Commonwealth Security Information. If the Transportation Provider obtains access to any Commonwealth Security Information in connection the Transportation Provider Subcontract, the Transportation Provider may only use such information for the purposes for which it obtained access. In using the information for such permitted purposes, the Transportation Provider shall limit access to the information only to its employees and other workforce members as necessary to perform the permitted purposes. The Transportation Provider shall not release or disclose such information except in accord with EOHHS’s express written instructions, unless such disclosure is Required by Law and then only in accordance with these Transportation Provider Performance Standards. While in possession of such information, the Transportation Provider shall apply all applicable privacy and security requirements set forth in these Transportation Provider Performance Standards to maintain the confidentiality, security, integrity and availability of such information. Notwithstanding any other provision in in these Transportation Provider Performance Standards, the Transportation Provider shall report any non- permitted use or disclosure of Commonwealth Security Information to EOHHS within twenty-four (24) hours following the date upon which the Transportation Provider becomes aware of the use or disclosure (or such earlier time as may be required under a Third-Party Agreement). The Transportation Provider shall immediately take all reasonable actions to retrieve such information if disclosed to any non-permitted person or entity; shall include a summary of such retrieval actions in its required report of the non-permitted disclosure; and shall take such further retrieval action as EOHHS may reasonably require. Notwithstanding any other provision in the Transportation Provider Subcontract regarding termination, the Transportation Provider may not retain any Commonwealth Security Information upon termination of the Transportation Provider Subcontract unless such information is expressly identified in any retention permission granted in accord. If retention is expressly permitted, all data protections stated herein survive termination of the Transportation Provider Subcontract and shall apply for as long as the Transportation Provider retains the information.
Commonwealth Security Information. “Commonwealth Security Information” shall mean all data that pertains to the security of the Commonwealth’s information technology, specifically, information pertaining to the manner in which the Commonwealth protects its information technology systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, or the provision of service to unauthorized users, including those measures necessary to detect, document and counter such threats.
Commonwealth Security Information. If the Provider obtains access to any Commonwealth Security Information, the Provider may only use such information for the purposes for which it obtained access. In using the information for such permitted purposes, the Provider shall limit access to the information only to its employees and other Workforce members as necessary to perform the permitted purposes. The Provider shall not release or disclose such information except in accord with EOHHS’ express written instructions, unless such disclosure is Required by Law and then only in accordance with the Contract (including this Appendix). While in possession of such information, the Provider shall apply all applicable privacy and security requirements set forth in the Contract (including this Appendix) to maintain the confidentiality, security, integrity and availability of such information. Notwithstanding any other provision in the Contract (including this Appendix), the Provider shall report any non-permitted use or disclosure of Commonwealth Security Information to EOHHS within twenty-four (24) hours following the date upon which the Provider becomes aware of the use or disclosure. The Provider shall immediately take all reasonable actions to retrieve such information if disclosed to any non-permitted person or entity; shall include a summary of such retrieval actions in its required report of the non-permitted disclosure; and shall take such further retrieval action as EOHHS may reasonably require. Notwithstanding any other provision in the Contract (including in this Appendix) regarding termination, the Provider may not retain any Commonwealth Security Information upon termination of the Contract unless such information is expressly identified in any retention permission granted in accord with Section 2.4 of Appendix A. If retention is expressly permitted, all data protections stated herein survive termination of the Contract and shall apply for as long as the Provider retains the information.
Commonwealth Security Information. If, through the MSA, Contractor obtains access to any Commonwealth Security Information, Contractor is prohibited from making any disclosures of or about such information, unless in accord with MassIT’s express written instructions. If Contractor is granted access to such information in order to perform its obligations under the MSA, Contractor may only use such information for the purposes for which it obtained access. In using the information for such permitted purposes, Contractor shall limit access to the information only to staff, subcontractors or agents necessary to perform the permitted purposes and it may release or disclose such information as may be Required by Law, and then only in accordance with this Agreement (including Section 2.7 hereof). While in possession of such information, Contractor shall apply all applicable privacy and security requirements set forth in this Agreement to maintain the confidentiality, security, integrity, and availability of such information. Notwithstanding any other provision in this Agreement, Contractor shall report any non-permitted use or disclosure of Commonwealth Security Information to MassIT within twenty-four (24) hours following the date upon which Contractor becomes aware of the use or disclosure. Contractor shall immediately take all reasonable and legal actions to retrieve such information if disclosed to any non-permitted individual or entity; shall include a summary of such retrieval actions in its required report of the non-permitted disclosure; and shall take such further commercially reasonable retrieval action as MassIT may require.
Commonwealth Security Information. If the Contractor obtains access to any Commonwealth Security Information in connection with this Agreement, the Contractor may only use such information for the purposes for which it obtained access. In using the information for such permitted purposes, the Contractor shall limit access to the information only to its employees and 1 EOTSS, Enterprise Information Security Policies and Standards, xxxxx://xxx.xxxx.xxx/handbook/enterprise- information-security-policies-and-standards (last visited July 1, 2021). other workforce members as necessary to perform the permitted purposes. The Contractor shall not release or disclose such information except in accord with EOHHS’s express written instructions, unless such disclosure is Required by Law and then only in accordance with this Agreement (including Section 2.2B hereof). While in possession of such information, the Contractor shall apply all applicable privacy and security requirements set forth in this Agreement to maintain the confidentiality, security, integrity and availability of such information. Notwithstanding any other provision in this Agreement, the Contractor shall report any non- permitted use or disclosure of Commonwealth Security Information to EOHHS within twenty-four
Commonwealth Security Information. If through this Contract, Harmony obtains access to any Commonwealth Security Information, Harmony is prohibited from making any disclosures of or about such information, unless in accord with EOHHS’s express written instructions. If Harmony is granted access to such information in order to perform its obligations under this Contract, Harmony may only use such information for the purposes for which it obtained access. In using the information for such permitted purposes, Harmony shall limit access to the information only to staff or agents necessary to perform the permitted purposes. While in possession of such information, Harmony shall apply all privacy and security requirements set forth herein, as applicable to maintain the confidentiality, security, integrity, and availability of such information. Notwithstanding any other provision in this Contract, Harmony shall report any non-permitted use or disclosure of such information to EOHHS immediately within twenty-four hours. Harmony shall immediately take all reasonable and legal actions to retrieve such information if disclosed to any non-permitted individual or entity; shall include a summary of such retrieval actions in its required report of the non-permitted disclosure; and shall take such further retrieval action as EOHHS shall require. Notwithstanding any other provision in this Contract regarding termination Harmony may not retain any Commonwealth Security Information upon termination of this Contract. If retention is expressly permitted, all data protections stated herein survive termination of this Contract and shall apply for as long as Harmony retains the information.
