The Vendor is required to provide privacy office solutions.
- Required to use data provided by agency (“commonwealth data”) and will implement commercially reasonable safeguards necessary to: (i) prevent unauthorized access to commonwealth data from any public or private network; (ii) prevent unauthorized physical access to any information technology resources involved in the project; and (iii) prevent interception and manipulation of commonwealth data during transmission to and from any servers.
- Its legislative mandate includes coordinating GIS activities in the commonwealth’s public agencies and distributing GIS data.
- MassGIS has also developed and is the host for the commonwealth’s web mapping services.
- Software or code that will be developed by contractor and migrated into a production environment, contractor shall implement the following controls for the purpose of maintaining software integrity and traceability throughout the software or code creation life cycle, including during development, testing, and production:
• Configure at least two software environments including a development/quality assurance (QA) environment and a production environment;
• Implement a change management procedure to ensure that activities in the development/QA environment remain separate and distinct from the production environment;
• Segregate duties between development and testing of software changes and migration of changes to the production environment;
• Implement security controls to restrict individuals who have development or testing responsibilities from migrating changes to the production environment;
• Create a process to log and review all source control activities;
• Implement a source control tool to ensure that all changes made to the production system are authorized, tested, and approved before migration to the production environment;
• Not make any development or code changes in a production environment.