Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.
Appears in 29 contracts
Samples: Professional Services Contract, Professional Services Agreement, Agreement
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI PSCI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.
Appears in 4 contracts
Samples: Standard Agreement, Standard Agreement Agreement, Standard Agreement
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched within this time frame due to significant operational reasons must have compensatory controls implemented to minimize risk until the patches can be installed. Applications and systems that cannot be patched must have compensatory controls implemented to minimize risk, where possible.
Appears in 3 contracts
Samples: California Mental Health Services, Business Associate Agreement, California Mental Health Services Authority Participation Agreement
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. Applications and systems that cannot be patched due to operational reasons must have compensatory controls implemented to minimize risk, where possible.
Appears in 1 contract
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 thirty (30) days of vendor release.
Appears in 1 contract
Samples: Business Associate Agreement
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI PSCI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.release.β
Appears in 1 contract
Samples: sonomacounty.ca.gov
Patch Management. All workstations, laptops and other systems that process and/or store DHCS PHI or PI Pl must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.
Appears in 1 contract
Samples: Participation Agreement