Safeguarding SSA Provided Electronic Information
SSA requires electronic data exchange partners to meet information security safeguards requirements, which are intended to protect SSA provided information from unauthorized access and improper disclosure. As a prerequisite to receiving our information, SSA must certify that new electronic data exchange partners are in full compliance with our safeguard requirements. Moreover, SSA conducts triennial security reviews of all electronic data exchange partners to ensure their ongoing compliance with our safeguard requirements.
To assist data exchange partners in meeting our safeguard requirements, once a formal agreement is in place, SSA provides to them the document, Electronic Information Exchange Security Requirements and Procedures For State and Local Agencies Exchanging Electronic Information With The Social Security Administration. The document provides a detailed description of management, operational and technical controls SSA requires of electronic data exchange partners to safeguard its information. The foundation for the requirements are the Federal Information Security Management Act (FISMA), Public Law (P.L.) 107-347, the Privacy Act of 1974 and SSA’s own policies, procedures and directives.
Federal electronic data exchange partners are required to meet FISMA information security requirements. As such, they are neither subject to SSA's information security requirements nor our triennial security reviews.