Security Point of Contact Each organization is required to designate at least one (1) Security Point of Contact (SPOC) who is responsible for ensuring the organization is compliant with CMS security requirements and policies. You may access the Policies/Procedures and Security Awareness Training by going to https://qnetconfluence.cms.gov/ and selecting Security. The SPOC is responsible for reporting and handling security incidents that occur within the organization. When a contract is awarded, the CMS COR will designate the first SPOC who will be established in ServiceNow. When an organization needs to add, update, replace or make any changes to the SPOC it can be done via the HARP application following the instructions below. Once approved, the SPOC is stored and tracked through ServiceNow for general tracking and maintenance. CCSQ ServiceNow - Refer to Security POC tab on this page for requesting assignment as your organization's SPOC for a program. Note that your CMS COR must have a HARP account for your request to be approved.
Security Awareness and Training During the onboarding process, and before accessing any QualityNet system or application, each user must sign Rules of Behavior, complete the appropriate training, and provide evidence of training completion to their Security Point of Contact (SPOC); the SPOC will track all required training within their organization. In many cases, an annual attestation is also provided to the organization’s CMS Contracting Officer’s Representative (COR) as a deliverable. For additional information, refer to the Security Awareness & Training page on the QualityNet Communications Hub.
Resources CCSQ ServiceNow QualityNet Security - Central source of security-related information and reference material. |