Procurement Controls Clause Samples
The Procurement Controls clause establishes the rules and procedures that must be followed when acquiring goods or services under the agreement. It typically outlines requirements such as obtaining competitive bids, adhering to approved vendor lists, or following specific approval processes before making purchases. By setting these standards, the clause ensures transparency, prevents unauthorized spending, and helps maintain compliance with organizational or regulatory procurement policies.
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data.
2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data.
2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts for systems containing sensitive information.
2.2.20.2 Contractor shall report to the County immediately or within 24 hours when contractor becomes aware of any potential or suspected data breach of contractor’s or subcontractor’s systems involving County’s data.
2.2.20.3 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the contractor) that transmits, stores, or processes sensitive information to Docusign Envelope ID: F05240E6-2D08-4CA2-83E0-A38DCDBCDCC1 ensure that contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, or consultants’ compliance with County’s cybersecurity policies such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • FedRAMP certification • Penetration Test Results