{"component": "clause", "props": {"groups": [{"samples": [{"hash": "9jvskXqYkDS", "uri": "/contracts/9jvskXqYkDS#technical-security", "label": "Data Sharing Agreement", "score": 33.1892471313, "published": true}, {"hash": "5moOaMIyfiR", "uri": "/contracts/5moOaMIyfiR#technical-security", "label": "Data Sharing Agreement", "score": 23.0232715607, "published": true}, {"hash": "a9Le0B3oHuM", "uri": "/contracts/a9Le0B3oHuM#technical-security", "label": "Data Sharing Agreement", "score": 22.7289524078, "published": true}], "snippet_links": [{"key": "microsoft-teams", "type": "definition", "offset": [4, 19]}, {"key": "north-east-scotland-college", "type": "clause", "offset": [38, 65]}, {"key": "named-individuals", "type": "definition", "offset": [94, 111]}, {"key": "site-owners", "type": "definition", "offset": [154, 165]}], "snippet": "The Microsoft Teams site is hosted by North East Scotland College and can only be accessed by named individuals who are designated as participants and/or site owners.", "size": 3, "hash": "ff389ace1a40971422b3ab92fc0aec95", "id": 1}, {"samples": [{"hash": "4evbr4KdOGg", "uri": "/contracts/4evbr4KdOGg#technical-security", "label": "Data Processing Agreement", "score": 34.4702451907, "published": true}, {"hash": "3kcKuRFipM5", "uri": "/contracts/3kcKuRFipM5#technical-security", "label": "Data Processing Agreement", "score": 30.7616081238, "published": true}], "snippet_links": [], "snippet": "Encryption", "size": 2, "hash": "d7f2615c71a1567cc13cf3a7f7de0aea", "id": 2}, {"samples": [{"hash": "13s2vNTzXZC", "uri": "/contracts/13s2vNTzXZC#technical-security", "label": "Terms of Use Agreement", "score": 21.7269001007, "published": true}], "snippet_links": [{"key": "screen-saver", "type": "clause", "offset": [218, 230]}, {"key": "access-to-the-system", "type": "clause", "offset": [255, 275]}, {"key": "i-understand-and-agree-that", "type": "clause", "offset": [279, 306]}, {"key": "responsible-for", "type": "clause", "offset": [312, 327]}, {"key": "is-user", "type": "definition", "offset": [372, 379]}, {"key": "other-actions", "type": "definition", "offset": [578, 591]}, {"key": "suspension-or-revocation", "type": "clause", "offset": [603, 627]}, {"key": "access-to-information", "type": "clause", "offset": [710, 731]}, {"key": "immediately-upon", "type": "clause", "offset": [900, 916]}, {"key": "loss-of", "type": "clause", "offset": [917, 924]}, {"key": "disclosure-of", "type": "clause", "offset": [950, 963]}, {"key": "another-person", "type": "clause", "offset": [979, 993]}, {"key": "personal-and-confidential-information", "type": "clause", "offset": [1045, 1082]}, {"key": "strictly-confidential", "type": "definition", "offset": [1086, 1107]}, {"key": "secure-location", "type": "clause", "offset": [1148, 1163]}, {"key": "subject-to", "type": "definition", "offset": [1172, 1182]}, {"key": "unauthorized-persons", "type": "clause", "offset": [1193, 1213]}, {"key": "not-store", "type": "definition", "offset": [1222, 1231]}, {"key": "information-on", "type": "clause", "offset": [1280, 1294]}, {"key": "hard-drive", "type": "definition", "offset": [1299, 1309]}, {"key": "home-computer", "type": "definition", "offset": [1315, 1328]}, {"key": "computing-device", "type": "definition", "offset": [1347, 1363]}, {"key": "information-from", "type": "clause", "offset": [1407, 1423]}, {"key": "business-need", "type": "definition", "offset": [1520, 1533]}, {"key": "the-information", "type": "clause", "offset": [1596, 1611]}, {"key": "time-required", "type": "clause", "offset": [1652, 1665]}, {"key": "the-device", "type": "clause", "offset": [1667, 1677]}, {"key": "sensitive-information", "type": "definition", "offset": [1713, 1734]}, {"key": "public-network", "type": "definition", "offset": [1881, 1895]}, {"key": "encryption-software", "type": "clause", "offset": [1924, 1943]}, {"key": "data-removal", "type": "clause", "offset": [2183, 2195]}, {"key": "personal-health-data", "type": "definition", "offset": [2256, 2276]}, {"key": "mobile-devices", "type": "definition", "offset": [2294, 2308]}, {"key": "data-transmission", "type": "clause", "offset": [2344, 2361]}, {"key": "by-signing", "type": "clause", "offset": [2363, 2373]}, {"key": "read-and-understood", "type": "clause", "offset": [2416, 2435]}, {"key": "the-terms", "type": "clause", "offset": [2436, 2445]}, {"key": "set-out", "type": "definition", "offset": [2446, 2453]}, {"key": "binding-upon", "type": "clause", "offset": [2506, 2518]}, {"key": "breach-of-this-agreement", "type": "clause", "offset": [2536, 2560]}, {"key": "legal-action-against", "type": "clause", "offset": [2620, 2640]}, {"key": "health-care", "type": "definition", "offset": [2658, 2669]}, {"key": "without-limitation", "type": "clause", "offset": [2706, 2724]}, {"key": "termination-of", "type": "definition", "offset": [2726, 2740]}, {"key": "access-to-the-network", "type": "clause", "offset": [2754, 2775]}, {"key": "disciplinary-sanctions", "type": "definition", "offset": [2798, 2820]}, {"key": "court-action", "type": "clause", "offset": [2831, 2843]}, {"key": "name-signature", "type": "clause", "offset": [2851, 2865]}, {"key": "privacy-and-security-policies", "type": "definition", "offset": [2943, 2972]}, {"key": "for-reference-only", "type": "clause", "offset": [3003, 3021]}, {"key": "authority-policies", "type": "clause", "offset": [3040, 3058]}, {"key": "the-content", "type": "clause", "offset": [3085, 3096]}, {"key": "listed-below", "type": "clause", "offset": [3097, 3109]}, {"key": "training-required", "type": "clause", "offset": [3146, 3163]}, {"key": "all-users", "type": "clause", "offset": [3168, 3177]}, {"key": "related-to", "type": "clause", "offset": [3261, 3271]}, {"key": "identifiable-individual", "type": "definition", "offset": [3275, 3298]}, {"key": "control-of", "type": "definition", "offset": [3337, 3347]}, {"key": "not-limited", "type": "clause", "offset": [3367, 3378]}, {"key": "legal-advice", "type": "definition", "offset": [3415, 3427]}, {"key": "incident-reports", "type": "clause", "offset": [3453, 3469]}, {"key": "ongoing-litigation", "type": "clause", "offset": [3504, 3522]}, {"key": "law-enforcement", "type": "clause", "offset": [3524, 3539]}, {"key": "human-rights", "type": "definition", "offset": [3605, 3617]}, {"key": "quality-assurance-reviews", "type": "clause", "offset": [3696, 3721]}, {"key": "external-reviews", "type": "clause", "offset": [3726, 3742]}, {"key": "quality-of-care", "type": "definition", "offset": [3746, 3761]}], "snippet": "\uf0a0 I understand that after completing work at a computer that has access to the Heart IS application, I will logoff from the computer. If I have to leave a computer unattended, I will logoff or use a password protected screen saver to prevent unauthorized access to the system. \uf0a0 I understand and agree that I am responsible for maintaining the confidentiality of my Heart IS user ID and password, and that any misuse of my user ID and password, intentional or unintentional, violates PHC and Heart IS Policy and this Agreement and could subject me to disciplinary, legal and/or other actions, including suspension or revocation of my access to the Heart IS application by CSBC. \uf0a0 I will be accountable for any access to Information performed using my Heart IS user ID and password. I will not share these with anyone else under any conditions. I will inform the Heart IS Administrator at my hospital immediately upon loss of my password or suspected disclosure of my password to another person. \uf0a0 I will treat all electronically stored Heart IS personal and confidential Information as strictly confidential and will ensure that they are kept in a secure location and not subject to access by unauthorized persons. I will not store Heart IS confidential and personal identifiable Information on the hard drive of a home computer or other personal computing device.\n\uf0a0 I understand that personal identifiable Information from the Heart IS application should only be stored on secure PHSA servers. If there is an essential business need to store personal identifiable Information on a mobile device the Information will be stored for the absolute minimum time required, the device will be password protected and the sensitive Information will be encrypted following PHC standards. \uf0a0 I will not knowingly open or send confidential or personal identifiable Information via email over a public network unless it is encrypted with encryption software that adheres to PHC policies. \uf0a0 I understand that I must not leave my device, device screen or any Heart IS personal and confidential Information in any place where unauthorized viewers can access it. \uf0a0 I understand that I must use proper data removal software/technology and practice to remove any identifiable personal health data/Information from mobile devices after it is no longer required for data transmission. By signing this Agreement, I acknowledge that I have read and understood the terms set out above. I further acknowledge that this Agreement is binding upon me, and that any breach of this Agreement, the Heart IS Policies, FIPPA and/or PIPA may give rise to legal action against me by Providence Health Care and Cardiac Services BC, including, without limitation, termination of my rights of access to the network/Heart IS application, disciplinary sanctions and civil court action. Print name Signature Witnessed this (date) By: Print Name Signature The following represents PHSA Privacy and Security Policies for the Heart IS application (for reference only). Specific Health Authority policies may vary but will address the content listed below and is part of privacy and security training required for all users upon start of their employment within the respective Health Authority. Information related to an identifiable individual (e.g., patient) under the custody and control of PHSA including but not limited to \uf0b7 Information (staff statements, legal advice, investigators\u2019 reports, incident reports) prepared as part of a pending or ongoing litigation, law enforcement investigation, quality assurance review or Coroner, Ombudsman or Human Rights investigation. \uf0b7 Information related to credentialing, discipline, privilege, quality assurance reviews and external reviews of quality of care.", "size": 1, "hash": "8ddab1ebc1940d715a916230d29a8c7d", "id": 3}, {"samples": [{"hash": "btlWyfSbW2c", "uri": "/contracts/btlWyfSbW2c#technical-security", "label": "Data Processing Agreement", "score": 25.4858398438, "published": true}], "snippet_links": [{"key": "the-systems", "type": "clause", "offset": [29, 40]}, {"key": "malicious-code", "type": "clause", "offset": [166, 180]}, {"key": "in-accordance-with", "type": "definition", "offset": [192, 210]}, {"key": "industry-standards", "type": "definition", "offset": [219, 237]}], "snippet": "3.1 Firewalls and anti-virus The systems are protected by firewalls, anti-virus software has been installed on relevant servers and the systems are protected against malicious code execution, in accordance with current industry standards.", "size": 1, "hash": "3780cb8e2e0624e19f4ef0ef0e5a514f", "id": 4}, {"samples": [{"hash": "c4CL5z4f7oh", "uri": "/contracts/c4CL5z4f7oh#technical-security", "label": "User Agreement", "score": 21.8179321289, "published": true}], "snippet_links": [{"key": "in-the-event", "type": "clause", "offset": [0, 12]}, {"key": "user-agency", "type": "clause", "offset": [13, 24]}, {"key": "criminal-justice-information", "type": "clause", "offset": [84, 112]}, {"key": "technical-security-controls", "type": "clause", "offset": [174, 201]}, {"key": "in-order-to", "type": "clause", "offset": [202, 213]}, {"key": "information-received", "type": "definition", "offset": [241, 261]}, {"key": "an-individual", "type": "clause", "offset": [286, 299]}, {"key": "the-user", "type": "clause", "offset": [307, 315]}, {"key": "agency-security", "type": "definition", "offset": [336, 351]}, {"key": "north-carolina", "type": "clause", "offset": [449, 463]}, {"key": "department-of-justice", "type": "definition", "offset": [464, 485]}, {"key": "information-security-officer", "type": "definition", "offset": [486, 514]}, {"key": "computer-systems", "type": "clause", "offset": [655, 671]}, {"key": "screening-measures", "type": "definition", "offset": [778, 796]}, {"key": "in-accordance-with", "type": "definition", "offset": [816, 834]}, {"key": "the-current", "type": "clause", "offset": [835, 846]}, {"key": "cjis-security-policy", "type": "definition", "offset": [847, 867]}, {"key": "security-measures", "type": "definition", "offset": [906, 923]}, {"key": "in-place", "type": "definition", "offset": [928, 936]}, {"key": "policy-compliance", "type": "clause", "offset": [974, 991]}, {"key": "security-incidents", "type": "clause", "offset": [1035, 1053]}, {"key": "the-boundary", "type": "definition", "offset": [1066, 1078]}, {"key": "and-information", "type": "clause", "offset": [1095, 1110]}, {"key": "access-to-networks", "type": "clause", "offset": [1140, 1158]}, {"key": "monitoring-and-controlling", "type": "clause", "offset": [1203, 1229]}, {"key": "external-boundary", "type": "definition", "offset": [1252, 1269]}, {"key": "the-information-system", "type": "clause", "offset": [1273, 1295]}, {"key": "the-system", "type": "definition", "offset": [1334, 1344]}, {"key": "external-networks", "type": "definition", "offset": [1397, 1414]}, {"key": "information-systems", "type": "definition", "offset": [1419, 1438]}, {"key": "unauthorized-use", "type": "definition", "offset": [1646, 1662]}, {"key": "failure-of-the", "type": "clause", "offset": [1692, 1706]}, {"key": "protection-mechanisms", "type": "clause", "offset": [1716, 1737]}, {"key": "release-of-information", "type": "definition", "offset": [1772, 1794]}, {"key": "system-boundary", "type": "definition", "offset": [1822, 1837]}, {"key": "the-device", "type": "clause", "offset": [1844, 1854]}, {"key": "publicly-accessible-information", "type": "clause", "offset": [1894, 1925]}, {"key": "system-components", "type": "clause", "offset": [1926, 1943]}, {"key": "web-servers", "type": "clause", "offset": [1950, 1961]}, {"key": "guidelines-for", "type": "clause", "offset": [2102, 2116]}, {"key": "current-version", "type": "clause", "offset": [2149, 2164]}, {"key": "encryption-standards", "type": "clause", "offset": [2211, 2231]}, {"key": "secure-location", "type": "clause", "offset": [2444, 2459]}, {"key": "management-and-control", "type": "definition", "offset": [2484, 2506]}, {"key": "cryptographic-module", "type": "definition", "offset": [2794, 2814]}, {"key": "processing-standards", "type": "clause", "offset": [2861, 2881]}, {"key": "public-key-infrastructure", "type": "definition", "offset": [2935, 2960]}, {"key": "certificate-policy", "type": "definition", "offset": [3009, 3027]}, {"key": "certification-practice-statement", "type": "clause", "offset": [3032, 3064]}, {"key": "the-issuance", "type": "clause", "offset": [3069, 3081]}, {"key": "to-receive", "type": "definition", "offset": [3147, 3157]}, {"key": "responsible-official", "type": "clause", "offset": [3227, 3247]}, {"key": "certificate-holder", "type": "definition", "offset": [3323, 3341]}, {"key": "issued-to", "type": "definition", "offset": [3378, 3387]}, {"key": "intrusion-detection", "type": "clause", "offset": [3453, 3472]}, {"key": "affected-by", "type": "definition", "offset": [3574, 3585]}, {"key": "resulting-from", "type": "definition", "offset": [3650, 3664]}, {"key": "software-developer", "type": "clause", "offset": [3702, 3720]}, {"key": "develop-and-implement", "type": "clause", "offset": [3810, 3831]}, {"key": "installation-of", "type": "clause", "offset": [3866, 3881]}, {"key": "service-packs", "type": "definition", "offset": [3924, 3937]}, {"key": "hot-fixes", "type": "definition", "offset": [3943, 3952]}, {"key": "local-policies", "type": "clause", "offset": [3954, 3968]}, {"key": "prior-to-installation", "type": "clause", "offset": [4038, 4059]}, {"key": "patch-management", "type": "definition", "offset": [4195, 4211]}, {"key": "security-assessments", "type": "clause", "offset": [4285, 4305]}, {"key": "continuous-monitoring", "type": "clause", "offset": [4307, 4328]}, {"key": "response-activities", "type": "definition", "offset": [4342, 4361]}, {"key": "malicious-code-protection", "type": "clause", "offset": [4376, 4401]}, {"key": "automatic-updates", "type": "clause", "offset": [4416, 4433]}, {"key": "internet-access", "type": "definition", "offset": [4455, 4470]}, {"key": "agency-shall", "type": "clause", "offset": [4481, 4493]}, {"key": "local-procedures", "type": "definition", "offset": [4504, 4520]}, {"key": "to-ensure", "type": "clause", "offset": [4521, 4530]}, {"key": "up-to-date", "type": "definition", "offset": [4565, 4575]}, {"key": "virus-protection", "type": "definition", "offset": [4628, 4644]}, {"key": "the-network", "type": "definition", "offset": [4762, 4773]}, {"key": "entry-points", "type": "clause", "offset": [5108, 5120]}, {"key": "appropriate-action", "type": "clause", "offset": [5357, 5375]}, {"key": "unsolicited-messages", "type": "definition", "offset": [5379, 5399]}, {"key": "by-electronic-mail", "type": "clause", "offset": [5446, 5464]}, {"key": "removable-media", "type": "definition", "offset": [5514, 5529]}, {"key": "a-personal", "type": "clause", "offset": [5682, 5692]}, {"key": "mobile-devices", "type": "definition", "offset": [5709, 5723]}, {"key": "for-the-purposes-of", "type": "clause", "offset": [5764, 5783]}, {"key": "user-agreement", "type": "definition", "offset": [5789, 5803]}, {"key": "network-traffic", "type": "clause", "offset": [5857, 5872]}, {"key": "on-policy", "type": "clause", "offset": [5938, 5947]}, {"key": "the-personal", "type": "clause", "offset": [5963, 5975]}, {"key": "access-to-the-internet", "type": "definition", "offset": [6010, 6032]}, {"key": "ip-address", "type": "definition", "offset": [6120, 6130]}, {"key": "information-from", "type": "clause", "offset": [6257, 6273]}, {"key": "public-network", "type": "definition", "offset": [6329, 6343]}, {"key": "claims-to-be", "type": "clause", "offset": [6376, 6388]}, {"key": "web-proxy", "type": "clause", "offset": [6501, 6510]}], "snippet": "In the event User Agency utilizes a computer system or network to store or transmit criminal justice information it shall implement or ensure implementation of the following technical security controls in order to safeguard criminal justice information received from DCIN:\n1. Designate an individual within the User Agency as the Local Agency Security Officer (LASO). The LASO shall have the following duties:\na. serve as a point-of-contact for the North Carolina Department of Justice Information Security Officer (ISO);\nb. identify who within the User Agency uses devices that access criminal justice information and ensure no unauthorized individuals, computer systems, or networks have access to these devices or their respective networks;\nc. ensure that personnel security screening measures are being followed in accordance with the current CJIS Security Policy;\nd. ensure that CJIS and SBI-approved security measures are in place and working properly; and\ne. support policy compliance and ensure the ISO is promptly informed of security incidents.\n2. Protect the boundary of its networks and information system(s) by:\na. controlling access to networks processing criminal justice information;\nb. monitoring and controlling communications at the external boundary of the information system and at key internal boundaries within the system;\nc. ensuring any connections to the Internet, other external networks, or information systems occur through controlled interface (e.g. proxies, gateways, routers, firewalls, encrypted tunnels);\nd. employing tools and techniques to monitor network events, detect attacks, and provide identification of unauthorized use;\ne. ensuring the operational failure of the boundary protection mechanisms do not result in any unauthorized release of information outside of the information system boundary (i.e. the device shall fail \u201cclose\u201d); and\nf. allocating publicly accessible information system components (e.g. Web Servers) to separate sub networks with separate, network interfaces. Publicly accessible information systems residing on a virtual hot shall follow guidelines for virtualization set forth in the current version of the CJIS Security Policy.\n3. Ensure proper encryption standards are met by:\na. ensuring encryption is, at a minimum, 128-bit;\nb. ensuring criminal justice information is protected via cryptographic mechanisms (encryption) when transmitted outside the boundary of a physically secure location under the User Agency\u2019s management and control;\nc. when criminal justice information is stored electronically outside the boundary of a physically secure location under the User Agency\u2019s management and control, ensuring that it is protected via cryptographic mechanisms (encryption);\nd. ensuring that when encryption is employed, the cryptographic module used is certified to meet Federal Information Processing Standards (FIPS) 140-2 standards;\ne. if the User Agency uses a public key infrastructure (PKI) technology, developing and implementing a certificate policy and certification practice statement for the issuance of PKI certificates used in the information system. Registration to receive a PKI certificate shall:\ni. include authorization by a supervisor or responsible official;\nii. be accomplished by a secure process that verifies the identity of the certificate holder; and\niii. ensure the certificate is issued to the intended party.\n4. Implement network-based and/or host-based intrusion detection tools.\n5. Identify applications, services, and information systems containing software or components affected by recently announced software flaws and potential vulnerabilities resulting from those flaws. The User Agency (or the software developer/vendor in cases where the software developed is maintained by a vendor/contractor) shall develop and implement a local policy that ensure prompt installation of newly released security relevant patches, service packs, and hot fixes. Local policies shall include the following items:\na. testing of appropriate patches prior to installation;\nb. rollback capabilities when installing patches, updates, etc.;\nc. automatic patch updates without user intervention;\nd. centralized patch management; and\ne. the immediate addressing of patch requirements discovered during security assessments, continuous monitoring, or incident response activities.\n6. Implement malicious code protection that includes automatic updates for all systems with Internet access. The User Agency shall implement local procedures to ensure malicious code protection is kept up to date on systems not connected to the Internet.\n7. Employ virus protection mechanisms to detect and eradicate malicious code (e.g. viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers, and devices on the network. Malicious code protection shall be enabled on all of the aforementioned critical points and information systems and resident scanning shall be employed.\n8. Employ spam and spyware protection.\na. Spam and spyware mechanisms shall be employed at critical information system entry points (e.g. firewalls, electronic mail servers, remote-access servers).\nb. Employ spam and spyware protection at workstations, servers, and/or devices on the network.\nc. Spam and spyware protection mechanisms shall be used to detect and take appropriate action on unsolicited messages and spyware/adware, respectively, transported by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g. diskettes, compact discs, thumb/USB drives) or other removable media as defined within the current version of the CJIS Security Policy.\n9. Employ a personal firewall on all mobile devices accessing criminal justice information. For the purposes of this User Agreement, a personal firewall is an application that controls network traffic to and from a device, permitting or denying communications based on policy. At a minimum, the personal firewall shall:\na. manage program access to the Internet;\nb. block unsolicited requests to connect to the device;\nc. filter incoming traffic by IP address or protocol;\nd. filter incoming traffic by destination ports; and\ne. maintain an IP traffic log.\n10. Prevent criminal justice information from being transmitted unencrypted across the User Agency\u2019s public network.\n11. Block outside traffic that claims to be within the User Agency.\n12. Any web requests to the User Agency\u2019s public network that are not from the internal web proxy shall not be passed.", "size": 1, "hash": "2bf09fa9f624964c0fb852042ec78b02", "id": 5}, {"samples": [{"hash": "iQw2xELJGOS", "uri": "/contracts/iQw2xELJGOS#technical-security", "label": "Security Terms", "score": 34.2816467285, "published": true}], "snippet_links": [{"key": "information-technology-infrastructure", "type": "clause", "offset": [25, 62]}, {"key": "supplier-shall", "type": "clause", "offset": [115, 129]}, {"key": "industry-security-standards", "type": "definition", "offset": [155, 182]}, {"key": "use-the-following", "type": "clause", "offset": [193, 210]}, {"key": "technical-security-controls", "type": "clause", "offset": [211, 238]}, {"key": "where-applicable", "type": "clause", "offset": [239, 255]}, {"key": "commercially-available", "type": "definition", "offset": [317, 339]}], "snippet": "Controls With respect to information technology infrastructure, servers, databases, or networks that Process Data, Supplier shall remain in alignment with industry security standards and shall use the following technical security controls where applicable (keeping them current by incorporating and using all updates commercially available): V.", "size": 1, "hash": "db99554d53786d07e22d08518d2e3d9b", "id": 6}, {"samples": [{"hash": "7eUGP2zt2SF", "uri": "/contracts/7eUGP2zt2SF#technical-security", "label": "Terms and Conditions", "score": 26.4948673248, "published": true}], "snippet_links": [{"key": "in-place", "type": "definition", "offset": [69, 77]}], "snippet": "Munters has adequate and sufficient anti-virus systems and firewalls in place.", "size": 1, "hash": "6f2acf4b914c6cef8932d73b73862aba", "id": 7}, {"samples": [{"hash": "3kcKuRFipM5", "uri": "/contracts/3kcKuRFipM5#technical-security", "label": "Data Processing Agreement", "score": 30.7616081238, "published": true}], "snippet_links": [{"key": "protection-of-personal-data", "type": "clause", "offset": [0, 27]}], "snippet": "Protection of personal data during transmission", "size": 1, "hash": "7f0f531f1fc5ae1f7dec323280a58dd0", "id": 8}, {"samples": [{"hash": "5u2GI1hGkIF", "uri": "/contracts/5u2GI1hGkIF#technical-security", "label": "Data Protection Agreement", "score": 25.2902126312, "published": true}], "snippet_links": [{"key": "establishment-of", "type": "clause", "offset": [4, 20]}, {"key": "operating-systems", "type": "clause", "offset": [84, 101]}, {"key": "within-thirty", "type": "clause", "offset": [209, 222]}], "snippet": "The establishment of a method to communicate and/or push security patch updates for operating systems, software, and applications deployed in its environments. Critical patches and or updates must be deployed within thirty (30) days of release.", "size": 1, "hash": "21463e5821f636b9d08bf0b337acb4da", "id": 9}, {"samples": [{"hash": "lxOM5T4kq7d", "uri": "/contracts/lxOM5T4kq7d#technical-security", "label": "Memorandum of Understanding (Mou)", "score": 22.1704311371, "published": true}], "snippet_links": [{"key": "post-doc", "type": "definition", "offset": [53, 61]}, {"key": "access-areas", "type": "clause", "offset": [149, 161]}, {"key": "the-technical", "type": "clause", "offset": [177, 190]}, {"key": "routine-inspections", "type": "clause", "offset": [212, 231]}], "snippet": "DS Security Engineering Officers (SEOs) will include post DOC offices in routine technical security countermeasures (TSCM) inspections of controlled access areas at post, where the technical threat warrants such routine inspections.", "size": 1, "hash": "1a3a981403f0774035210acc063ad7e1", "id": 10}], "next_curs": "ClsSVWoVc35sYXdpbnNpZGVyY29udHJhY3RzcjcLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2Iht0ZWNobmljYWwtc2VjdXJpdHkjMDAwMDAwMGEMogECZW4YACAA", "clause": {"children": [["access-controls-on-information-systems", "Access Controls on Information Systems"], ["access-control-via-internet", "Access Control via Internet"], ["data-management-controls", "Data Management Controls"], ["access-rights-policies", "Access Rights Policies"], ["access-monitoring", "Access Monitoring"]], "title": "Technical Security", "parents": [["further-disclosure", "Further disclosure"], ["access-restrictions", "Access restrictions"], ["miscellaneous", "Miscellaneous"], ["order-of-precedence", "Order of Precedence"], ["security-plan", "Security Plan"]], "size": 25, "id": "technical-security", "related": [["technical-security-controls", "Technical Security Controls", "<strong>Technical Security</strong> Controls"], ["physical-security", "Physical Security", "Physical Security"], ["personnel-security", "Personnel Security", "Personnel Security"], ["additional-security", "Additional Security", "Additional Security"], ["physical-security-of-media", "Physical Security of Media", "Physical Security of Media"]], "related_snippets": [], "updated": "2025-07-10T04:27:38+00:00"}, "json": true, "cursor": ""}}