Common use of Cloud storage Clause in Contracts

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) a. DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) i. Contractor has written procedures in place governing use of the Cloud storage and Contractor attests attest to the contact listed in the contract and keep a copy of that attestation for your records in writing that all such procedures will be uniformly followed. (b) ii. The Data will be Encrypted while within the Contractor network. (c) iii. The Data will remain Encrypted during transmission to the Cloud. (d) iv. The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) v. The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHSContractor. (f) vi. The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networkscontractor network. (g) vii. The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractorcontractor’s network. (2) b. Data will not be stored on an Enterprise Cloud storage solution unless either: (a) i. The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) ii. The Cloud storage solution used is FedRAMP certifiedHIPAA compliant. (3) c. If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor Indian Nation has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor Indian Nation has written procedures in place governing use of the Cloud storage and Contractor Indian Nation attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor Indian Nation network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor Indian Nation will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor Indian Nation and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor Indian Nation networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or ContractorIndian Nation’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests attest to the contact listed in the contract and keep a copy of that attestation for your records in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHSContractor. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networkscontractor network. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractorcontractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certifiedHIPAA compliant. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following thefollowing conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS DOC Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS DOC nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS DOC Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHSDOC. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS DOC or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS DOC or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met:: Exhibit (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor Contrac- tor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network.an (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all ail such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s 's network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, Contractor and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.

Cloud storage. DSHS Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DSHS Data will not be stored in any consumer Customer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DSHS. (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DSHS or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DSHS or Contractor’s network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution.