Common use of Access to Agency Data Clause in Contracts

Access to Agency Data. As of September 1, 2021, all A&M System members must require any vendor that is authorized to access, transmit, use, or store data for the A&M member to meet the security controls the A&M member determines are appropriate. The vendor must also periodically provide the A&M member with evidence that the vendor meets the security controls required in the contract. A&M System members should consult with their IT/security teams to determine the appropriate security controls for each applicable vendor and also include the below provision in the vendor contract: Pursuant to Section 2054.138, Texas Government Code, [CONTRACTING PARTY] shall implement and maintain appropriate administrative, technical, and physical security measures, including without limitation, [the security controls attached hereto as Exhibit ____, as may be amended from time to time] [the security controls available at _________, as may be amended from time to time] (the “Security Controls”), to safeguard and preserve the confidentiality, integrity, and availability of [MEMBER’s] data. [CONTRACTING PARTY] shall periodically provide [MEMBER] with evidence of its compliance with the Security Controls within thirty (30) days of [MEMBER’s] request.