum, the vendor is expected to: ▪ Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. ▪ Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. ▪ Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. ▪ Document details related to attempted or actual security violations and provide documentation to the County. ▪ Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. At a minimum, the vendor is expected to: ▪ Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. ▪ Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. ▪ Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County. The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the vendor is expected to: County of Orange MA-042-20012181 ▪ Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. ▪ Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. ▪ Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. ▪ Document details related to attempted or actual security violations and provide documentation to the County. ▪ Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. County of Orange, Health Care Agency Software Maint. & Data Hosting Services Page 46 of 50 MA-042-21010508 File Folder: C028362 The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. At a minimum, the vendor is expected to:
IT Security Compliance and Training. The Contractor must ensure that all Contractor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unau thorized access, transmission, modification or misuse of the County’s data by Contractor employees. The Contractor must ensure that all Contractor employees are trained on security measures and practices. The Contractor will be responsible for any costs related to such training. At a minimum, the Contractor is expected to: Ensure that a formal disciplinary process is defined and followed for Contractor employees who violate established security policies and procedures. County of Orange Health Care Agency 45 MA-042-16011679 Environmental Health Data Management System Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of Contractor employees’ access to systems used to provide services to the County. The Contractor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the Contractor is expected to: Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. Document details related to attempted or actual security violations and provide documentation to the County. Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
IT Security Compliance and Training. The vendor must ensure that all vendor employees comply with security policies and procedures and take all reasonable measures to reduce the opportunity for unauthorized access, transmission, modification or misuse of the County’s data by vendor employees. The vendor must ensure that all vendor employees are trained on security measures and practices. The vendor will be responsible for any costs related to such training. At a minimum, the vendor is expected to: Ensure that a formal disciplinary process is defined and followed for vendor employees who violate established security policies and procedures. Proactively manage and administer access rights to any equipment, software and systems used to provide services to the County. Define, maintain and monitor access controls, ranging from physical access to logical security access, including a monthly review of vendor employees’ access to systems used to provide services to the County. The vendor shall monitor facilities, systems and equipment to protect against unauthorized access. At a minimum, the vendor is expected to: Monitor access to systems; investigate apparent security violations; and notify the County of suspected violations, including routine reporting on hacking attempts, penetrations and responses. Maintain data access control and auditing software and provide adequate logging, monitoring, and investigation of unusual or suspicious activity. Initiate immediate corrective actions to minimize and prevent the reoccurrence of attempted or actual security violations. Document details related to attempted or actual security violations and provide documentation to the County. Provide necessary documentation and evidence to the County in connection with any legal action or investigation.
