Routine: RMPR4P23

RMPR4P23 ;PHX/HNB -PRINT PURCHASE CARD FORM ;3/1/1996

 ;;3.0;PROSTHETICS;**3,153,166**;Feb 09, 1996;Build 2

PRI ;ENTRY POINT FOR PRINTING PRIVACY ACT FOR 10-2421 AND 10-55 AND 2419

 W @IOF,!!,"Security Requirements Interim Guidance - January 2013 (Per Acquisition Policy"

 W !,"                 Flash 12-04, dated 2/2/12, suspending VAAR clause 852.273-75)",!

 W !,"A.    Any contractor and/or subcontractor retained to do work for VA under"

 W !,"this Contract that requires the access, use, storage, modification, or"

 W !,"transmission of VA Sensitive Personal Information (SPI) must follow and"

 W !,"adhere to the security controls, enhancements, compensating controls,"

 W !,"protocols, regulations, and VA directions as the Contracting Officer"

 W !,"(CO) shall direct, including, but not limited to those derived from the"

 W !,"Federal Information Security Management Act (FISMA), OMB Circular No."

 W !,"A-130, and VA Handbook 6500/6500.6.  The contractor must report any data"

 W !,"breach according to the protocols and timeframes in HB 6500.",!

PRI1 W !,"B.      If any contractor/sub-contractor retained to do work for VA under"

 W !,"this Contract requires access, use, etc., of VA SPI as aforesaid, and if an"

 W !,"actionable data breach occurs because of the contractor/subcontractor's acts,"

 W !,"omissions, or negligence in following the VA-directed security controls,"

 W !,"enhancements, compensating controls, protocols, and/or measures, including,"

 W !,"but not limited to the sources above, the contractor/subcontractor is"

 W !,"further subject to the statutory requirement to assess liquidated damages"

 W !,"against contractors and/or subcontractors under 38 U.S.C. §5725 in the event"

 W !,"of a breach of Sensitive Personal Information (SPI)/Personally Identifiable"

 W !,"Information (PII).  Said liquidated damages shall be assessed at $37.50"

 W !,"per affected Veteran or beneficiary.  A breach in this context includes"

 W !,"the unauthorized acquisition, access, use, or disclosure of VA SPI which"

 W !,"compromises not only the information's security or privacy but that of the"

 W !,"Veteran or beneficiary as well as the potential exposure or wrongful"

 W !,"disclosure of such information as a result of a failure to follow proper"

 W !,"data security controls and protocols."

--- Routine Detail   --- with STRUCTURED ROUTINE LISTING ---[H[J[2J[HRMPR4P23   2354     printed  Oct 16, 2024@18:33:33                                                                                                                                                                                                    Page 2

RMPR4P23  ;PHX/HNB -PRINT PURCHASE CARD FORM ;3/1/1996

 +1       ;;3.0;PROSTHETICS;**3,153,166**;Feb 09, 1996;Build 2

PRI       ;ENTRY POINT FOR PRINTING PRIVACY ACT FOR 10-2421 AND 10-55 AND 2419

 +1        WRITE @IOF,!!,"Security Requirements Interim Guidance - January 2013 (Per Acquisition Policy"

 +2        WRITE !,"                 Flash 12-04, dated 2/2/12, suspending VAAR clause 852.273-75)",!

 +3        WRITE !,"A.    Any contractor and/or subcontractor retained to do work for VA under"

 +4        WRITE !,"this Contract that requires the access, use, storage, modification, or"

 +5        WRITE !,"transmission of VA Sensitive Personal Information (SPI) must follow and"

 +6        WRITE !,"adhere to the security controls, enhancements, compensating controls,"

 +7        WRITE !,"protocols, regulations, and VA directions as the Contracting Officer"

 +8        WRITE !,"(CO) shall direct, including, but not limited to those derived from the"

 +9        WRITE !,"Federal Information Security Management Act (FISMA), OMB Circular No."

 +10       WRITE !,"A-130, and VA Handbook 6500/6500.6.  The contractor must report any data"

 +11       WRITE !,"breach according to the protocols and timeframes in HB 6500.",!

PRI1       WRITE !,"B.      If any contractor/sub-contractor retained to do work for VA under"

 +1        WRITE !,"this Contract requires access, use, etc., of VA SPI as aforesaid, and if an"

 +2        WRITE !,"actionable data breach occurs because of the contractor/subcontractor's acts,"

 +3        WRITE !,"omissions, or negligence in following the VA-directed security controls,"

 +4        WRITE !,"enhancements, compensating controls, protocols, and/or measures, including,"

 +5        WRITE !,"but not limited to the sources above, the contractor/subcontractor is"

 +6        WRITE !,"further subject to the statutory requirement to assess liquidated damages"

 +7        WRITE !,"against contractors and/or subcontractors under 38 U.S.C. 5725 in the event"

 +8        WRITE !,"of a breach of Sensitive Personal Information (SPI)/Personally Identifiable"

 +9        WRITE !,"Information (PII).  Said liquidated damages shall be assessed at $37.50"

 +10       WRITE !,"per affected Veteran or beneficiary.  A breach in this context includes"

 +11       WRITE !,"the unauthorized acquisition, access, use, or disclosure of VA SPI which"

 +12       WRITE !,"compromises not only the information's security or privacy but that of the"

 +13       WRITE !,"Veteran or beneficiary as well as the potential exposure or wrongful"

 +14       WRITE !,"disclosure of such information as a result of a failure to follow proper"

 +15       WRITE !,"data security controls and protocols."

 +16       QUIT

RMPR4P23.m