My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY (5)
Clerk
>
Contracts / Agreements
>
O
>
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY (5)
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/10/2025 4:07:50 PM
Creation date
7/31/2025 3:39:59 PM
Metadata
Fields
Template:
Contracts
Company Name
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY
Contract #
A-2025-116-03
Agency
Community Development
Council Approval Date
7/15/2025
Expiration Date
7/30/2028
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
59
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Docuslgn Envelope ID;7;ZA91133B-6EAI-46FEACDI)-146671G67604 <br /> 8. Log both successful and failed accesses; <br /> C. Be read-access only;and <br /> D. Be restricted to authorized users. <br /> €i€. If Pll is stored in a database, database logging functionality shall be enabled. <br /> iv. Audit trail data shall be archived for at least three(3)years from the occurrence. <br /> I. Access Controls.The system providing access to PH shall use role-based access controls <br /> for all user authentications, enforcing the principle of least privilege. <br /> m. Transmission Encryption. <br /> I. All data transmissions of PH outside of a secure internal network must be <br /> encrypted using a Federal Information Processing Standard (FIPS) 140-2 certified <br /> algorithm that is 128 bit or higher, such as Advanced Encryption Standard (AES) <br /> or Transport Layer Security (TLS). It is encouraged, when available and when <br /> feasible,that 256 bit encryption be used. <br /> H. Encryption can be end to end at the network level,or the data files containing PIE <br /> can be encrypted. <br /> M. This requirement pertains to any type of PH in motion such as website access,file <br /> transfer, and email. <br /> n. Intrusion Prevention. All systems involved in accessing, storing, transporting, and <br /> protecting Pil, which are accessible through the Internet, must be protected by an <br /> intrusion detection and prevention solution. <br /> a. AUDIT CONTROLS <br /> a. System Security Review. <br /> i. The Contractor must ensure audit control mechanisms are in place. <br /> i€. All systems processing and/or staring PII must have at least an annual system risk <br /> assessment/sectir€ty review that ensures administrative, physical, and technical <br /> controls are functioning effectively and provide an adequate level of protection. <br /> Ill. Reviews should include vulnerability scanning tools. <br /> b. Log Reviews.All systems processing and/or storing PH must have a processor automated <br /> procedure in place to review system logs for unauthorized access. <br /> c. Change Control. All systems processing and/or storing PH must have a documented <br /> � i <br />
The URL can be used to link to this page
Your browser does not support the video tag.