Client Management Suite Software

The vendor is required to provide client management suite software.
- Information security program shall include the creation and maintenance of information security policies, standards, and procedures. 
- Information security policies, standards, and procedures will be communicated to all contractor employees in a relevant, accessible, and understandable form and will be regularly reviewed and evaluated to ensure operational effectiveness, compliance with all applicable laws and regulations, and addresses new and emerging threats and risks.
- The contractor’s information security program shall:
• Protect the confidentiality, integrity, and availability of county information in the contractor’s possession or control;
• Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of county information;
• Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of county information;
• Protect against accidental loss or destruction of, or damage to, county information; and
• Safeguard county information in compliance with any applicable laws and regulations which apply to the contractor. 
- These privacy policies, guidelines, procedures, and appropriate training will be provided to all contractor employees, agents, and volunteers.
- Secure authentication: the importance of utilizing secure authentication, including proper management of authentication credentials (login name and password) and multi-factor authentication.
- Social engineering attacks: identifying different forms of social engineering including, but not limited to, phishing, phone scams, and impersonation calls.
- Handling of county information: the proper identification, storage, transfer, archiving, and destruction of county information.
- Causes of unintentional information exposure: provide awareness of causes of unintentional exposure of information such as lost mobile devices, emailing information to inappropriate recipients, etc.
- Identifying and reporting incidents: awareness of the most common indicators of an incident and how such indicators should be reported within the organization.
- Network access to both internal and external networked services shall be controlled, including, but not limited to, the use of industry standard and properly configured firewalls;
- Operating systems will be used to enforce access controls to computer resources including, but not limited to, multi-factor authentication, use of virtual private networks (VPN), authorization, and event logging;
- Conduct regular, no less often than semi-annually, user access reviews to ensure that unnecessary and/or unused access to county information is removed in a timely manner;
- Applications will include access control to limit user access to county information and application system functions.
- Contract Period/Term: 1 year