OMB No. 0960-0760
AMENDMENT NUMBER 1 TO
USER AGREEMENT
BETWEEN
THE SOCIAL SECURITY ADMINISTRATION (SSA)
AND
__________________________________ (REQUESTING PARTY)
FOR CONSENT BASED SOCIAL SECURITY NUMBER VERIFICATION (CBSV)
SSA REIMBURSABLE AGREEMENT NUMBER RA-CBSV-09-______
1. SSA and Requesting Party are parties to User Agreement for CBSV, SSA Reimbursable Agreement Number RA-CBSV-_______. Under this User Agreement, SSA provides Requesting Party verification of Social Security Numbers (SSNs) with written consents from the SSN holders. A copy of the User Agreement is attached hereto.
2. In accordance with the provisions in Section XII (Amendments to Agreement) of the User Agreement, the parties hereby amend the User Agreement as follows:
a. Strike the second paragraph in Section VII, “Responsibilities,” in its entirety and replace it with the following language:
“The Requesting Party agrees to complete Form SSA-88 (Pre-Approval Form for CBSV – Attachment C).
“If the Requesting Party elects to have its employees to access CBSV by using either (1) SSA Business Services Online (BSO) in batch mode format, or (2) SSA BSO single request for real-time response option, the Requesting Party’s Responsible Company Official shall provide on Form SSA-88 the name, phone number, and email address of each employee authorized to use CBSV (Authorized User). The Requesting Party agrees to notify SSA if there is any change to employment status (including, but not limited to, long-term absence, termination of employment, or change of duties related to CBSV) for any Authorized User. The Requesting Party’s Responsible Company Official will also notify SSA if they wish to revoke any employee’s authorization to use CBSV. The registration process will be completed by issuance of a unique access code by SSA to the Responsible Company Official. The Responsible Company Official is required to provide this code to each Authorized User as authentication of that Authorized User’s relationship to the Requesting Party and authorization to submit such requests to CBSV.
“If the Requesting Party elects to use the Requesting Party’s web service platform client application to access CBSV, the Requesting Party’s Responsible Company Official shall provide his or her name, phone number and email address on Form SSA-88. With this option, the Responsible Company Official will be the representative Authorized User for the Requesting Party, will be responsible for all access requests made through the Requesting Party’s web service platform client application, and will be responsible for complying with the requirement under this User Agreement to maintain an audit trail to track all CBSV activities of each company employee.”
b. Add at the end of Section VIII, “Technical Specifications and Systems Security & Related Business Process Requirements,” before Section IX, the following language:
“If the Requesting Party accesses CBSV through the web service platform client application, the Requesting Party must maintain an automated audit trail record identifying either the individual user, or the system process, that initiated a request for information from SSA. Every request for information from SSA must be traceable to the individual or system process that initiated the transaction. At a minimum, individual audit trail records must contain the data needed to associate each query transaction to its initiator and relevant business purpose (i.e. the outside entity’s client record for which SSA data was requested), and each transaction must be time and date stamped. Each query transaction must be stored in the audit file as a separate record, not overlaid by subsequent query transactions.
“In all instances of access to CBSV, if SSA-supplied information is retained in the Requesting Party's system, or if certain data elements within the Requesting Party's system will indicate to users that the information has been verified by SSA, the Requesting Party's system also must capture an audit trail record of any user who views SSA information stored within the Requesting Party's system. The audit trail requirements for these inquiry transactions are the same as those outlined above for the Requesting Party’s access to CBSV through the web service platform client application.”
c. Strike Section XIII, Indemnification, in its entirety, and replace it with the following:
“XIII. Indemnification
“Notwithstanding any other provision of this User Agreement, the Requesting Party agrees to indemnify and hold SSA harmless from all claims, actions, causes of action, suits, debts, dues, controversies, restitutions, damages, losses, costs, fees, judgments, and any other liabilities caused by, arising out of, associated with, or resulting directly or indirectly from, any acts or omissions of the Requesting Party, including but not limited to the disclosure or use of such information by the Requesting Party or its Principal, or any errors in information provided to the Requesting Party under this User Agreement. SSA shall not be responsible for any financial loss or other loss incurred by the Requesting Party, whether directly or indirectly, through the use of any data furnished pursuant to this User Agreement. SSA shall not be responsible for reimbursing the Requesting Party any costs incurred by the Requesting Party pursuant to this User Agreement.”
d. Strike from Attachment C – Form SSA-88 the following item number 5 in its entirety:
“5. SSN of Employee(s) Authorized to Use CBSV:”
and renumber the remaining items numbered 6, 7, and 8 on Attachment C – Form SSA‑88 as 5, 6, and 7 respectively;
and add as a footnote to the section heading “EMPLOYEE(S) AUTHORIZED TO USE CBSV,” the following language:
“*If your company will access CBSV solely through a web service platform, please provide corresponding information of the Responsible Company Official as the employee authorized to use CBSV.”
e. Add after item number 16 under “Compliance Review Criteria” of Attachment E, “CBSV Compliance Review (Audit) – Criteria,” the following language:
“17. Verify that the Requesting Party’s audit trail and retrieval capabilities by requesting a demonstration of the system’s tracking of the activity of Authorized Users who request information or view SSA-supplied information within Requesting Party’s system.”
4. With the exception of the above modifications, all other provisions of the User Agreement remain in full force and effect for the duration of the User Agreement.
The signatories below warrant and represent that they have the competent authority on behalf of their respective agencies to enter into the obligations set forth in this Amendment.
For the Requesting Party: For the Social Security Administration:
___________________________________ __________________________________
_________________ ____________________
DATE DATE
| File Type | application/msword |
| File Title | MODIFICATION TO |
| Author | 534249 |
| Last Modified By | 666429 |
| File Modified | 2008-07-08 |
| File Created | 2008-07-08 |