Common use of Original Language Clause in Contracts

Original Language. The vendor must employ comprehensive risk and threat management controls based on defined industry standards for service organizations such as AICPA TSP section 100, Trust Services Principles and Criteria. The vendor must annually assert compliance and engage a third party to examine such assertions and controls to provide a Report, such as an AT101 SOC 2 type 2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy, which contains an opinion on whether the operating controls effectively support the assertions. All such reports, including publicly available reports (i.e. AT 101 SOC 3) shall be made available to the Commonwealth for review.

Original Language. The vendor must employ comprehensive risk and threat management controls based on defined industry standards for service organizations such as AICPA TSP section 100, Trust Services Principles and Criteria. The vendor must annually assert compliance and engage a third party to examine such assertions and and, controls to provide a Report, such as an AT101 SOC 2 type 2 Report 2, on Controls at a Service Organization Relevant to Security, Availability, Processing Processing, Integrity, Confidentiality, and Privacy, which contains an opinion on whether the operating controls effectively support the assertions. All such reports, including publicly available reports (i.e. AT 101 SOC 3) shall be made available to the Commonwealth for review.