Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason:
(1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met:
(a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed.
(b) The Data will be Encrypted while within the Contractor network.
(c) The Data will remain Encrypted during transmission to the Cloud.
(d) The Data will remain Encrypted at all times while residing within the Cloud storage solution.
(e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS.
(f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks.
(g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network.
(2) Data will not be stored on an Enterprise Cloud storage solution unless either:
(a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or,
(b) The Cloud storage solution used is FedRAMP certified.
(3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.
Cloud storage. 9.17.15.1 Subrecipient and its Lower Tier Subrecipient(s) may not utilize cloud storage of County Information Assets without the prior express written authorization of County, after a review of the cloud service by County or its designee(s).
Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this Attachment. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason:
Cloud storage. Data requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DCYF nor the Contractor has control of the environment in which the Data is stored. For this reason:
(1) Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met:
(a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed;
(b) The Data will be Encrypted while within the Contractor network; (c). The Data will remain Encrypted during transmission to the Cloud;
Cloud storage. Use the cloud provider’s procedures to permanently delete the files and folders.
Cloud storage. DSHS/County Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS, the County, nor the Contractor have control of the environment in which the Data is stored. For this reason:
9.8.1. DSHS/County Data will not be stored on any consumer grade Cloud solution, unless all of the following conditions are met:
a. Contractor has written procedures in place governing the use of the Cloud storage and the Contractor attests in writing that all such procedures will be uniformly followed
b. The Data will be encrypted while within the Contractor network
c. The Data will remain encrypted during transmission to the Cloud
i. The Data will remain encrypted at all times while residing within the Cloud storage solution.
ii. The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or the County and DSHS.
iii. The Data will not be downloaded to non-authorized systems, meaning systems that are not either the County, DSHS or Contractor networks.
iv. The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the County, DSHS, or Contractor’s network.
9.8.2. Data will not be stored on an Enterprise Cloud storage solution unless either:
a. The Cloud storage provider is treated as any other Sub-Contractor and agrees in writing to all of the requirements within this exhibit, or
b. The Cloud storage solution used is FedRAMP certified
9.8.3. If the Data includes protected health information (PHI) covered by HIPPA, the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.
Cloud storage. DSHS data may not be stored on any medium not controlled by the Contractor. Storage on any Internet service such as DropBox, iCloud, Amazon Web Services, or any other Internet based storage system is not allowed.
Cloud storage. DSHS/County Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS, the County, nor the Contractor have control of the environment in which the Data is stored. For this reason: DSHS/County Data will not be stored on any consumer grade Cloud solution, unless all of the following conditions are met: Contractor has written procedures in place governing the use of the Cloud storage and the Contractor attests in writing that all such procedures will be uniformly followed The Data will be encrypted while within the Contractor network The Data will remain encrypted during transmission to the Cloud The Data will remain encrypted at all times while residing within the Cloud storage solution. The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or the County and DSHS. The Data will not be downloaded to non-authorized systems, meaning systems that are not either the County, DSHS or Contractor networks. The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the County, DSHS, or Contractor’s network. Data will not be stored on an Enterprise Cloud storage solution unless either: The Cloud storage provider is treated as any other Sub-Contractor and agrees in writing to all of the requirements within this exhibit, or The Cloud storage solution used is FedRAMP certified If the Data includes protected health information (PHI) covered by HIPPA, the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution. System Protection. To prevent compromise of systems which contain DSHS/County Data or through which that Data passes: Systems containing DSHS/County Data must have all security patches or hotfixes applied within 3 months of being made available. The Contractor will have a method of ensuring that the requisite patches and hotfixes have been applied within the required timeframes. Systems containing DSHS/County Data shall have an Anti-Malware application installed. Anti-Malware software shall be kept up to date. The product, its anti-virus engine, and any malware database the system uses, will be no more than one update behind current. DSHS/County Data must be segregated or otherwise distinguishable from non- DSHS/County data. This is to ensure that when no longer needed by...
Cloud storage. DSHS/SE WA ALTC COG Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither SE WA ALTC COG nor the Contractor has control of the environment in which the Data is stored. For this reason:
(1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met:
(a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed.
(b) The Data will be Encrypted while within the Contractor network.
(c) The Data will remain Encrypted during transmission to the Cloud.
(d) The Data will remain Encrypted at all times while residing within the Cloud storage solution.
(e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS/SE WA ALTC COG.
(f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks.
(g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor's network.
(2) Data will not be stored on an Enterprise Cloud storage solution unless either:
(a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or,
(b) The Cloud storage solution used is FedRAMP certified.
(3) If the Data includes Protected Health Information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.
Cloud storage. Data requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DCYF nor the Contractor has control of the environment in which the Data is stored. For this reason:
