Common use of Security Compliance Clause in Contracts

Security Compliance. Supplier agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a successor URL(s), as are pertinent to Supplier's operation. Supplier further agrees to comply with all provisions of the relevant Authorized User’s then-current security procedures as are pertinent to Supplier’s operation and which have been supplied to Supplier by such Authorized User. Supplier shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier or an employee or agent of Supplier shall constitute a breach of its obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier Contractor agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a any successor URL(s), as are pertinent to SupplierContractor's operation. Supplier Contractor further agrees to comply with all provisions of the relevant Authorized User’s then-then current security procedures as are pertinent to SupplierContractor’s operation and which have been supplied to Supplier Contractor by such Authorized User. Supplier Contractor shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of SupplierContractor’s employees or agents. Supplier Contractor may, at any time, be required to execute and complete, for each individual Supplier Contractor employee or agent, additional forms which may include non-disclosure agreements to be signed by SupplierContractor’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier Contractor or an employee or agent of Supplier Contractor shall constitute a breach of its obligations under this Section and the Contract. Supplier Contractor shall immediately notify VITA DGS and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 18.2-186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA DGS or Authorized User to SupplierContractor. Supplier Contractor shall provide VITA DGS the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/policy--governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized User’s DMAS’ then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized UserDMAS. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized UserDMAS within 24 hours of discovery of, if applicableor when Supplier should have discovered, any breach of any Breach of Unencrypted “unencrypted” and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by DMAS. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA DMAS the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized UserDMAS, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized UserDMAS, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. DMAS reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, DMAS will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by DMAS, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) DBHDS and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it- governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized User’s then-'s then- current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such the Authorized User. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA DBHDS and any affected Authorized UserUser within 24 hours of discovery of, if applicableor when Supplier should have discovered, any breach of any Breach of Unencrypted “unencrypted” and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by DBHDS or an Authorized User. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA DBHDS and any affected Authorized User the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized UserDBHDS, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized UserDBHDS, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. DBHDS reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, DBHDS will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by DBHDS, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. ‌ Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it-governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized User’s 's then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such the Authorized User. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA and any affected Authorized UserUser within 24 hours of discovery of, if applicableor when Supplier should have discovered, any breach of any Breach of Unencrypted “unencrypted” and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying information, such as insurance data or date of birth, information provided to the Supplier by VITA or an Authorized User to SupplierUser. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. VITA reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VITA will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VITA, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. Supplier agrees to shall comply with all provisions of the then-current Commonwealth of Virginia security procedurespolicies, standards, and guidelines published by the Virginia Information Technologies Agency (VITA) VITA and which may be found at (at: ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/it-governance/default.aspx?id=537#securityPSGs) itrm-policies-standards/, or a any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier further agrees to shall comply with all applicable provisions of the relevant Authorized UserVADOC’s then-current security procedures as are pertinent to Supplier’s 's operation and which that have been supplied provided to Supplier by such Authorized Userthe VADOC. Supplier shall also comply with all applicable federal, state state, and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or Personal information personal information, by the Supplier or an employee or agent of Supplier shall constitute Personnel constitutes a breach of its Supplier’s obligations under this Section and the Contract. Supplier shall immediately notify VITA VADOC within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information“unredacted” personal information, as those terms are defined in Virginia Code 18.2- § 18.2-186.6, and other confidential or personal identifying informationinformation provided to the Supplier by VADOC. To the extent permitted by law, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA VADOC the opportunity to participate in the investigation of the Breach breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, to Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the extent permitted then-current standards set forth by lawthe American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized UserVADOC, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessmentsClaims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized UserVADOC, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Sectionsection. VADOC reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VADOC will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VADOC, Supplier shall implement any reasonably required safeguards as identified by any program audit.

Security Compliance. Supplier agrees to comply with all provisions of the then-current Commonwealth of Virginia security procedures, published by the Virginia Information Technologies Agency (VITA) and which may be found at (▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/library/default.aspx?id=537#securityPSGs) or a successor URL(s), as are pertinent to Supplier's operation. Supplier further agrees to comply with all provisions of the relevant Authorized User’s then-current security procedures as are pertinent to Supplier’s operation and which have been supplied to Supplier by such Authorized User. Supplier shall also comply with all applicable federal, state and local laws and regulations. For any individual Authorized User location, security procedures may include but not be limited to: background checks, records verification, photographing, and fingerprinting of Supplier’s employees or agents. Supplier may, at any time, be required to execute and complete, for each individual Supplier employee or agent, additional forms which may include non-disclosure agreements to be signed by Supplier’s employees or agents acknowledging that all Authorized User information with which such employees and agents come into contact while at the Authorized User site is confidential and proprietary. Any unauthorized release of proprietary or Personal information by the Supplier or an employee or agent of Supplier shall constitute a breach of its obligations under this Section and the Contract. Supplier shall immediately notify VITA and Authorized User, if applicable, of any Breach of Unencrypted and Unredacted Personal Information, as those terms are defined in Virginia Code 18.2- 18.2-186.6, and other personal identifying information, such as insurance data or date of birth, provided by VITA or Authorized User to Supplier. Supplier shall provide VITA the opportunity to participate in the investigation of the Breach and to exercise control over reporting the unauthorized disclosure, to the extent permitted by law. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, the Authorized User, their officers, directors, employees and agents harmless from and against any and all fines, penalties (whether criminal or civil), judgments, damages and assessments, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, the Authorized User, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this Section.