Library: Policy

OKDHS:2-45-12. Information security terms for contracts

Issued 5-1-09

(a) Regulations.  All contracts and agreements entered into or on behalf of the Oklahoma Department of Human Services (OKDHS), where the relationship involves another private or public entity who hosts, stores, accesses, develops, uses, manages, manipulates, or maintains data and information systems owned by or on behalf of OKDHS, must include information security terms to protect the confidentiality, integrity, and availability of OKDHS information or information systems.  The OKDHS Support Services Division Contracts and Purchasing Unit ensures appropriate language is included in all contacts and agreements.

(b) Scope and applicability.  The information security requirements of this Section apply to all OKDHS divisions, business units, and business partners who, on behalf of OKDHS, enter into contracts and agreements with contractors and third party entities, where applicable, who host, store, access, develop, use, manage, manipulate, or maintain OKDHS data and information systems.

(c) Effective.  Regulations regarding information security terms for contracts remain in effect until officially superseded or cancelled by the ISO.  No OKDHS division may create a policy that supersedes these regulations or the Information Security Program requirements.

(d) Sanctions.  Failure to comply with provisions of OKDHS:2-45 may result in disciplinary action, per OKDHS:2-1-7, and could result in civil or criminal penalties.