Security and System Integrity Requirements Sample Clauses
Security and System Integrity Requirements. All services provided by the Contractor shall be hosted in a manner that the State of Montana has no responsibility for the database or the technical infrastructure and associated processes and procedures. The database must be accessible through the Web and must be secure. The Contractor must prevent unauthorized access to the system. The hosting services description shall document that the system is accessible through a web-enabled personal computer by accessing the Contractor’s computer system(s) via the Internet. All of the personal information shall be kept safe and protected, regardless of its confidentiality. All personal information used by or available to the contractor, its employees, its subcontractors, and the employees of its subcontractors must be kept confidential and shared by no one for any reason. The solution shall provide data integrity, validation and verification. It shall ensure the integrity of the data from the time it leaves the user’s entry point until it is recorded in the database, as well as when the information is provided for reporting and analysis.
Security and System Integrity Requirements. The Contractor agrees to following terms:
3.3.1 Offer this service in such a hosted manner that the State of Montana has no responsibility for the database or the technical infrastructure and associated processes and procedures. The database must be accessible through the Web and must be secure. The Contractor must prevent unauthorized access to the system. The hosting services description shall document that the system is accessible through a web- enabled personal computer by accessing the Contractor’s computer system(s) via the Internet.
3.3.2 Keep and protect all of the personal information, regardless of its confidentiality. All personal information used by or available to the Contractor, its employees, its subcontractors, and the employees of its subcontractors must be kept confidential and shared by no one for any reason.
3.3.3 Ensure the system shall provide data integrity, validation and verification. Contractor shall ensure the integrity of the data from the time it leaves the user’s entry point until it is recorded in the database, as well as when the information is provided for reporting and analysis.
3.3.4 Create and maintain a formal system security plan that: • Is consistent with the State of Montana’s enterprise architecture; • Explicitly defines the authorization boundary for the system; • Describes the operational context of the information system in terms of mission and business processes; • Provides the security categorization of the information system, as established by the State, including supporting rationale; • Describes the operational environment for the informational system and relationships with or connection to other information systems; • Provides an overview of the security requirements for the system; • Identifies any specific statutory and/or regulatory requirements (above and beyond NIST SP 800-53 rev. 4 Moderate Baseline Controls), if applicable; • Describes the security controls in place or planned for meeting those requirements including a rationale for the tailoring and supplementation decisions; • Is provided to the authorizing official or designated representative prior to plan implementation; • Is distributed to appropriate personnel; • Is reviewed at least once every year or whenever changes to the information system/environment of operation occur; and • Is protected from unauthorized disclosure and modification.
3.3.5 Report security incidents that occur on the MDOC information systems that may affect MDOC or the S...