Common use of Security Compliance Clause in Contracts

Security Compliance. Supplier agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a successor URL(s), as are pertinent to Supplier's operation. Supplier further agrees to comply with all provisions of the relevant Authorized User’s then-current security procedures as are pertinent to Supplier’s operation and which have been supplied to Supplier by such Authorized User. Supplier shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier or an employee or agent of Supplier shall constitute a breach of its obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it-governance/default.aspx?id=537#securityPSGs) itrm- policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized UserDMAS’s then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized UserDMAS. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA DMAS within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by DMAS. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA DMAS the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold DMAS, the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from DMAS, the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant to this Sectionsection.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/policy--governance/default.aspx?id=537#securityPSGs) itrm- policies-standards/ or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized UserVDOT’s then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized UserVDOT. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA VDOT within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by VDOT. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA VDOT the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. VDOT reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VDOT will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VDOT, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. ‌ Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it-governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized User’s 's then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such the Authorized User. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA and any affected Authorized UserUser within 24 hours of discovery of, if applicableor when Supplier should have discovered, any breach of any Breach of Unencrypted “unencrypted” and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying information, such as insurance data or date of birth, information provided to the Supplier by VITA or an Authorized User to SupplierUser. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. VITA reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VITA will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VITA, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. Supplier Contractor agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a any successor URL(s), as are pertinent to SupplierContractor's operation. Supplier Contractor further agrees to comply with all provisions of the relevant Authorized User’s then-then current security procedures as are pertinent to SupplierContractor’s operation and which have been supplied to Supplier Contractor by such Authorized User. Supplier Contractor shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of SupplierContractor’s employees or agents. Supplier Contractor may, at any time, be required to execute and complete, for each individual Supplier Contractor employee or agent, additional forms which may include non-disclosure agreements to be signed by SupplierContractor’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier Contractor or an employee or agent of Supplier Contractor shall constitute a breach of its obligations under this Section and the Contract. Supplier Contractor shall immediately notify VITA DGS and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 18.2-186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA DGS or Authorized User to SupplierContractor. Supplier Contractor shall provide VITA DGS the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a successor URL(s), as are pertinent to Supplier's operation. Supplier further agrees to comply with all provisions of the relevant Authorized User’s then-current security procedures as are pertinent to Supplier’s operation and which have been supplied to Supplier by such Authorized User. Supplier shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier or an employee or agent of Supplier shall constitute a breach of its obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 18.2-186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a successor URL(s), as are pertinent to Supplier's operation. Supplier further agrees to comply with all provisions of the relevant Authorized User’s then-current security procedures as are pertinent to Supplier’s operation and which have been supplied to Supplier by such Authorized User. It shall be the responsibility of the Authorized Users, using best efforts, to provide Supplier with updated security procedures after publication. Supplier shall also comply with all applicable federal, state and local laws and regulations. For IBM will conduct background checks on those employees of IBM who provide Services under this Agreement on a full time basis at any individual Authorized User locationof your United States facilities (a "Resident IBM Employee"). Background checks will (a) identify federal and county felony and misdemeanor arrest and convictions, security procedures may including sentences of deferred adjudication; (b) include a search of a national criminal database, (c) include a search of government sanction registries, such as OFAC and (d) and a Social Security Number Death Master Search. The Resident IBM Employee will be asked for their last seven (7) years of addresses. If a Resident IBM Employee is removed or reassigned from any of your United States facilities as a result of information obtained from a background screening, IBM will notify you that such Resident IBM Employee has been removed or reassigned. We will both cooperate reasonably on addressing those issues (if any) created by the removal or reassignment or a request to remove or reassign a Resident IBM Employee, including (by way of illustration but not be limited to: background checks, records verification, photographing, limitation) compliance with applicable law and fingerprinting any impact to IBM's ability to provide the Service as provided in applicable Statements of Supplier’s employees or agentsWork. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include nonNon-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier or an employee or agent of Supplier shall constitute a breach of its obligations under this Section and the this Contract. Supplier shall immediately notify VITA and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/policy--governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized User’s DMAS’ then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized UserDMAS. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized UserDMAS within 24 hours of discovery of, if applicableor when Supplier should have discovered, any breach of any Breach of Unencrypted “unencrypted” and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by DMAS. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA DMAS the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized UserDMAS, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized UserDMAS, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. DMAS reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, DMAS will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by DMAS, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it-governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized UserVADOC’s then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized Userthe VADOC. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA VADOC within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by VADOC. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA VADOC the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized UserVADOC, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized UserVADOC, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. VADOC reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VADOC will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VADOC, Supplier shall implement any reasonably required safeguards as identified by any program audit.