DHHS requires employees and contractors to protect the Department's data by complying with the DHHS Information Security Program Handbook. As part of NIH and DHHS, NCI is subject to this policy, which requires contractor personnel to fulfill a number of requirements. Below is a brief summary of the requirements:
- The project officer must maintain a roster of contractor personnel for use as a tool to track compliance for each contractor working on a project.
- Contractor staff with access to NIH or NIH computer resources must complete and submit all forms required for initiation of a background investigation.
- Contractor staff with access to NIH computer resources must meet the NIH security training requirements.
- Contractor staff with access to sensitive information must sign a Non-Disclosure Agreement.
- Contractors must complete the IT security separation checklist for staff leaving the contract and return the completed form to the appropriate project officer.
The contractor may be required to submit a System Security Plan based upon AIS security contract language. Follow the appropriate links below for more information and resources on: