Required for Information Technology contracts. All IT systems and applications developed by or for Executive department agencies or operating within the Massachusetts Access to Government Network (MAGNet) must conform with the Enterprise Information Security Policies and Standards promulgated by the Secretary of the Executive Office of Technology Services & Security (EOTSS). Non-conforming IT systems may not be deployed unless the purchasing agency and their contractor(s) have jointly applied for and received in writing from the Secretary of EOTSS or the Secretary’s designee, notice that a specified deviation will be permitted. The Enterprise Information Security Policies and Standards are available at https://www.mass.gov/handbook/enterprise-information-security-policies-and-standards. Additional policies, standards, and requirements that do not conflict with the Enterprise Information Security Policies and Standards may apply and shall be made available to Bidders by the purchasing agency.
