Common use of Data Security and Integrity Clause in Contracts

Data Security and Integrity. All facilities, whether Vendor hosted or Third-Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service(s) availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for City Data. Such measures, when applicable due to the presence of Protected Information, include, but are not limited to, all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §00-00-000 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. Vendor shall submit to Xxxxxxxx, within fifteen (15) Calendar Days of Xxxxxxxx’x written request, copies of Vendor’s policies and procedures to maintain the confidentiality of protected health information to which Vendor has access, and if applicable, Vendor shall comply with all HIPAA requirements contained herein or attached as an exhibit. Vendor warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. Vendor shall use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to, anti-virus and anti-malware protections and intrusion detection and reporting in providing Services under this Agreement. Vendor shall ensure that any underlying or integrated software employed by the Service(s) is updated on a regular basis and does not pose a threat to the security of the Service(s). Vendor shall, and shall cause its Subcontractors, to do all of the following: Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. Maintain network, system(s), and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or Enhancements consistent with evolving industry standards. Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. Comply with all rules, policies, procedures, and standards that are issued by Xxxxxxxx’x Technology Services Security Section. Subject to Vendor’s reasonable access security requirements and upon reasonable prior notice, Vendor shall provide Xxxxxxxx with scheduled access for the purpose of inspecting and monitoring access and use of City Data, maintaining City systems, and evaluating physical and logical security control effectiveness. Vendor shall perform current background checks in a form reasonably acceptable to Xxxxxxxx on all of its respective employees and agents performing services or having access to City Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. A background check performed within thirty (30) Calendar Days prior to the date such employee or agent begins performance or obtains access to City Data shall be deemed to be current. Vendor will provide notice to the security and compliance representative for Xxxxxxxx indicating that background checks have been performed. Such notice will inform Xxxxxxxx of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. If Vendor will have access to Tax Information under the Agreement, Vendor shall comply with the background check requirements defined in IRS Publication 1075 and § 24-50-1002, C.R.S. If applicable, Vendor shall use, hold, and maintain Confidential and Protected Information in compliance with all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. Prior to the Effective Date of this Agreement, Vendor will, at its expense, conduct or will have conducted the following, and thereafter, Vendor will, at its expense, conduct or will have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Incident: A SSAE 16/SOC 2 or other mutually agreed upon audit of Vendor’s security policies, procedures and controls; A quarterly external and internal vulnerability scan of Vendor’s Systems and facilities, to include public facing websites that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; A formal penetration test, performed by a process and qualified personnel of Vendor’s Systems and facilities that are used in any way to deliver Services under this Agreement. Vendor will provide Xxxxxxxx the reports or other Documentation resulting from the above audits, certifications, scans and tests within seven (7) Calendar Days of Vendor’s receipt of such results, if requested by Xxxxxxxx. Based on the results and recommendations of the above audits, certifications, scans and tests, Vendor will, within thirty (30) Calendar Days of receipt of such results, promptly modify its security measures to meet its obligations under this Agreement and provide Xxxxxxxx with written evidence of remediation. Xxxxxxxx may require, at its expense, that Vendor perform additional audits and tests, the results of which will be provided to Xxxxxxxx within seven (7) Calendar Days of Vendor’s receipt of such results. Vendor shall protect data against deterioration or degradation of data quality and authenticity, including, but not limited to annual Third Party data integrity audits. Vendor will provide Xxxxxxxx the results of the above audits, if requested by Xxxxxxxx. Except as otherwise expressly prohibited by law, Vendor will: If required by a court of competent jurisdiction or an administrative body to disclose City Data, Vendor will notify Xxxxxxxx in writing immediately upon receiving notice of such requirement and prior to any such disclosure; Consult with Xxxxxxxx regarding its response; Cooperate with Xxxxxxxx’x reasonable requests in connection with efforts by City to intervene and quash or modify the legal order, demand or request; and Upon request, provide Xxxxxxxx with a copy of its response. If Xxxxxxxx receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Vendor, Xxxxxxxx will promptly provide a copy to Vendor. Vendor will supply Xxxxxxxx with copies of data required for Xxxxxxxx to respond within forty-eight (48) hours after receipt of copy from Xxxxxxxx and will cooperate with Xxxxxxxx’x reasonable requests in connection with its response.

Data Security and Integrity. 1. All facilities, whether Vendor hosted or Third-Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service(s) availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for City Data. Such measures, when applicable due to the presence of Protected Information, include, but are not limited to, all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §00-00-000 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. Vendor shall submit to Xxxxxxxx, within fifteen (15) Calendar Days of Xxxxxxxx’x written request, copies of Vendor’s policies and procedures to maintain the confidentiality of protected health information to which Vendor has access, and if applicable, Vendor shall comply with all HIPAA requirements contained herein or attached as an exhibit. 2. Vendor warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. 3. Vendor shall use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to, anti-virus and anti-anti- malware protections and intrusion detection and reporting in providing Services under this Agreement. Vendor shall ensure that any underlying or integrated software employed by the Service(s) is updated on a regular basis and does not pose a threat to the security of the Service(s). 4. Vendor shall, and shall cause its Subcontractors, to do all of the following: : a. Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. . b. Maintain network, system(s), and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or Enhancements consistent with evolving industry standards. . c. Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. . d. Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. . e. Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. . f. Comply with all rules, policies, procedures, and standards that are issued by Xxxxxxxx’x Technology Services Security Section. . g. Subject to Vendor’s reasonable access security requirements and upon reasonable prior notice, Vendor shall provide Xxxxxxxx with scheduled access for the purpose of inspecting and monitoring access and use of City Data, maintaining City systems, and evaluating physical and logical security control effectiveness. . h. Vendor shall perform current background checks in a form reasonably acceptable to Xxxxxxxx on all of its respective employees and agents performing services or having access to City Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. A background check performed within thirty (30) Calendar Days prior to the date such employee or agent begins performance or obtains access to City Data shall be deemed to be current. . i. Vendor will provide notice to the security and compliance representative for Xxxxxxxx indicating that background checks have been performed. Such notice will inform Xxxxxxxx of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. . j. If Vendor will have access to Tax Information under the Agreement, Vendor shall comply with the background check requirements defined in IRS Publication 1075 and § 24-50-1002, C.R.S. If applicable, Vendor shall use, hold, and maintain Confidential and Protected Information in compliance with all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. Prior to the Effective Date of this Agreement, Vendor will, at its expense, conduct or will have conducted the following, and thereafter, Vendor will, at its expense, conduct or will have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Incident: A SSAE 16/SOC 2 or other mutually agreed upon audit of Vendor’s security policies, procedures and controls; A quarterly external and internal vulnerability scan of Vendor’s Systems and facilities, to include public facing websites that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; A formal penetration test, performed by a process and qualified personnel of Vendor’s Systems and facilities that are used in any way to deliver Services under this Agreement. Vendor will provide Xxxxxxxx the reports or other Documentation resulting from the above audits, certifications, scans and tests within seven (7) Calendar Days of Vendor’s receipt of such results, if requested by Xxxxxxxx. Based on the results and recommendations of the above audits, certifications, scans and tests, Vendor will, within thirty (30) Calendar Days of receipt of such results, promptly modify its security measures to meet its obligations under this Agreement and provide Xxxxxxxx with written evidence of remediation. Xxxxxxxx may require, at its expense, that Vendor perform additional audits and tests, the results of which will be provided to Xxxxxxxx within seven (7) Calendar Days of Vendor’s receipt of such results. Vendor shall protect data against deterioration or degradation of data quality and authenticity, including, but not limited to annual Third Party data integrity audits. Vendor will provide Xxxxxxxx the results of the above audits, if requested by Xxxxxxxx. Except as otherwise expressly prohibited by law, Vendor will: If required by a court of competent jurisdiction or an administrative body to disclose City Data, Vendor will notify Xxxxxxxx in writing immediately upon receiving notice of such requirement and prior to any such disclosure; Consult with Xxxxxxxx regarding its response; Cooperate with Xxxxxxxx’x reasonable requests in connection with efforts by City to intervene and quash or modify the legal order, demand or request; and Upon request, provide Xxxxxxxx with a copy of its response. If Xxxxxxxx receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Vendor, Xxxxxxxx will promptly provide a copy to Vendor. Vendor will supply Xxxxxxxx with copies of data required for Xxxxxxxx to respond within forty-eight (48) hours after receipt of copy from Xxxxxxxx and will cooperate with Xxxxxxxx’x reasonable requests in connection with its response.C.R.

Data Security and Integrity. All facilities, whether Vendor hosted or Third-Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service(s) availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for City Data. Such measures, when applicable due to the presence of Protected Information, include, but are not limited to, all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §00-00-000 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. Vendor shall submit to Xxxxxxxx, within fifteen (15) Calendar Days of Xxxxxxxx’x written request, copies of Vendor’s policies and procedures to maintain the confidentiality of protected health information to which Vendor has access, and if applicable, Vendor shall comply with all HIPAA requirements contained herein or attached as an exhibit. Vendor warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. Vendor shall use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to, anti-virus and anti-malware protections and intrusion detection and reporting in providing Services under this Agreement. Vendor shall ensure that any underlying or integrated software employed by the Service(s) is updated on a regular basis and does not pose a threat to the security of the Service(s). Vendor shall, and shall cause its Subcontractors, to do all of the following: Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. Maintain network, system(s), and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or Enhancements consistent with evolving industry standards. Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. Comply with all rules, policies, procedures, and standards that are issued by Xxxxxxxx’x Technology Services Security Section. Subject to Vendor’s reasonable access security requirements and upon reasonable prior notice, Vendor shall provide Xxxxxxxx with scheduled access for the purpose of inspecting and monitoring access and use of City Data, maintaining City systems, and evaluating physical and logical security control effectiveness. Vendor shall perform current background checks in a form reasonably acceptable to Xxxxxxxx on all of its respective employees and agents performing services or having access to City Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. A background check performed within thirty (30) Calendar Days prior to the date such employee or agent begins performance or obtains access to City Data shall be deemed to be current. Vendor will provide notice to the security and compliance representative for Xxxxxxxx indicating that background checks have been performed. Such notice will inform Xxxxxxxx of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. If Vendor will have access to Tax Information under the Agreement, Vendor shall comply with the background check requirements defined in IRS Publication 1075 and § 24-50-1002, C.R.S. If applicable, Vendor shall use, hold, and maintain Confidential and Protected Information in compliance with all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. Prior to the Effective Date of this Agreement, Vendor will, at its expense, conduct or will have conducted the following, and thereafter, Vendor will, at its expense, conduct or will have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Incident: A SSAE 16/SOC 2 or other mutually agreed upon audit of Vendor’s security policies, procedures and controls; A quarterly external and internal vulnerability scan of Vendor’s Systems and facilities, to include public facing websites that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; A formal penetration test, performed by a process and qualified personnel of Vendor’s Systems and facilities that are used in any way to deliver Services under this Agreement. Vendor will provide Xxxxxxxx the reports or other Documentation resulting from the above audits, certifications, scans and tests within seven (7) Calendar Days of Vendor’s receipt of such results, if requested by Xxxxxxxx. Based on the results and recommendations of the above audits, certifications, scans and tests, Vendor will, within thirty (30) Calendar Days of receipt of such results, promptly modify its security measures to meet its obligations under this Agreement and provide Xxxxxxxx with written evidence of remediation. Xxxxxxxx may require, at its expense, that Vendor perform additional audits and tests, the results of which will be provided to Xxxxxxxx within seven (7) Calendar Days of Vendor’s receipt of such results. Vendor shall protect data against deterioration or degradation of data quality and authenticity, including, but not limited to annual Third Party data integrity audits. Vendor will provide Xxxxxxxx the results of the above audits, if requested by Xxxxxxxx. Except as otherwise expressly prohibited by law, Vendor will: If required by a court of competent jurisdiction or an administrative body to disclose City Data, Vendor will notify Xxxxxxxx in writing immediately upon receiving notice of such requirement and prior to any such disclosure; Consult with Xxxxxxxx regarding its response; Cooperate with Xxxxxxxx’x reasonable requests in connection with efforts by City to intervene and quash or modify the legal order, demand or request; and Upon request, provide Xxxxxxxx with a copy of its response. If Xxxxxxxx receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Vendor, Xxxxxxxx will promptly provide a copy to Vendor. Vendor will supply Xxxxxxxx with copies of data required for Xxxxxxxx to respond within forty-eight (48) hours after receipt of copy from Xxxxxxxx and will cooperate with Xxxxxxxx’x reasonable requests in connection with its response.

Data Security and Integrity. 8.1 All facilities, whether Vendor Contractor hosted or Third-Third Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service(s) Service availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for the City Data. Such measures, when applicable due to the presence of Protected Information, measures include, but are not limited to, to all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (viv) the Family Education Rights and Privacy Act (FERPA), (viivi) §00-00-000 et seq., (viiivii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ixviii) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. Vendor The Contractor shall submit to Xxxxxxxxthe Manager, within fifteen (15) Calendar Days days of Xxxxxxxx’x the Manager’s written request, copies of Vendorthe Contractor’s policies and procedures to maintain the confidentiality of protected health information to which Vendor the Contractor has access, and if applicable, Vendor Contractor shall comply with all HIPAA requirements contained herein or attached as an exhibit. Vendor herein. 8.2 Contractor warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. Vendor The City may allow exceptions to encryption, however any limitations to this provision will be by written agreement between the Parties. 8.3 Contractor shall at all times use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to, to anti-virus and anti-malware protections and intrusion detection and reporting in providing Services under this Agreement. Vendor shall ensure that any underlying or integrated software employed by the Service(s) is updated on a regular basis and does not pose a threat to the security of the Service(s). Vendor . 8.4 Contractor shall, and shall cause its Subcontractors, to do all of the following: : 8.4.1 Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. . 8.4.2 Maintain network, system(s)system, and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or Enhancements enhancements consistent with evolving industry standards. . 8.4.3 Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. . 8.4.4 Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. . 8.4.5 Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. . 8.4.6 Comply with all rules, policies, procedures, and standards that are issued by Xxxxxxxx’x the City’s Technology Services Security Section. . 8.4.7 Subject to VendorContractor’s reasonable access security requirements and upon reasonable prior notice, Vendor Contractor shall provide Xxxxxxxx the City with scheduled access for the purpose of inspecting and monitoring access and use of City Data, maintaining City systems, and evaluating physical and logical security control effectiveness. Vendor . 8.4.8 Contractor shall perform current background checks in a form reasonably acceptable to Xxxxxxxx the City on all of its respective employees and agents performing services or having access to City Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. A background check performed within thirty (30) Calendar Days 30 days prior to the date such employee or agent begins performance or obtains access to City Data shall be deemed to be current. Vendor . 8.4.9 Contractor will provide notice to the security and compliance representative Project Manager for Xxxxxxxx the City indicating that background checks have been performed. Such notice will inform Xxxxxxxx the City of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. . 8.4.10 If Vendor Contractor will have access to Federal Tax Information under the Agreement, Vendor Contractor shall comply with the background check requirements defined in IRS Publication 1075 and § §24-50-1002, C.R.S. If applicable, Vendor C.R.S. 8.5 Contractor shall use, hold, and maintain Confidential and Protected Information in compliance with any and all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. . 8.6 Prior to the Effective Date of this Agreement, Vendor willContractor, will at its expense, expense conduct or will have conducted the following, and thereafter, Vendor will, Contractor will at its expense, expense conduct or will have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Incident: : 8.6.1 A SSAE 16/SOC 2 or other mutually agreed upon audit of VendorContractor’s security policies, procedures and controls; ; 8.6.2 A quarterly external and internal vulnerability scan of VendorContractor’s Systems systems and facilities, to include public facing websites websites, that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; ; 8.6.3 A formal penetration test, performed by a process and qualified personnel of VendorContractor’s Systems systems and facilities that are used in any way to deliver Services under this Agreement. Vendor . 8.7 Contractor will provide Xxxxxxxx City the reports or other Documentation documentation resulting from the above audits, certifications, scans and tests within seven (7) Calendar Days business days of VendorContractor’s receipt of such results, if requested by Xxxxxxxx. . 8.8 Based on the results and recommendations of the above audits, certifications, scans and tests, Vendor Contractor will, within thirty (30) Calendar Days calendar days of receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement and provide Xxxxxxxx City with written evidence of remediation. Xxxxxxxx . 8.9 City may require, at its expense, that Vendor Contractor perform additional audits and tests, the results of which will be provided to Xxxxxxxx City within seven (7) Calendar Days business days of VendorContractor’s receipt of such results. Vendor . 8.10 Contractor shall protect data against deterioration or degradation of data quality and authenticity, including, but not limited to annual Third Third-Party data integrity audits. Vendor Contractor will provide Xxxxxxxx City the results of the above audits, if requested by Xxxxxxxx. Except as otherwise expressly prohibited by law, Vendor will: If required by a court of competent jurisdiction or an administrative body to disclose City Data, Vendor will notify Xxxxxxxx in writing immediately upon receiving notice of such requirement and prior to any such disclosure; Consult with Xxxxxxxx regarding its response; Cooperate with Xxxxxxxx’x reasonable requests in connection with efforts by City to intervene and quash or modify the legal order, demand or request; and Upon request, provide Xxxxxxxx with a copy of its response. If Xxxxxxxx receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Vendor, Xxxxxxxx will promptly provide a copy to Vendor. Vendor will supply Xxxxxxxx with copies of data required for Xxxxxxxx to respond within forty-eight (48) hours after receipt of copy from Xxxxxxxx and will cooperate with Xxxxxxxx’x reasonable requests in connection with its response.