{"component": "clause", "props": {"groups": [{"samples": [{"hash": "itu190akRBs", "uri": "/contracts/itu190akRBs#technical-security-controls", "label": "Housing Navigator Services Agreement", "score": 31.3226127625, "published": true}, {"hash": "g3BIkbRnBYJ", "uri": "/contracts/g3BIkbRnBYJ#technical-security-controls", "label": "Agreement for Provision of Recovery Residence Services", "score": 30.5480937958, "published": true}, {"hash": "jZIaBoX0cTt", "uri": "/contracts/jZIaBoX0cTt#technical-security-controls", "label": "Contract for Provision of Mental Health Services", "score": 30.3099422455, "published": true}], "size": 391, "snippet": "35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.", "snippet_links": [{"key": "laptop-encryption", "type": "clause", "offset": [18, 35]}, {"key": "to-contractor", "type": "definition", "offset": [101, 114]}, {"key": "on-behalf-of", "type": "definition", "offset": [172, 184]}, {"key": "approved-by", "type": "clause", "offset": [374, 385]}], "hash": "59ec773f412e61b20464715a54d5eb0a", "id": 1}, {"samples": [{"hash": "kvgENkGYIod", "uri": "/contracts/kvgENkGYIod#technical-security-controls", "label": "Agreement for Provision of Volunteer to Work Project Program Services", "score": 24.2995433807, "published": true}, {"hash": "dsbId5KEjPy", "uri": "/contracts/dsbId5KEjPy#technical-security-controls", "label": "Agreement for Provision of Post Custody Re Entry Services", "score": 24.2986831665, "published": true}, {"hash": "aVMiN2fIInB", "uri": "/contracts/aVMiN2fIInB#technical-security-controls", "label": "Agreement for Provision of Fiscal Intermediary Services", "score": 23.3661022186, "published": true}], "size": 25, "snippet": "35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY", "snippet_links": [{"key": "laptop-encryption", "type": "clause", "offset": [18, 35]}], "hash": "e65c04155f9f394090385639ddaa0703", "id": 2}, {"samples": [{"hash": "6yEvmoaCK6d", "uri": "/contracts/6yEvmoaCK6d#technical-security-controls", "label": "Services Agreement", "score": 35.2509117126, "published": true}, {"hash": "9l4hgcMr1vO", "uri": "/contracts/9l4hgcMr1vO#technical-security-controls", "label": "Master Agreement", "score": 35.2343101501, "published": true}, {"hash": "cF6e19zbd7M", "uri": "/contracts/cF6e19zbd7M#technical-security-controls", "label": "Master Subscription Agreement", "score": 34.5705223083, "published": true}], "size": 10, "snippet": "With respect to KnowBe4 infrastructure that processes, stores, or transmits Customer Confidential Information, KnowBe4 will use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):\na. Network Protection\n(i) Network based firewalls or equivalent\n(ii) Network intrusion detection/protection systems", "snippet_links": [{"key": "with-respect-to", "type": "clause", "offset": [0, 15]}, {"key": "customer-confidential-information", "type": "clause", "offset": [76, 109]}, {"key": "use-the-following", "type": "clause", "offset": [124, 141]}, {"key": "where-applicable", "type": "clause", "offset": [170, 186]}, {"key": "commercially-available", "type": "definition", "offset": [249, 271]}, {"key": "network-protection", "type": "clause", "offset": [277, 295]}, {"key": "or-equivalent", "type": "definition", "offset": [324, 337]}, {"key": "intrusion-detection", "type": "clause", "offset": [351, 370]}], "hash": "d38487de409ffe6c7f8e84f929b78239", "id": 4}, {"samples": [{"hash": "6y0CXgSrZlq", "uri": "/contracts/6y0CXgSrZlq#technical-security-controls", "label": "Security Terms", "score": 27.6652984619, "published": true}, {"hash": "gReRoYMFvmf", "uri": "/contracts/gReRoYMFvmf#technical-security-controls", "label": "Security Terms", "score": 26.8726902008, "published": true}, {"hash": "g5h5xjbo13u", "uri": "/contracts/g5h5xjbo13u#technical-security-controls", "label": "Security Terms", "score": 26.7152633667, "published": true}], "size": 8, "snippet": "With respect to information technology infrastructure, servers, databases, or networks that Process, store, or transmit Data, Supplier shall use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):", "snippet_links": [{"key": "information-technology-infrastructure", "type": "clause", "offset": [16, 53]}, {"key": "supplier-shall", "type": "clause", "offset": [126, 140]}, {"key": "use-the-following", "type": "clause", "offset": [141, 158]}, {"key": "where-applicable", "type": "clause", "offset": [187, 203]}, {"key": "commercially-available", "type": "definition", "offset": [266, 288]}], "hash": "f81bee2202159924c94ca9b51be969a6", "id": 6}, {"samples": [{"hash": "1IKS3tjuvdq", "uri": "/contracts/1IKS3tjuvdq#technical-security-controls", "label": "Corda Enterprise Software Evaluation License Agreement", "score": 24.3908290863, "published": true}, {"hash": "4exUigwhSPt", "uri": "/contracts/4exUigwhSPt#technical-security-controls", "label": "Corda Enterprise Software Evaluation License Agreement", "score": 24.2908973694, "published": true}, {"hash": "T4k49ac6Ev", "uri": "/contracts/T4k49ac6Ev#technical-security-controls", "label": "Corda Enterprise Software Evaluation License Agreement", "score": 23.7200546265, "published": true}], "size": 4, "snippet": "Access Policy", "snippet_links": [{"key": "access-policy", "type": "clause", "offset": [0, 13]}], "hash": "8e2ddf5878aac8b5d22a6acab856040d", "id": 9}, {"samples": [{"hash": "guDtYbXnEJ0", "uri": "/contracts/guDtYbXnEJ0#technical-security-controls", "label": "Contract for Inpatient Mental Health Services for Youth", "score": 31.7764453888, "published": true}, {"hash": "h9tAwspQs5u", "uri": "/contracts/h9tAwspQs5u#technical-security-controls", "label": "Agreement for Provision of Early Intervention Services for Older Adults", "score": 24.2603588104, "published": true}], "size": 13, "snippet": "1 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 2 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 3 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 4 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 5 COUNTY.", "snippet_links": [{"key": "laptop-encryption", "type": "clause", "offset": [17, 34]}, {"key": "to-contractor", "type": "definition", "offset": [99, 112]}, {"key": "on-behalf-of", "type": "definition", "offset": [170, 182]}, {"key": "approved-by", "type": "clause", "offset": [371, 382]}], "hash": "5cda78db506f8a018f019253ef57e0de", "id": 3}, {"samples": [{"hash": "hPs7OUZAuwX", "uri": "/contracts/hPs7OUZAuwX#technical-security-controls", "label": "Local Implementation Agreement", "score": 36.0119667053, "published": true}, {"hash": "f5RstYtatRP", "uri": "/contracts/f5RstYtatRP#technical-security-controls", "label": "Professional Services", "score": 35.3848648071, "published": true}, {"hash": "6xp3u0Hl0KA", "uri": "/contracts/6xp3u0Hl0KA#technical-security-controls", "label": "Professional Services", "score": 35.0558853149, "published": true}], "size": 9, "snippet": "By executing this Agreement, CONTRACTOR, for itself, and its assignees and successors in interest, agrees as follows:", "snippet_links": [{"key": "executing-this-agreement", "type": "clause", "offset": [3, 27]}, {"key": "assignees-and-successors-in-interest", "type": "clause", "offset": [61, 97]}], "hash": "ae138a5c75aa9d1379a67e5c916c71fd", "id": 5}, {"samples": [{"hash": "8CeW5pW1VHo", "uri": "/contracts/8CeW5pW1VHo#technical-security-controls", "label": "Subrecipient Agreement", "score": 35.2876777649, "published": true}, {"hash": "8XkYVfc26wh", "uri": "/contracts/8XkYVfc26wh#technical-security-controls", "label": "Subrecipient Agreement", "score": 35.1974945068, "published": true}, {"hash": "b5oNjEeFOL1", "uri": "/contracts/b5oNjEeFOL1#technical-security-controls", "label": "Service Agreement", "score": 35.0884094238, "published": true}], "size": 5, "snippet": "A. Workstation/Laptop Encryption. All workstations and laptops, which use, store and/or process PII, must be encrypted using a FIPS 140-2 certified algorithm 128 bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk. It is encouraged, when available and when feasible, that the encryption be 256 bit.", "snippet_links": [{"key": "laptop-encryption", "type": "clause", "offset": [15, 32]}, {"key": "when-available", "type": "clause", "offset": [282, 296]}], "hash": "03cdb6d5c3c0d6646b6042f2072d7ec9", "id": 7}, {"samples": [{"hash": "6bH4bLPV98k", "uri": "/contracts/6bH4bLPV98k#technical-security-controls", "label": "Agreement for Provision of Services", "score": 27.0204868317, "published": true}], "size": 5, "snippet": "35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140\u20132 certified algorithm DocuSign Envelope ID: BB2DBDF4-FD05-4D02-A0FE-074FE18D982A 1 which is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by 2 the COUNTY.", "snippet_links": [{"key": "laptop-encryption", "type": "clause", "offset": [18, 35]}, {"key": "to-contractor", "type": "definition", "offset": [101, 114]}, {"key": "on-behalf-of", "type": "definition", "offset": [172, 184]}, {"key": "docusign-envelope", "type": "definition", "offset": [283, 300]}, {"key": "approved-by", "type": "clause", "offset": [433, 444]}, {"key": "the-county", "type": "clause", "offset": [447, 457]}], "hash": "25153a631ab7f287ab4c418378b58807", "id": 8}, {"samples": [{"hash": "boEP7VsB6PA", "uri": "/contracts/boEP7VsB6PA#technical-security-controls", "label": "Medi Cal Privacy and Security Agreement", "score": 35.9396018982, "published": true}, {"hash": "ddsmOVgP6wN", "uri": "/contracts/ddsmOVgP6wN#technical-security-controls", "label": "Medi Cal Privacy and Security Agreement", "score": 35.196811676, "published": true}, {"hash": "9HMz6sxeHhZ", "uri": "/contracts/9HMz6sxeHhZ#technical-security-controls", "label": "Medi Cal Privacy and Security Agreement", "score": 35.104888916, "published": true}], "size": 4, "snippet": "The State of California Office of Information Security (OIS) and SSA have adopted the National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 53, Security and Privacy controls for Information Systems and Organizations, and NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. OIS and SSA require organizations to comply and maintain the minimum standards outlined in NIST SP 800-53 when working with PII and SSA data. County Department/Agency shall, at a minimum, implement an information security program that effectively manages risk in accordance with the Systems Security Standards and Requirements outlined in this Section of this Agreement. Guidance regarding implementation of NIST SP 800-53 is available in the Statewide Information Management Manual (SIMM), SIMM-5300-A, which is hereby incorporated into this Agreement (Exhibit C) and available upon request. DHCS and CDSS will enter into a separate PSA with California Statewide Automated Welfare System (CalSAWS) Joint Powers Authority specific to the CalSAWS. Any requirements for data systems in this PSA would only apply to County Department/Agency\u2019s locally operated/administered systems that access, store, or process Medi-Cal PII.\nA. Systems Security Standards and Requirements\n1. Access Control (AC)\n2. Procedures to facilitate the implementation of the access control policy and associated access control controls; b. Review and update the current access control procedures with the organization-defined frequency. Supplemental Guidance (from NIST 800-53) This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AC family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures. Related control: PM-9. Control Number AC-2 Title Account Management\ni. Authorizes access to the information systems that receive, process, store or transmit Medi-Cal PII based on valid access authorization, need-to-know permission or under the authority to re- disclose Medi-Cal PII.\nj. Review accounts for compliance with account management requirements according to organization-based frequency; and k. Establishes a process for reissuing shared/group account credentials (if deployed) when individuals are removed from the group. Supplemental Guidance (from NIST 800-53) Information system account types include, for example, individual, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. Some of the account management requirements listed above can be implemented by organizational information systems. The identification of authorized users of the information system and the specification of access privileges reflects the requirements in other security controls in the security plan. Users requiring administrative privileges on information system accounts receive additional scrutiny by appropriate organizational personnel (e.g., system owner, mission/business owner, or chief information security officer) responsible for approving such accounts and privileged access. Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both. Other attributes required for authorizing access include, for example, restrictions on time-of-day, day-of-week, and point-of-origin. In defining other account attributes, organizations consider system-related requirements (e.g., scheduled maintenance, system upgrades) and mission/business requirements, (e.g., time zone differences, customer requirements, remote access to support travel requirements). Failure to consider these factors could affect information system availability. Temporary and emergency accounts are accounts intended for short-term use. Organizations establish temporary accounts as a part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. Organizations establish emergency accounts in response to crisis situations and with the need for rapid account activation. Therefore, emergency account activation may bypass normal account authorization processes. Emergency and temporary accounts are not to be confused with infrequently used accounts (e.g., local logon accounts used for special tasks defined by organizations or when network resources are unavailable). Such accounts remain available and are not subject to automatic disabling or removal dates. Conditions for disabling or deactivating accounts include, for example: (i) when shared/group, emergency, or temporary accounts are no longer required; or (ii) when individuals are transferred or terminated. Some types of information system accounts may require specialized training. Related controls: AC- 3, AC-4, AC-5, AC-6, AC-10, AC-17, AC-19, AC-20, AU-9, IA-2, IA-4, IA-5, IA-8, CM-5, CM-6, CM- 11, MA-3, MA-4, MA-5, PL-4, SC-13. Control Number AC-3", "snippet_links": [{"key": "the-state-of-california", "type": "clause", "offset": [0, 23]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [86, 132]}, {"key": "security-and-privacy-controls", "type": "clause", "offset": [174, 203]}, {"key": "information-systems", "type": "definition", "offset": [208, 227]}, {"key": "risk-management-framework", "type": "definition", "offset": [267, 292]}, {"key": "minimum-standards", "type": "definition", "offset": [397, 414]}, {"key": "working-with", "type": "definition", "offset": [447, 459]}, {"key": "county-department", "type": "definition", "offset": [478, 495]}, {"key": "agency-shall", "type": "clause", "offset": [496, 508]}, {"key": "information-security-program", "type": "definition", "offset": [537, 565]}, {"key": "in-accordance-with", "type": "clause", "offset": [596, 614]}, {"key": "security-standards", "type": "definition", "offset": [627, 645]}, {"key": "this-agreement", "type": "clause", "offset": [691, 705]}, {"key": "management-manual", "type": "definition", "offset": [801, 818]}, {"key": "exhibit-c", "type": "definition", "offset": [890, 899]}, {"key": "upon-request", "type": "clause", "offset": [915, 927]}, {"key": "a-separate", "type": "definition", "offset": [959, 969]}, {"key": "joint-powers-authority", "type": "definition", "offset": [1035, 1057]}, {"key": "requirements-for", "type": "clause", "offset": [1087, 1103]}, {"key": "data-systems", "type": "definition", "offset": [1104, 1116]}, {"key": "access-control-policy", "type": "clause", "offset": [1383, 1404]}, {"key": "review-and-update", "type": "clause", "offset": [1448, 1465]}, {"key": "the-current", "type": "clause", "offset": [1466, 1477]}, {"key": "control-procedures", "type": "clause", "offset": [1485, 1503]}, {"key": "the-organization", "type": "definition", "offset": [1509, 1525]}, {"key": "establishment-of", "type": "clause", "offset": [1613, 1629]}, {"key": "policy-and-procedures", "type": "definition", "offset": [1630, 1651]}, {"key": "effective-implementation", "type": "clause", "offset": [1660, 1684]}, {"key": "security-controls", "type": "definition", "offset": [1697, 1714]}, {"key": "applicable-federal-laws", "type": "clause", "offset": [1788, 1811]}, {"key": "executive-orders", "type": "definition", "offset": [1813, 1829]}, {"key": "program-policies-and-procedures", "type": "clause", "offset": [1900, 1931]}, {"key": "specific-policies", "type": "clause", "offset": [1987, 2004]}, {"key": "the-policy", "type": "clause", "offset": [2033, 2043]}, {"key": "policy-for", "type": "definition", "offset": [2104, 2114]}, {"key": "represented-by", "type": "clause", "offset": [2151, 2165]}, {"key": "multiple-policies", "type": "clause", "offset": [2166, 2183]}, {"key": "the-complex", "type": "definition", "offset": [2195, 2206]}, {"key": "nature-of", "type": "clause", "offset": [2207, 2216]}, {"key": "the-procedures", "type": "definition", "offset": [2240, 2254]}, {"key": "the-security", "type": "clause", "offset": [2278, 2290]}, {"key": "in-general", "type": "clause", "offset": [2299, 2309]}, {"key": "risk-management-strategy", "type": "definition", "offset": [2380, 2404]}, {"key": "control-number", "type": "clause", "offset": [2483, 2497]}, {"key": "account-management", "type": "definition", "offset": [2509, 2527]}, {"key": "access-to-the-information", "type": "clause", "offset": [2542, 2567]}, {"key": "based-on", "type": "definition", "offset": [2630, 2638]}, {"key": "access-authorization", "type": "clause", "offset": [2645, 2665]}, {"key": "authority-to", "type": "definition", "offset": [2704, 2716]}, {"key": "review-accounts", "type": "definition", "offset": [2747, 2762]}, {"key": "compliance-with", "type": "definition", "offset": [2767, 2782]}, {"key": "management-requirements", "type": "definition", "offset": [2791, 2814]}, {"key": "according-to", "type": "definition", "offset": [2815, 2827]}, {"key": "account-credentials", "type": "definition", "offset": [2914, 2933]}, {"key": "the-group", "type": "clause", "offset": [2982, 2991]}, {"key": "account-types", "type": "clause", "offset": [3053, 3066]}, {"key": "for-example", "type": "clause", "offset": [3076, 3087]}, {"key": "the-account", "type": "clause", "offset": [3215, 3226]}, {"key": "organizational-information", "type": "definition", "offset": [3286, 3312]}, {"key": "the-information-system", "type": "clause", "offset": [3364, 3386]}, {"key": "the-specification", "type": "clause", "offset": [3391, 3408]}, {"key": "access-privileges", "type": "clause", "offset": [3412, 3429]}, {"key": "the-requirements", "type": "clause", "offset": [3439, 3455]}, {"key": "other-security", "type": "clause", "offset": [3459, 3473]}, {"key": "security-plan", "type": "clause", "offset": [3490, 3503]}, {"key": "administrative-privileges", "type": "clause", "offset": [3521, 3546]}, {"key": "system-accounts", "type": "clause", "offset": [3562, 3577]}, {"key": "system-owner", "type": "clause", "offset": [3653, 3665]}, {"key": "business-owner", "type": "definition", "offset": [3675, 3689]}, {"key": "chief-information-security-officer", "type": "definition", "offset": [3694, 3728]}, {"key": "responsible-for", "type": "clause", "offset": [3730, 3745]}, {"key": "privileged-access", "type": "definition", "offset": [3774, 3791]}, {"key": "other-attributes", "type": "clause", "offset": [3849, 3865]}, {"key": "by-account", "type": "clause", "offset": [3866, 3876]}, {"key": "type-of-account", "type": "clause", "offset": [3881, 3896]}, {"key": "combination-of-both", "type": "clause", "offset": [3903, 3922]}, {"key": "on-time", "type": "definition", "offset": [4008, 4015]}, {"key": "other-account", "type": "clause", "offset": [4070, 4083]}, {"key": "related-requirements", "type": "clause", "offset": [4126, 4146]}, {"key": "scheduled-maintenance", "type": "definition", "offset": [4154, 4175]}, {"key": "system-upgrades", "type": "definition", "offset": [4177, 4192]}, {"key": "business-requirements", "type": "clause", "offset": [4206, 4227]}, {"key": "time-zone", "type": "clause", "offset": [4236, 4245]}, {"key": "customer-requirements", "type": "definition", "offset": [4259, 4280]}, {"key": "access-to-support", "type": "clause", "offset": [4289, 4306]}, {"key": "travel-requirements", "type": "clause", "offset": [4307, 4326]}, {"key": "failure-to", "type": "clause", "offset": [4329, 4339]}, {"key": "system-availability", "type": "definition", "offset": [4388, 4407]}, {"key": "temporary-accounts", "type": "definition", "offset": [4508, 4526]}, {"key": "activation-procedures", "type": "clause", "offset": [4555, 4576]}, {"key": "crisis-situations", "type": "clause", "offset": [4736, 4753]}, {"key": "account-authorization", "type": "clause", "offset": [4860, 4881]}, {"key": "network-resources", "type": "definition", "offset": [5065, 5082]}, {"key": "subject-to", "type": "clause", "offset": [5144, 5154]}, {"key": "conditions-for", "type": "clause", "offset": [5193, 5207]}, {"key": "or-temporary", "type": "definition", "offset": [5299, 5311]}, {"key": "types-of-information", "type": "clause", "offset": [5406, 5426]}, {"key": "specialized-training", "type": "definition", "offset": [5455, 5475]}], "hash": "fb9d961b9b9d081814d4acc853d3747a", "id": 10}], "next_curs": "CmQSXmoVc35sYXdpbnNpZGVyY29udHJhY3RzckALEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiR0ZWNobmljYWwtc2VjdXJpdHktY29udHJvbHMjMDAwMDAwMGEMogECZW4YACAA", "clause": {"children": [["server-security", "Server Security"], ["system-timeout", "System Timeout"], ["system-logging", "System Logging"], ["warning-banners", "Warning Banners"], ["antivirus-software", "Antivirus software"]], "size": 723, "parents": [["business-associate-contract", "Business Associate Contract"], ["business-associate-data-security-requirements", "Business Associate Data Security Requirements"], ["submission-of-insurance-documents", "SUBMISSION OF INSURANCE DOCUMENTS"], ["data-security-requirements", "Data Security Requirements"], ["staffing", "STAFFING"]], "title": "Technical Security Controls", "id": "technical-security-controls", "related": [["security-controls", "Security Controls", "Security Controls"], ["indenture-controls", "Indenture Controls", "Indenture Controls"], ["security-controls-for-state-agency-data", "Security Controls for State Agency Data", "Security Controls for State Agency Data"], ["technical-safeguards", "Technical Safeguards", "Technical Safeguards"], ["audit-controls", "Audit Controls", "Audit Controls"]], "related_snippets": [], "updated": "2025-07-24T04:27:51+00:00", "also_ask": [], "drafting_tip": "Specify required security standards, detail monitoring obligations, and allocate responsibility to ensure clarity, accountability, and enforceability.", "explanation": "The Technical Security Controls clause defines the specific technological measures and safeguards that must be implemented to protect data and systems from unauthorized access, breaches, or other security threats. This typically includes requirements such as encryption, firewalls, access controls, regular security audits, and secure data transmission protocols. By clearly outlining these mandatory controls, the clause ensures that both parties understand their obligations to maintain a secure environment, thereby reducing the risk of data breaches and ensuring compliance with relevant security standards."}, "json": true, "cursor": ""}}