Specifications include, but are not limited to: The awarded vendor shall have an annual audit performed, by an independent audit firm of the awarded vendor's choosing, of the awarded vendor's [and any relevant sub-contractor’s] handling of sensitive data and FCPS’s critical functions, which are identified as Insurance Claims Processing Services (collectively referred to as the "Information Functions and/or Processes"), and shall address all areas relating to Information Technology security and Such audits shall be performed, at no additional expense to FCPS, in accordance with audit guidance: Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2) as published by the American Institute of Certified Public Accountants (AICPA) and as updated from time to time, or according to the most current audit guidance promulgated by the AICPA or similarlyrecognized professional organization, as agreed to by FCPS, to assess the security of outsourced client functions or data as follows: a. All SOC 2 Audits shall be performed on an annual basis and a final report(s) submitted to the Contract Manager by May 1 for the preceding calendar year. b. The SOC 2 Audit shall report on the awarded vendor's system and the suitability of the design and operating effectiveness of controls of the Information Functions and/or Processes to meet the requirements of the Contract, relevant to the following trust principles: Processing Integrity, Security, Availability, Confidentiality, and Privacy.