Specifications include, but are not limited to: A-1 Contractor represents and warrants that it will comply with all applicable federal, state, and local privacy and data protection laws, as well as all other applicable regulations. A-2 Contractor shall implement administrative, physical, and technical safeguards to ensure security of Protected Information that are no less rigorous than accepted industry practices including National Institute of Standards and Technology (NIST), Center for Internet Security (CIS) controls, [the International Organization for Standardization’s standards: ISO/IEC– Information Security Management Systems – Requirements and ISO/IEC– Code of Practice for International Security Management,] the Information Technology Infrastructure Library (ITIL) standards, [or] [other applicable industry standards for information security]), and shall ensure that all such safeguards, including the manner in which Protected Information is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. A-3 Contractor shall ensure all ARC Data remains within the United States and is not trans bordered out of the country without the prior written authorization by the ARC. A-4 All employees and subcontractors given access to any Protected Information must agree to abide by the terms of the Agreement and restrict use of Protected Information only for subcontractors or employees’ internal business purposes and only as necessary for the execution of the Agreement. A-5 Contractor shall maintain Cybersecurity Insurance A-6 Contractor shall provide ARC Information Technology Team with a recent cybersecurity vulnerability assessment upon request
