Information Security Requirements

Introduction

Protected Information is subject to the safeguarding procedures described in the Port Authority Information Security Handbook (“Handbook”). To access the Handbook, click here.

As a condition of  providing access  to Protected Information, The Port Authority of New York and New Jersey (“Port Authority”) requires each firm bidding or working on projects that will require access to Protected Information, whether retained by it or by other firms, to enter into a company Port Authority Non-Disclosure  and Confidentiality Agreement (NDA) with signed acknowledgements for all individuals requiring access, thereby ensuring that each such  firm understands that it is required to safeguard any such information provided, as well as its work product. Access to this information must be restricted to only those individuals with an established “need to know.”

This webpage summarizes the requirements that must be met in order to access Protected Information, as defined by Handbook. The Handbook governs the access and handling of Protected Information, and entities and individuals accessing this information must follow the requirements of the Handbook.

Submittal Instructions and Content

In order to grant an entity access to Protected Information, the entity must provide documentation to the Port Authority evidencing they meet the following requirements of the Information Security Handbook.

If the entity is seeking access to information as part of a solicitation/Bid, the interested entities are encouraged to submit these items as soon as possible, but should submit these items by the date/within the timeframe provided in the advertisement/solicitation, as the review process may take time, and may result in a delay in obtaining bid documents. Information that is submitted too close to the solicitation/Bid due date (as per the solicitation/Bid documents) may not be reviewed in time for entities to respond prior to the solicitation due date.

Documentation that the following requirements have been met must be emailed to the identified Procurement Specialist in order to establish eligibility to receive solicitation documents for projects where it has been determined that certain of the solicitation documents contain Protected Information.

The following items should be submitted to the Port Authority’s Procurement Specialist listed in the applicable solicitation documents.  Any questions concerning these requirements shall be directed to the Procurement Specialist listed in the applicable solicitation documents. Neither the Procurement Specialist, nor any employee of the Port Authority is authorized to give additional information as to its requirements. Such interpretation or additional information will be given only by written addendum to a Solicitation.

1. Identification for a Contact Person for the Entity

Submit the name, phone number, and email address of a designated representative for the entity.

2. Identification of Security Information Manager (SIM)

The entity shall submit the following information for its SIM(s):

  1. Full legal name
  2. Title
  3. Physical address
  4. Email address
  5. Phone number and fax number; and
  6. Proof that the SIM has been issued a SWAC Credential (see below).

The SIM must be a U.S. Citizen, or be an alien who has been lawfully admitted for permanent residency or employment. Refer to the Handbook for details on this policy.

Each entity seeking to be considered, who will have access to Protected Information, shall designate at least one (1) SIM responsible for each firm’s compliance with Information Security Requirements, identifying members of their teams who will need access to documents and for assuring that those members have passed the requisite background checks and have completed the requisite forms.

If a joint venture (JV) is seeking consideration, the entity shall be responsible for designating at least one (1) SIM in order to receive the Protected Information. This SIM shall be responsible for ensuring the JV’s compliance with Information Security Requirements, and ensuring that if an additional firm(s) will have access to Protected Information, such firm or firms shall designate a SIM.

The SIM will be responsible for maintaining his/her firm’s access list, in accordance with the Information Security Handbook.

3. Updated “Checklist of Documentation of Handbook Requirements”

The submission must include a chart listing all persons that may require access to Port Authority Protected Information, and set forth their status as to whether they have (1) undergone Port Authority Information Security Training; (2) executed a Port Authority Non-Disclosure and Confidentiality Agreement (NDA); (3) executed a Port Authority Exhibit A (4) executed an Exhibit B (if applicable); and (5) been issued a SWAC credential.

(Note: An NDA, Information Security Training, and SWAC are all required in order to access Protected Information.)

Please see the example below:

Checklist of Documentation of Handbook Requirements
Project:
Entity:
SIM:
Name Trained NDA Exhibit A (to NDA) Exhibit B (to NDA) Exhibit B (to NDA)
Luke Jones (Principal, C.E.O) 1/31/2017 1/31/2017
Noah Jacobs (Estimator) 2/12/2017 1/13/2017 Yes (5/9/20)
Melissa Manning (SIM) 1/12/2017 1/12/2017 Yes (8/14/19)
Franklyn Benjamin, P.E. (Sub-Contractor) 2/12/2017 2/15/2017 2/15/2017

4. Completion of SWAC Background Screening

  1. Applicant must complete online application. Click here to access.

    Notes:

    1. Applicant must present themselves and photo identification at a SWAC processing center
    2. Allow 1-2 weeks for SWAC processing approval
  2. Submit a photocopy (preferably in color) of the team member(s)’ SWAC card to the Port Authority.

5. Execution of Non-Disclosure and Confidentiality Agreement and Acknowledgements

  1. Execution of a company Non-Disclosure and Confidentiality Agreement (NDA), by a Principal or authorized executive of the prime, or of the JV.
  2. Execution of NDA Exhibit B, by each related entity (ex: subcontractor firm, subconsultant, vendor) who will have access to the Protected Information.
  3. Execution of NDA, Exhibit A, by each individual, from all entities who will have access to the Protected Information.
    1. Click here for NDA forms
    2. Click here for instructions on filling out the NDA forms

6. Completion of Information Security Handbook Training

  1. All persons who will access security documents must complete online training – click here to access
  2. Note: Each individual who will have access to the Protected Information must have completed Information Security Handbook Training within the last three years.

  3. A copy of the sign-in sheet for an in-person training, or copy of a completion certificate from the online program, must be submitted.

Notification

Notification as to whether a firm meets the Information Security Requirements will be made via email to the email address provided by the firm. Please note: documents that contain protected information will only be provided to an entity’s designated SIM or other individual who has provided documentation evidencing that they have met the Information Security Requirements.

 


Web Site Disclaimer    |    Privacy Statement
© 2001-CurrentYear The Port Authority of New York and New Jersey. All Rights Reserved.

The Port Authority of New York and New Jersey
(212) 435-7000  •  4 World Trade Center, 150 Greenwich Street, New York, NY 10007