Common use of Security Obligations Clause in Contracts

Security Obligations. (a) Network Provider shall identify an appropriately skilled individual to function as its Data Security Officer. This Security Officer shall act as the liaison to ChildNet’s Security Staff and will maintain an appropriate level of data security for the information Network Provider is collecting or using in the performance of this Subcontract. This includes approving and tracking all Network Provider employees that request system or information access and ensuring that user access has been removed from all terminated provider employees. Additionally, Network Provider shall comply with ChildNet’s Policy and Procedures, CN 012-015, Security-User Responsibility, which can be located on ChildNet’s website at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇/portal/375. (b) Network Provider shall furnish Security Awareness Training to all direct care staff and all staff having access to computers or file information on an annual basis. All new staff must complete the training within ten (10) days of hire and subsequently on an annual basis. This training shall be conducted on-line through the Department’s website ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/general-information/dcf-training. Upon completion of the on line training, a certificate will be made available and shall be printed and placed in the employee’s personnel file. (c) Network Provider shall ensure that all Network Provider employees who have access to ChildNet or Department information are provided a copy of CFOP 50-2 which can be located under “Publications” at the Department’s website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/DCFFormsInternet/Search/OpenDCFForm.aspx?FormId =15. The Department’s Security Agreement form (CF114), which is attached hereto as Attachment X must be signed annually and the signed original retained by Network Provider in the employee’s personnel file. (d) Network Provider shall make every effort to protect and avoid unauthorized release of any personal or confidential information by ensuring both data and mobile storage devices are encrypted as prescribed in Chapter 74-2.003, F.A.C., and CFOP 50-2, Chapter 4 to protect all data. If encryption of these devices is not possible, then Network Provider shall ensure that unencrypted personal and confidential data will not be stored on unencrypted storage devices. (e) Network provider agrees to notify the Contract Manager as soon as possible, but no later than (3) business days following the determination of any breach or potential breach of personal and confidential data. Additionally, Network Provider shall provide notice to affected parties no later than 45 days following the determination of any breach of personal or confidential data as provided in Sections 501.171 or 817.568, F.S. Network Provider shall also, at its own cost, implement measures deemed appropriate by ChildNet to avoid or mitigate potential injury to any person due to a breach or potential breach of personal and confidential Client and Department data. (f) Network Provider’s own system and premises shall be subject to inspection at any time to verify compliance with the security of all client and personal and confidential information.

Security Obligations. (a) Network Provider shall identify an appropriately skilled individual to function as its Data Security Officer. This Security Officer shall act as the liaison to ChildNet’s Security Staff and will maintain an appropriate level of data security for the information Network Provider is collecting or using in the performance of this Subcontract. This includes approving and tracking all Network Provider employees that request system or information access and ensuring that user access has been removed from all terminated provider employees. Additionally, Network Provider shall comply with ChildNet’s Policy and Procedures, CN 012-015, Security-User Responsibility, which can be located on ChildNet’s website at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇/portal/375. (b) Network Provider shall furnish Security Awareness Training to all direct care staff and all staff having access to computers or file information on an annual basis. All new staff must complete the training within ten (10) 10 days of hire and subsequently on an annual basis. This training shall be conducted on-on line through the Department’s website ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇▇▇.▇▇.▇/general-information/dcf-training▇/training. Upon completion of the on line training, a certificate will be made available and shall be printed and placed in the employeestaff’s personnel file. (c) Network Provider shall ensure that all Network Provider employees who have access to ChildNet or Department information are provided a copy of CFOP 50-2 which can be located under “Publications” at the Department’s website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇▇/DCFFormsInternet/Search/OpenDCFForm.aspx?FormId =15. The Department’s Security Agreement form (CF114), which is attached hereto as Attachment X must be signed annually and the signed original retained by Network Provider in the employee’s personnel file. (d) Network Provider shall make every effort to protect and avoid unauthorized release of any personal or confidential information by ensuring both data and mobile storage devices are encrypted as prescribed in Chapter 74-2.003, F.A.C., and CFOP 50-2, Chapter 4 to protect all data. If encryption of these devices is not possible, then Network Provider shall ensure that unencrypted personal and confidential data will not be stored on unencrypted storage devices. (e) Network provider agrees to notify the Contract Manager as soon as possible, but no later than (3) business days following the determination of any breach or potential breach of personal and confidential data. Additionally, Network Provider shall provide notice to affected parties no later than 45 days following the determination of any breach of personal or confidential data as provided in Sections 501.171 or 817.568, F.S. Network Provider shall also, at its own cost, implement measures deemed appropriate by ChildNet to avoid or mitigate potential injury to any person due to a breach or potential breach of personal and confidential Client and Department data. (f) Network Provider’s own system and premises shall be subject to inspection at any time to verify compliance with the security of all client and personal and confidential information.

Security Obligations. (a) Network Provider shall identify an appropriately skilled individual to function as its Data Security Officer. This Security Officer shall act as the liaison to ChildNet’s Security Staff and will maintain an appropriate level of data security for the information Network Provider is collecting or using in the performance of this Subcontract. This includes approving and tracking all Network Provider employees that request system or information access and ensuring that user access has been removed from all terminated provider employees. Additionally, Network Provider shall comply with ChildNet’s Policy and Procedures, CN 012-015, Security-User Responsibility, which can be located on ChildNet’s website at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇/portal/375. (b) Network Provider shall furnish Security Awareness Training to all direct care staff and all staff having access to computers or file information on an annual basis. All new staff must complete the training within ten (10) 10 days of hire and subsequently on an annual basis. This training shall be conducted on-on line through the Department’s website ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/general-information/dcf-training. Upon completion of the on line training, a certificate will be made available and shall be printed and placed in the employeestaff’s personnel file. (c) Network Provider shall ensure that all Network Provider employees who have access to ChildNet or Department information are provided a copy of CFOP 50-2 which can be located under “Publications” at the Department’s website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/DCFFormsInternet/Search/OpenDCFForm.aspx?FormId =15. /. The Department’s Security Agreement form (CF114), which is attached hereto as Attachment X VII must be signed annually and the signed original retained by Network Provider in the employee’s personnel file. (d) Network Provider shall make every effort to protect and avoid unauthorized release of any personal or confidential information by ensuring both data and mobile storage devices are encrypted as prescribed in Chapter 74-2.003, F.A.C., and CFOP 50-2, Chapter 4 to protect all data. If encryption of these devices is not possible, then Network Provider shall ensure that unencrypted personal and confidential data will not be stored on unencrypted storage devices. (e) Network provider agrees to notify the Contract Manager as soon as possible, but no later than (3) business days following the determination of any breach or potential breach of personal and confidential data. Additionally, Network Provider shall provide notice to affected parties no later than 45 days following the determination of any breach of personal or confidential data as provided in Sections 501.171 or 817.568s. 817.5681, F.S. Network Provider shall also, at its own cost, implement measures deemed appropriate by ChildNet to avoid or mitigate potential injury to any person due to a breach or potential breach of personal and confidential Client and Department data.F.S. (f) Network Provider’s own system and premises premise shall be subject to inspection at any time to verify compliance with the security of all client and personal and confidential information.

Security Obligations. (a) Network Provider shall identify an appropriately skilled individual to function as its Data Security Officer. This Security Officer shall act as the liaison to ChildNet’s Security Staff and will maintain an appropriate level of data security for the information Network Provider is collecting or using in the performance of this Subcontract. This includes approving and tracking all Network Provider employees that request system or information access and ensuring that user access has been removed from all terminated provider employees. Additionally, Network Provider shall comply with ChildNet’s Policy and Procedures, CN 012-015, Security-User Responsibility, which can be located on ChildNet’s website at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇/portal/375. (b) Network Provider shall furnish Security Awareness Training to all direct care staff and all staff having access to computers or file information on an annual basis. All new staff must complete the training within ten (10) days of hire and subsequently on an annual basis. This training shall be conducted on-line through the Department’s website ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/general-information/dcf-training. Upon completion of the on line training, a certificate will be made available and shall be printed and placed in the employee’s personnel file. (c) Network Provider shall ensure that all Network Provider employees who have access to ChildNet or Department information are provided a copy of CFOP 50-2 which can be located under “Publications” at the Department’s website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/DCFFormsInternet/Search/OpenDCFForm.aspx?FormId =15. The Department’s Security Agreement form (CF114), which is attached hereto as Attachment X must be signed annually and the signed original retained by Network Provider in the employee’s personnel file. (d) Network Provider shall make every effort to protect and avoid unauthorized release of any personal or confidential information by ensuring both data and mobile storage devices are encrypted as prescribed in Chapter 74-2.003, F.A.C., and CFOP 50-2, Chapter 4 to protect all data. If encryption of these devices is not possible, then Network Provider shall ensure that unencrypted personal and confidential data will not be stored on unencrypted storage devices. (e) Network provider agrees to notify the Contract Manager as soon as possible, but no later than (3) business days following the determination of any breach or potential breach of personal and confidential data. Additionally, Network Provider shall provide notice to affected parties no later than 45 days following the determination of any breach of personal or confidential data as provided in Sections 501.171 or 817.568, F.S. Network Provider shall also, at its own cost, implement measures deemed appropriate by ChildNet to avoid or mitigate potential injury to any person due to a breach or potential breach of personal and confidential Client and Department data. (f) Network Provider’s own system and premises shall be subject to inspection at any time to verify compliance with the security of all client and personal and confidential information.