Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data. 2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
Appears in 6 contracts
Sources: Contract, Contract for the Provision of Integrated Job Services, Contract Amendment
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data.
2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies if applicablepolicies. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies policies, if applicable, such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
Appears in 1 contract
Sources: Passenger Loading Bridge and Baggage Handling System Maintenance
Procurement Controls. 2.2.20.1 Breach notification requirements clause to be included in new or renewal contracts (once policy is effective) for systems containing sensitive information. Contractor shall report to the County within 24 hours as defined in this contract when Contractor becomes aware of any suspected data breach of Contractor’s or Sub-Contractor’s systems involving County’s data.
2.2.20.2 Departments shall review all procurements and renewals for software and equipment (hosted/managed by the vendor) that transmits, stores, or processes sensitive information to ensure that vendors and contractors are aware of and are in compliance with County’s cybersecurity policies if applicable. Departments shall obtain documentation supporting the business partners, contractors, consultants, or vendors compliance with County’s cybersecurity policies such as: • SOC 1 Type 2 • SOC 2 Type 2 • Security Certifications (ISO, PCI, etc.) • Penetration Test Results
Appears in 1 contract