Additional Data Security Requirements. 00763-00001/4199055.1
Additional Data Security Requirements. The Provider agrees to the following privacy and security standards. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data or Teacher Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data or Teacher Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data or Teacher Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data or Teacher Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default...
Additional Data Security Requirements. Authorized Representative of Company Date
1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and the LEA to any other school district (“Subscribing LEA”) who accepts this General Offer though its signature below. The Provider agrees that the information on the next page will be replaced throughout the Agreement with the information specific to the Subscribing LEA filled on the next page for the Subscribing LEA. This General Offer shall extend only to privacy protections and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing XXX may also agree to change the data provide by XXX to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues;
Additional Data Security Requirements. Please visit our security page for additional information: xxxxx://xxxx.xxxxxxxxx.xxx/privacy-and-security/how-socrative-keeps-your-data-safe
Additional Data Security Requirements. DSHS shall provide DSHS laptop computers to Contractor staff authorized to access the DSHS systems and data. Using those computers, Contractor shall access DSHS systems within the State Government Network (SGN) using WaTech provided Virtual Private Network (VPN). Contractor staff will not have an administrative account on the DSHS provided device and will not change or attempt to change or bypass any security controls configured by DSHS before Contractor receives the device. Contractor may be allowed access to all applicable DSHS programs, systems, and databases upon completion of the remote access agreement, the confidentiality agreement, and in accordance with the following to complete authorized work by the Program:
a. Purpose
(1) Activity for which the Data is needed: To research client information to prepare for all visit types, and to document Statement of Deficiencies produced for ALTSA/RCS.
(2) How Data Recipient will use Data: Evaluators will use the applicable DSHS systems to access client information and provider compliance history in order to plan, execute and complete the Evaluation process, including the preparation of the final report.
b. Description of Data and Data Elements:
(1) The STARS system contains data related to the providers that will be evaluated. No client data is included in the STARS system. Provider data includes, but is not limited to, names (such as d/b/a names), location addresses, license number, certification number, contact information, and previous enforcement actions, complaints and dispositions,
(2) The CARE system contains Client data, including PHI. Such data includes, but is not limited to, name, location, health status, care plans, emergency contact information, and psychosocial information.
(3) Timeframe(s) for Data disclosure or exchange: As needed.
(4) Conditions under which, if any, that Data disclosed or exchanged can be linked to other data: Not Applicable.
c. Data Access or Transfer
(1) Method: Contractors must use a state-issued laptop to access the Washington state government’s VPN through which its staff will have access to applicable DSHS systems and program applications
Additional Data Security Requirements. See Privacy Policy at xxx.xxxxxxxxxxxxx.xxx 00763-00001/4199055.1
Additional Data Security Requirements. Dedicated Security Team Physical Security: Our offices have an access control and surveillance monitoring solution and 24/7/365 security guards on premises. Device Security: We use Two-Factor Authentication (2FA), which requires separate hardware for authentication for all of our SSO-enabled SaaS applications. We use full disk encryption, vulnerability management, centralized MDM management, and we utilize virus control software.
Additional Data Security Requirements. DSHS shall provide DSHS laptop computers to Contractor staff authorized to access the DSHS systems and data. Using those computers, Contractor shall access DSHS systems within the State Government Network (SGN) using WaTech provided Virtual Private Network (VPN). Contractor staff will not have an administrative account on the DSHS provided device and will not change or attempt to change or bypass any security controls configured by DSHS before Contractor receives the device. Contractor may be allowed access to all applicable DSHS programs, systems, and databases upon completion of the remote access agreement, the confidentiality agreement, and in accordance with the following to complete authorized work by ALTSA/RCS and DDA: Purpose
(1) Activity for which the Data is needed: To research client information to prepare for all visit types, and to document Statement of Deficiencies produced for ALTSA/RCS.
(2) How Data Recipient will use Data: Evaluators will use the applicable systems for client information and compliance history. Description of Data
(1) Data elements: All data related to ALTSA/RCS Certified Community Residential Services and Supports Providers (CCRSS) (2) Timeframe(s) for Data disclosure or exchange: As needed
(3) Conditions under which, if any, that Data disclosed or exchanged can be linked to other data: Not Applicable Data Access or Transfer
(1) Method: Contractors must use the VPN to access applicable DSHS systems and program applications.
Additional Data Security Requirements. DSHS shall provide DSHS laptop computers to Contractor staff authorized to access the DSHS systems and data. Using those computers, Contractor shall access DSHS systems within the State Government Network (SGN) using WaTech provided Virtual Private Network (VPN). Contractor staff will not have an administrative account on the DSHS provided device and will not change or attempt to change or bypass any security controls configured by DSHS before Contractor receives the device. Contractor may be allowed access to all applicable DSHS programs, systems, and databases upon completion of the remote access agreement, the confidentiality agreement, and in accordance with the following to complete authorized work by the Program: Purpose:
(1) Activity for which the Data is needed: To research client information to prepare for all visit types, and to document Statement of Deficiencies produced for ALTSA/RCS.
(2) How Data Recipient will use Data: Evaluators will use the applicable DSHS systems to access client information and provider compliance history in order to plan, execute and complete the Evaluation process, including the preparation of the final report.
Additional Data Security Requirements. LEA must only transfer PII to Operator using secure transfer methods, including but not limited to https and sFTP. PII should not be transferred via insecure methods, such as email. LEA takes full responsibility for any unauthorized data disclosure that is a direct result of LEA's insecure transfer of PII to the Operator.
