Common use of ENTERPRISE SECURITY SPECIFICATIONS Clause in Contracts

ENTERPRISE SECURITY SPECIFICATIONS. A. Each Participating Agency agrees: 1. To implement and maintain a security program that, at a minimum, includes all controls identified in NIST Special Publication 800-171. Furthermore, each Participating Agency shall be responsible for maintaining a secure environment compliant with state policies, standards and guidelines, and other applicable federal and state law that supports the Transmission of Data in compliance with the Specifications. 2. To comply with additional safeguards recommended by the Data Governing Board and/or required by the Executive Board, including but not limited to encryption of Data in transit and at rest using current industry standard algorithms agreed on by the Parties involved before transmission occurs. 3. As appropriate under applicable federal and state law, have written privacy and security policies, including Access and Disclosure policies. 4. To the extent permissible under applicable federal and state law, comply with Specifications that define expectations with respect to data privacy and security standards in this E-MOU. B. The Data Integration Hub agrees: 1. To implement and maintain a security program that, at a minimum, includes all controls identified in NIST Special Publication 800-171. 2. That each Participating Agency shall, through its agents, employees, and independent contractors have the ability to audit the processes at the Data Integration Hub related to this E-MOU for Data security purposes: to clarify, the Participating Agency has the ability to monitor the access to and use of the Data Integration Hub, but not the records or the Data being provided 3. That all Data from each Participating Agency, in the possession of the Data Integration Hub, shall be encrypted at rest (storage) and in motion (Transmittal) including all Participating Agency Data sent to the Data Recipient. 4. To develop procedures to notify Participating Agencies when a breach or suspected breach of the Data Integration Hub has occurred. C. In accordance with applicable federal and state law, each Party shall be responsible for procuring and assuring that its User(s) have or have access to equipment and software necessary to fulfill its responsibilities under this E-MOU.