Data Center and Monitoring/Support Locations. During the term of the Contract, Contractor will: (1) locate all production and disaster recovery data centers that store, process or transmit State data only in the continental United States, (2) store, process and transmit State data only in the continental United States, and (3) locate all monitoring and support of all the Cloud Services only in the continental United States. The State has the right to on-site visits and reasonable inspection of the data centers upon notice to Contractor of seven calendar days prior to visit.
Data Center and Monitoring/Support Locations. During the term of the Contract, Contractor will: (1) locate all production and disaster recovery data centers that store, process or transmit GRPUC data only in the continental United States, (2) store, process and transmit GRPUC data only in the continental United States, and (3) locate all monitoring and support of all Software Services only in the continental United States. GRPUC has the right to on-site visits and reasonable inspection of the data centers upon reasonable notice to Contractor prior to the visit.
Data Center and Monitoring/Support Locations. During the term of the Contract/Agreement, CONTRACTOR agrees to: (1) locate all production and disaster recovery data centers that store, process or transmit STATE data only in the continental United States, (2) store, process and transmit STATE data only in the continental United States, and (3) locate all monitoring and support of all the cloud computing or hosting services only in the continental United States. Customer has the right to on-site visits and reasonable inspection of the data centers upon notice to CONTRACTOR of seven calendar days prior to visit. Security Audits & Remediation CONTRACTOR will audit the security of the systems and processes used to provide any and all cloud computing or hosting services, including those of the data centers used by CONTRACTOR to provide any and all cloud computing or hosting services to the State of Minnesota. This audit: (A) will be performed at least once every calendar year beginning with 2019, or the year the Master Service Agreement is executed, whichever is later; (B) will be performed according to appropriate industry security standards (e.g., SSAE 16 SOC2); (C) will be performed by third party security professionals at CONTRACTOR’s election and expense; (D) will result in the generation of an audit report (“CONTRACTOR Audit Report”), which will, to the extent permitted by applicable law, be deemed confidential information and as non-public data under the Rules of Public Access; and (E) may be performed for other purposes in addition to satisfying this section. The CONTRACTOR Audit Report will address the control procedures used by CONTRACTOR to provide any and all cloud computing or hosting services, including specifically an assessment of whether
Data Center and Monitoring/Support Locations. During the term of the Contract, Contractor will: (1) locate all production and disaster recovery data centers that store, process or transmit State data only in the continental United States, (2) store, process and transmit State data only in the continental United States, and (3) locate all monitoring and support of all Cloud Services only in the continental United States. The State has the right to on-site visits and reasonable inspection of the data centers upon notice to Contractor of seven calendar days prior to visit. Security Audits & Remediation. If Applicable, Contractor will audit the security of the systems and processes used to provide any and all Cloud Services, including those of the data centers used by Contractor to provide any and all Cloud Services to the State. This security audit: (1) will be performed at least once every calendar year beginning with 2016; (2) will be performed according Statement on Standards for Attestation Engagements (“SSAE”) 16 Service Organization Control (“SOC”) 2, International Organization for Standardization (“ISO”) 27001, or FedRAMP; (3) will be performed by third party security professionals at Contractor’s election and expense; (4) will result in the generation of an audit report (“Contractor Audit Report”), which will, to the extent permitted by applicable law, be deemed confidential information and as not public data under the Minnesota Government Data Practices Act (Minnesota Statutes chapter 13); and (5) may be performed for other purposes in addition to satisfying this section. Upon the State’s reasonable, advance written request, Contractor will provide to the State a copy of the Contractor Audit Report. Contractor will make best efforts to remediate any control deficiencies identified in the Contractor Audit Report in a commercially reasonable timeframe. If the State becomes aware of any other Contractor controls that do not substantially meet the State’s requirements, the State may request remediation from Contractor. Contractor will make best efforts to remediate any control deficiencies identified by the State or known by Contractor, in a commercially reasonable timeframe. Subcontractors and Third Parties. Contractor warrants that no State data will be transmitted, exchanged or otherwise provided to other parties except as specifically agreed to in writing by the State Chief Information Security Officer or delegate. Contractor must ensure that any contractors, subcontractors, agents and others to...
Data Center and Monitoring/Support Locations. During the term of the Contract/Agreement, Contractor will:
