Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described: a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 122 contracts
Samples: Services Agreement, It Services Contract, Master Subscription Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 5. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 42 contracts
Samples: Housing Services Agreement, Contract #2016 17 Ccap Housing, Purchase Service Contract
Protection of Data. The Contractor Agency agrees to store Data data on one (1) or more of the following media and protect the Data data as described:
a. 1. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which that provide equal or greater security, such as biometrics or smart cards.
b. 2. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
3. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 D. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. 4. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS or the County on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data said data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. 5. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS or the County on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 11 contracts
Samples: Early Childhood Education and Assistance Program Agreement, Early Childhood Education and Assistance Program Agreement, Early Childhood Education and Assistance Program Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms mechanisms, which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area area, which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area area, which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 10 contracts
Samples: County Program Agreement, County Program Agreement, County Program Agreement
Protection of Data. The Contractor Indian Nation agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 7 contracts
Samples: Indian Nation Program Agreement, Indian Nation Program Agreement, Program Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 7 contracts
Samples: Personal Service Contract, Personal Service Contract, Personal Service Contract
Protection of Data. The Contractor Agency agrees to store Data data on one (1) or more of the following media and protect the Data data as described:
a. 1. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which that provide equal or greater security, such as biometrics or smart cards.
b. 2. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which that will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which that provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, lock or comparable mechanism.
3. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 D. Data Disposition, Disposition may be deferred until the disks are retired, replaced, replaced or otherwise taken out of the Secure Areasecure environment.
c. 4. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS the County on optical discs which that will be used in local workstation optical disc drives and which that will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which that access DSHS Data said data on optical discs must be located in an area which that is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. 5. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS the County on optical discs which that will be attached to network servers and which that will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which that will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 5 contracts
Samples: Business Associate Agreement, Business Associate Agreement, Business Associate Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS DCYF on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS DCYF on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 5 contracts
Samples: Interlocal Agreement, Interlocal Agreement, Interlocal Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. 1. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. 2. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. 3. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. 4. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 5 contracts
Samples: Professional Services, Professional Services Contract, Professional Services Contract
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Great Rivers Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 5. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS Great Rivers on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Great Rivers Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS Great Rivers on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 5 contracts
Samples: Provider Contract, Provider Contract, Provider Contract
Protection of Data. The Contractor Business Associate agrees to store Data data on one or more of the following media and protect the Data data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 4. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data PHI data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data PHI data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data PHI data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 4 contracts
Samples: Business Associate Agreement, Provider Contract, Business Associate Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described. All Electronic Data must be encrypted using at least an encryption standard of AES 128 bit. Electronic Data can be on desktops, laptops and other portable devices, servers, and external media:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 5. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 3 contracts
Samples: Developmental Disabilities Employment Services Agreement, Service Agreement, Contract
Protection of Data. The a. Both Contractor agrees and DCYF agree to store Data data on one or more of the following media and protect the Data data as described:
a. (1) Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. (2) Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. (3) Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS either party on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data either party’s data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. (4) Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS either party on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 3 contracts
Samples: Service Contract, Service Contract, Service Contract
Protection of Data. The Contractor contractor agrees to store Data data on one or more of the following media and protect the Data data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 4. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 3 contracts
Samples: County Program Agreement, Developmental Disabilities Employment Services Agreement, Developmental Disabilities Employment Services Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide provides equal or greater security, such as biometrics or smart cards. The data on the drive will only be accessible to authenticated individuals that need to access it. That is, the data will be secured on the disk in such a way that other authenticated individuals that do not need access to the data will not have the ability to access it. Workstations with sensitive data stored on them will be tracked and their movements documented until the sensitive data is removed from the workstation. When the data is removed the date of its removal and method of its removal will be documented. Hard drives that have contained sensitive data will be wiped with a method that will render the deleted information irretrievable.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS EXCHANGE Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 5. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Removable Media, including Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. Sensitive or Confidential Data provided by the EXCHANGE on removable media, such as optical discs or USB drives, which will be used in local workstation optical disc drives or USB connections shall be encrypted with 128-bit AES encryption or better. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS EXCHANGE Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to serversservers and which will not be transported out of a secure area. Data provided by DSHS the EXCHANGE on optical discs which will be attached to network servers and which will not shall be transported out of a Secure Areaencrypted with 128- bit AES encryption or better. Access to Data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has been authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
e. Paper documents. All paper records must be protected by storing the records in a secure area which is only accessible to authorized personnel. When not in use, such records must be stored in a locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
f. Access via remote terminal/workstation over the State Governmental Network (SGN) or WA Health Benefit Exchange network (EXCHANGE Network). Data accessed and used interactively over the SGN or EXCHANGE Network. Access to the Data will be controlled by EXCHANGE staff who will issue authentication credentials (e.g. a unique user ID and complex password) to authorized contractor staff. Contractor shall have established and documented access termination procedures for existing staff with access to EXCHANGE Data. These procedures shall be provided to EXCHANGE staff upon request. The Contractor will notify EXCHANGE staff immediately whenever an authorized person in possession of such credentials is terminated or otherwise leaves the employment of the contractor, and whenever a user’s duties change such that the user no longer requires access to perform work for this Contract.
g. Access via remote terminal/workstation over the Internet through Secure Access Washington. Data accessed and used interactively over the Internet. Access to the Data will be controlled by EXCHANGE staff who will issue remote access authentication credentials (e.g. a unique user ID and complex password) to authorized contractor staff. Contractor will notify EXCHANGE staff immediately whenever an authorized person in possession of such credentials is terminated or otherwise leaves the employ of the contractor and whenever a user’s duties change such that the user no longer requires access to perform work for this Contract.
h. Data storage on portable devices or media.
(1) EXCHANGE Data shall not be stored by the Contractor on portable devices or media unless specifically authorized within the Special Terms and Conditions of the contract. If so authorized, the Data shall be given the following protections:
(a) Encrypt the Data with a key length of at least 128 bits using an industry standard algorithm (e.g., AES, Twofish, RC6, etc.)
(b) Control access to devices with a unique user ID and password or stronger authentication method such as a physical token or biometrics.
(c) Manually lock devices whenever they are left unattended and set devices to lock automatically after a period of inactivity, if this feature is available. Maximum period of inactivity is 20 minutes. Physically protect the portable device(s) and/or media by
(d) Keeping them in locked storage when not in use
(e) Using check-in/check-out procedures when they are shared, and
(f) Taking frequent inventories
(2) When being transported outside of a secure area, portable devices and media with confidential EXCHANGE Data must be under the physical control of contractor staff with authorization to access the Data.
(3) Portable devices include any small computing device that can be transported. They include, but are not limited to; handhelds/PDAs/phones, Ultramobile PCs, flash memory devices (e.g. USB flash drives, personal media players), and laptop/notebook/tablet computers.
(4) Portable media includes any Data storage that can be detached or removed from a computer and transported. They include, but are not limited to; optical media (e.g. CDs, DVDs), magnetic media (e.g. floppy disks, tape, Zip or Jaz disks), USB drives, or flash media (e.g. CompactFlash, SD, MMC).
Appears in 3 contracts
Samples: Contract for Products and Services, Contract for Products and Services, Contract for Products and Services
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 3 contracts
Samples: Professional Services, Professional Services Contract, Professional Services
Protection of Data. The Contractor contractor agrees to store Data data on one or more of the following media and protect the Data data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 4. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 2 contracts
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS DOC Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS DOC on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS DOC Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS DOC on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 2 contracts
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. 8.5.1. Hard disk drives. drives For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. 8.5.2. Network server disks. disks For Data stored on hard disks mounted on network servers and made available through shared folders, folders access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Client/County Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 sub section 8.11 Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. 8.5.3. Optical discs (CDs or DVDs) in local workstation optical disc drives. drives Data provided by DSHS the County on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purposepurposes, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Client Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. 8.5.4. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. servers Data provided by DSHS the County on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
8.5.5. Paper documents Any paper records must be protected by storing the records in a Secured Area which is only accessible to authorized personnel. When not in use, such records must be stored in a secure area and/or locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
8.5.6. Remote Access Access to and use of the Data will be controlled by Contractor IT staff who will issue authentication credentials (e.g. a Unique User ID and Hardened Password). Contractor will notify the County immediately whenever an Authorized User in possession of such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an Authorized User’s duties change such that the Authorized User no longer requires access to perform work for this Agreement.
8.5.7. Data storage on portable devices or media Except where otherwise specified herein, Client/County Data shall not be stored by the Contractor on portable devices or media unless specifically authorized within the terms and conditions of this Agreement. If so authorized, the Data shall be given the following protections:
a. Control access to devices with a Unique User ID and Hardened Password or stronger authentication method such as physical token or biometrics.
b. Manually lock devices whenever they are left unattended and set devices to lock automatically after a period of inactivity if this feature is available. Maximum period of inactivity is 20 minutes.
8.5.8. Apply administrative and physical security controls to Portable Devices and Portable Media by:
a. Keeping them in a Secure Area when not in use
b. Using check-in/check-out procedures when they are shared and
c. Taking frequent inventories.
8.5.9. When being transported outside of a Secure Area, Portable Devices and Portable Media with Client Confidential Information must be under the physical control of Contractor staff with authorization to access the Data, even if the Data is encrypted.
Appears in 2 contracts
Samples: Professional Services, Professional Services Agreement
Protection of Data. The Contractor contractor agrees to store Data data on one or more of the following media and protect the Data data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will wil.l grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 4. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. Optical discs (CDs COs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs COs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
e. Paper documents. Any paper records must be protected by storing the records in a secure area which is only accessible to authorized personnel. When not in use, such records must be stored in a locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
f. Access via remote terminal/workstation over the State Governmental Network (SGN). Data accessed and used interactively over the SGN. Access to the data will be controlled by DSHS staff who wil! issue authentication credentials (e.g. a unique user ID and complex password) to authorized contractor staff. Contractor will notify DSHS staff immediately whenever an authorized person in possession of such credentials is terminated or otherwise leaves the employ of the contractor, and whenever a user's duties change such that the user no longer requires access to perform work for this contract.
g. Access via remote terminal/workstation over the Internet through Secure Access Washington. Data accessed and used interactively over the SGN. Access to the data will be controlled by DSHS staff who will issue authentication credentials (e.g. a unique user ID and complex password) to authorized contractor staff. Contractor will notify DSHS staff immediately whenever an authorized person in possession of such credentials is terminated or otherwise leaves the employ of the contractor and whenever a user's duties change such that the user no longer requires access to perform work for this contract.
h. Data storage on portable devices or media.
(1) DSHS data shall not be stored by the Contractor on portable devices or media unless specifically authorized within the Special Terms and Conditions of the contract. If so authorized, the data shall be given the following protections:
(a) Encrypt the data with a key length of at least 128 bits (b) Control access to devices with a unique user 10 and password or stronger authentication method such as a physical token or biometrics.
Appears in 1 contract
Samples: Program Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 5. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
e. Paper documents. Any paper records must be protected by storing the records in a Secured Area which is only accessible to authorized personnel. When not in use, such records must be stored in a locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
Appears in 1 contract
Samples: Delivery Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID Special Terms and Conditions and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
e. Paper documents. Any paper records must be protected by storing the records in a Secure Area which is only accessible to authorized personnel. When not in use, such records must be stored in a Secure Area.
Appears in 1 contract
Samples: Client Service Contract
Protection of Data. The Contractor contractor agrees to store Data data on one or more of the following media and protect the Data data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 1 contract
Samples: Purchased Service Contract
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS DSHS/SE WA ALTC COG Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 7 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS SE WA ALTC COG on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS DSHS/SE WA ALTC COG Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS SE WA ALTC COG on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 1 contract
Samples: Performance Agreement
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 9 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 1 contract
Samples: Data Security Requirements Agreement
Protection of Data. The Contractor contractor agrees to store Data data on one or more of the following media and protect the Data data as described:
a. (1) Hard disk drives. For : Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. (2) Network server disks. For : Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 9.e. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. (3) Optical discs (CDs or DVDs) in local workstation optical disc drives. : Data provided by DSHS DSHS/LMTAAA on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data DSHS/LMTAAA data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. (4) Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. : Data provided by DSHS DSHS/LMTAAA on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
(5) Paper documents: Any paper records must be protected by storing the records in a secure area which is only accessible to authorized personnel. When not in use, such records must be stored in a locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
Appears in 1 contract
Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS HCA Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 15. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Removable Media, including Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. Sensitive or Confidential Data provided by HCA on removable media, such as optical discs or USB drives, which will be used in local workstation optical disc drives or USB connections shall be encrypted with 128-bit AES encryption or better. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS HCA Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to serversservers and which will not be transported out of a secure area. Data provided by DSHS HCA on optical discs which will be attached to network servers and which will not shall be transported out of a Secure Areaencrypted with 128-bit AES encryption or better. Access to Data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has been authenticated to the network using a Unique User unique user ID and Hardened Password complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 1 contract
Samples: Business Associate Agreement (Baa)
Protection of Data. The Contractor Agency agrees to store Data data on one (1) or more of the following media and protect the Data data as described:
a. 1. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data data will be restricted to Authorized User(s) authorized users by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which that provide equal or greater security, such as biometrics or smart cards.
b. 2. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data data will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
3. For DSHS Confidential Information confidential data stored on these disks, deleting unneeded Data data is sufficient as long as the disks remain in a Secure Area secured area and otherwise meet meets the requirements listed in the above paragraph. Destruction of the Data, data as outlined below in Section 8 D. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Areasecure environment.
c. 4. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS or the County on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Areasecure area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only authorized users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data said data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. 5. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS or the County on optical discs which will be attached to network servers and which will not be transported out of a Secure Areasecure area. Access to Data data on these discs will be restricted to Authorized Users authorized users through the use of access control lists which will grant access only after the Authorized User authorized user has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Appears in 1 contract
Samples: Business Associate Agreement
Protection of Data. The Contractor Business Associate agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access . Access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access . Access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Secured Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, Data as outlined below in Section 8 9. Data Disposition, Disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Secured Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Secured Area. When not in use for the contracted purpose, such discs must be Stored locked in a Secure Areadrawer, cabinet or other container to which only Authorized Users have the key, combination or mechanism required to access the contents of the container. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Secured Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
e. Paper documents. Any paper records must be protected by storing the records in a Secured Area which is only accessible to authorized personnel. When not in use, such records must be stored in a locked container, such as a file cabinet, locking drawer, or safe, to which only authorized persons have access.
f. Remote Access. Access to and use of the Data over the State Governmental Network (SGN) or Secure Access Washington (SAW) will be controlled by DSHS staff who will issue authentication credentials (e.g. a Unique User ID and Hardened Password) to Authorized Users on Contractor staff. Contractor will notify DSHS staff immediately whenever an Authorized User in possession of such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an Authorized User’s duties change such that the Authorized User no longer requires access to perform work for this Contract.
g. Data storage on portable devices or media.
(1) Except where otherwise specified herein, DSHS Data shall not be stored by the Business Associate on portable devices or media unless specifically authorized within the terms and conditions of the Contract. If so authorized, the Data shall be given the following protections:
(a) Encrypt the Data with a key length of at least 128 bits (b) Control access to devices with a Unique User ID and Hardened Password or stronger authentication method such as a physical token or biometrics.
Appears in 1 contract
Samples: Consumer Directed Employer Contract
