- Created by Susan Pagan, last modified by Austin McGowan on Aug 10, 2023
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 34 Next »
This section lists the roles and responsibilities of those individuals that ISG Management has identified who play a part in the onboarding or offboarding of contractors to the QualityNet IT Services. Included is a general description of the role, the steps involved in the onboarding/offboarding process in which they participate, and who they interact with during each step.
CMS Contracting Officer's Representative
The CMS COR is an integral part of the ISG Contract Onboarding Services process, representing CMS and supporting the new contracting organization to ensure all CMS contract requirements are met and all new contractor questions and needs are addressed for a successful onboarding experience. In addition, the CMS COR assists in closing out contracts, which can include extending or transitioning efforts to a new contractor.
COR changes/updates should be sent to ISGContractorOnboardingServices@cms.hhs.gov.
Security Training
Refer to the Security tab on the QualityNet Communications Hub.
CMS COR Responsibilities
The CMS COR responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.
Onboarding Process | 60 Days Prior to Contract Award
|
---|---|
| |
| |
| |
| |
Offboarding Process | 60 Days Prior to Period of Performance Ending
|
Contract Maintenance | During the contract's Period of Performance (POP), there are three actions for QualityNet IT Services that may require CMS COR involvement:
|
ISG Contract Onboarding Services Team
The ISG Contract Onboarding Services team coordinates the transition between incoming and outgoing contracts. The team ensures all activities occur on schedule, addresses and supports activities as needed, and escalates any transition-related issues to ISG Management. The team includes CMS Service Leads who process all requests for approval of QualityNet IT Services.
Security Training
The ISG Contract Onboarding Services team is knowledgeable of the necessary security forms and requirements that need to be met by the New Contractor and works with the CMS COR and QualityNet Security with any questions posed by the contracting organization.
For additional security requirements and training, refer to the Security tab on the QualityNet Communications Hub.
ISG Contract Onboarding Services Team Responsibilities
The ISG Contract Onboarding Services team responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.
Onboarding Process | 60 Days Prior to Contract Award
|
---|---|
| |
| |
| |
Offboarding Process | 60 Days Prior to Period of Performance Ending
|
| |
Contract Maintenance | During the contract's Period of Performance (POP), there is one action for QualityNet IT Services that will require ISG Contract Onboarding Services team involvement:
|
Contractors
Contractors represent the organizations who are either onboarding or offboarding to QualityNet IT Services.
Security Training
As part of the Contract Onboarding Services process, contractors are required to designate at least one Security Official (SO) and Security Point of Contact (SPOC).
For additional security requirements and training, refer to Security Awareness and Training on the QualityNet Communications Hub.
Security Official
The SO is responsible for the following:
- Communicate to users in your organization how to request access to the QualityNet IT Services approved for your contract/organization.
- Review and approve all new user requests for these services.
NOTE: Only approve user requests that come directly from your contract/organization. - Remove users that no longer require access to these services.
- Approve other SOs within your organization, as needed, to assist with the above tasks.
Refer to the Security Official Role on the QualityNet | HARP page for instructions on requesting the SO role in HARP and a short video of the role. Once your request is approved, you will review and approve requests from members of your organization for access to the desired services. You will also remove users’ access to services no longer needed.
To ensure a smooth and quick start to utilizing the approved service(s), the Contract Onboarding Services team recommends the following actions be taken:
Ensure all users have HARP IDs.
For instructions on the process, refer to the QualityNet | HARP page.
Notify members that they may now request above services.
Refer to the QualityNet IT Services page for instructions on the user request process for each service.
Approve user access to the services.
As an approved SO for your organization, you can now approve or reject user role requests. For instructions on this process, refer to the Security Official Role tab on the QualityNet | HARP page.
Resources
Security Point of Contact
Each organization is required to designate at least one (1) Security Point of Contact (SPOC) who is responsible for ensuring the organization is compliant with CMS security requirements and policies. You may access the Policies/Procedures and Security Awareness Training by going to https://qnetconfluence.cms.gov/ and selecting Security. The SPOC is responsible for reporting and handling security incidents that occur within the organization.
When a contract is awarded, the CMS COR will designate the first SPOC who will be established in ServiceNow. When an organization needs to add, update, replace or make any changes to the SPOC it can be done via the HARP application following the instructions below. Once approved, the SPOC is stored and tracked through ServiceNow for general tracking and maintenance.
CCSQ ServiceNow - Refer to Security POC tab on this page for requesting assignment as your organization's SPOC for a program. Note that your CMS COR must have a HARP account for your request to be approved.
Security Awareness and Training
During the onboarding process, and before accessing any QualityNet system or application, each user must sign Rules of Behavior, complete the appropriate training, and provide evidence of training completion to their Security Point of Contact (SPOC); the SPOC will track all required training within their organization. In many cases, an annual attestation is also provided to the organization’s CMS Contracting Officer’s Representative (COR) as a deliverable.
For additional information, refer to the Security Awareness & Training page on the QualityNet Communications Hub.
Resources
QualityNet Security - Central source of security-related information and reference material.
Contractor Responsibilities
The Contractor responsibilities are presented following the timeline for the processes involved in onboarding or offboarding contractors to the QualityNet IT Services, as well as activities conducted during the contract's period of performance.
Onboarding Process |
|
---|---|
| |
| |
| |
Offboarding Process | 60 Days Prior to Period of Performance Ending
|
| |
Contract Maintenance | During the contract's Period of Performance (POP), there are two actions for QualityNet IT Services that will require Contractor involvement:
|
- QualityNet IT Services: Please Contact the Service Center by phone at 1-866-288-8914 (TRS: 711); by email at ServiceCenterSOS@cms.hhs.gov; or via Slack at #help-service-center-sos
- Contract Services (Onboarding/Offboarding): Please Contact the ISG Contract Onboarding Services team by email at ISGContractorOnboardingServices@cms.hhs.gov or via Slack at #help-contract-onboarding
- Contractors: If you have other questions, please reach out to your CMS COR.
Print Friendly Version
- No labels