Question Response. Where will the restricted data be stored and how will the data files be encrypted? How often do you update and review access policies for all system users and administrators? Please provide the date of your most recent access policy review. Describe the procedures for limiting access to systems and data files to only authorized team members. Can data import, data export, and service management be conducted over secure industry accepted standardized network protocols? How will data be securely transmitted between team members (if applicable) within and external to your network? Describe the procedures in place to ensure Restricted Use Data shall not be replicated or used in non-secure environments. Do you conduct network, application, and operating system layer vulnerability scans? Please provide the scanning frequency. Do you utilize industry standard malware protection on all systems with access to restricted data? What software will be used to visualize, analyze, and report results generated from the data? Where will the files generated by the visualization, analysis, and intelligence software be stored and how will the files be protected? Do you specifically train your employees, contractors, or agents regarding their specific roles and the information security controls they must fulfill? Please describe your training requirements and how you document employee acknowledgement of training. Do you audit your security practices or conduct security assessments annually? Are the results of internal and external audits available for review? Please provide the date of your most recent audit or security assessment. Do you conduct risk assessments associated with data governance requirements at least once a year? Please provide the date of your most recent risk assessment. Are the results of your most recent risk assessment available for review? Do you have controls in place to restrict and monitor the unauthorized movement of data within your systems? Please describe your backup strategy and data retention policies. Do you support secure deletion of archived and backed-up data? Do you have a documented security incident response plan? Please provide the date of your most recent test of your security incident response plan. Do you have a defined and documented incident notification process for reporting suspected security incidents within 24 hours? Exhibit C: Data Trust Individual User Non-Disclosure Agreement This Commonwealth of Virginia Data Trust Individual User Non-Disclosure Agreement (Non-Disclosure Agreement) is made effective as of the day of , 20 , by and between the Chief Data Officer for the Commonwealth of Virginia as the Trustee of the Commonwealth of Virginia’s Data Trust ("Trustee") and , an employee, contractor, or agent of the Data Trust User (“Data Trust Individual User”). The Trustee has entered into the Commonwealth of Virginia Data Trust User Agreement (Data Trust User Agreement) with the Data Trust User. The Data Trust User will utilize data from the Commonwealth of Virginia Data Trust. The Data Trust User has identified the project and usage of the data in the Exhibits to the Data Trust User Agreement. The Data Trust User has identified the Data Trust Individual User as a member of the project. The Data Trust User and the Data Trust Individual User hereby agree to adhere to all terms of the Data Trust User Agreement and the Exhibits, including this Exhibit C. The Data Trust Individual User hereby certifies that he or she has been provided the Data Trust User Agreement with the Exhibits and will comply with all of the Data Trust User Agreement’s provisions. The Data Trust Individual User agrees that the data, information and documentation provided by the Data Trust is to be considered confidential and is proprietary to the Commonwealth. The Data Trust Individual User shall hold Confidential Information and any data from the Data Trust in confidence. The Data Trust Individual User shall not disclose, publish or otherwise reveal any of the Confidential Information received from the Commonwealth or the Project outside of the project’s other employees, agents, or subcontractors whatsoever except pursuant to the terms of the Data Trust User Agreement. The Data Trust Individual User shall not, without specific prior written authorization of the Data Trust User, relocate or remove any Restricted-Use Data or Confidential Information from the project office. Data Trust Individual User agrees that Restricted-Use Data or Confidential Information accessed by or in his/her possession shall be protected and stored pursuant to the Data Protection Security Plan in Exhibit B. Any Data Trust Individual User who is assigned to the Project and is a party to this Non- Disclosure Agreement will be immediately dismissed from the Project in the event of any breach or threatened breach of this Non-Disclosure Agreement by such Data Trust Individual User or in the event that the Data Trust Individual User causes the Data Trust User to breach its Data Trust User Agreement with the Trustee.
Appears in 1 contract
Samples: Trust User Agreement
Question Response. Where will the restricted data be stored and how will the data files be encrypted? How often do you update and review access policies for all system users and administrators? Please provide the date of your most recent access policy review. Describe the procedures for limiting access to systems and data files to only authorized team members. Can data import, data export, and service management be conducted over secure industry accepted standardized network protocols? How will data be securely transmitted between team members (if applicable) within and external to your network? Describe the procedures in place to ensure Restricted Use Data restricted use data shall not be replicated or used in non-secure environments. Do you conduct network, application, and operating system layer vulnerability scans? Please provide the scanning frequency. Do you utilize industry standard malware protection on all systems with access to restricted data? What software will be used to visualize, analyze, and report results generated from the data? Where will the files generated by the visualization, analysis, and intelligence software be stored and how will the files be protected? Do you specifically train your employees, contractors, or agents regarding their specific roles and the information security controls they must fulfill? Please describe your training requirements and how you document employee acknowledgement of training. Do you audit your security practices or conduct security assessments annually? Are the results of internal and external audits available for review? Please provide the date of your most recent audit or security assessment. Do you conduct risk assessments associated with data governance requirements at least once a year? Please provide the date of your most recent risk assessment. Are the results of your most recent risk assessment available for review? Do you have controls in place to restrict and monitor the unauthorized movement of data within your systems? Please describe your backup strategy and data retention policies. Do you support secure deletion of archived and backed-up data? Do you have a documented security incident response plan? Please provide the date of your most recent test of your security incident response plan. Do you have a defined and documented incident notification process for reporting suspected security incidents within 24 hours? Exhibit EXHIBIT C: Data Trust Individual User NonDATA TRUST INDIVIDUAL USER NON-Disclosure Agreement DISCLOSURE AGREEMENT This Commonwealth of Virginia Data Trust Individual User Non-Disclosure Agreement (Non-Non- Disclosure Agreement) is made effective as of the day of , 20 , by and between the Chief Data Officer for the Commonwealth of Virginia as the Trustee of the Commonwealth of Virginia’s Data Trust ("Trustee") and , an employee, contractor, or agent of the Data Trust User (“Data Trust Individual User”). The Trustee has entered into the Commonwealth of Virginia Data Trust User Agreement (Data Trust User Agreement) with the Data Trust User. The Data Trust User will utilize data from the Commonwealth of Virginia Data Trust. The Data Trust User has identified the project and usage of the data in the Exhibits to the Data Trust User Agreement. The Data Trust User has identified the Data Trust Individual User as a member of the project. The Data Trust User and the Data Trust Individual User hereby agree to adhere to all terms of the Data Trust User Agreement and the Exhibits, including this Exhibit C. The Data Trust Individual User hereby certifies that he or she has been provided the Data Trust User Agreement with the Exhibits and will comply with all of the Data Trust User Agreement’s provisions. The Data Trust Individual User agrees that the data, information and documentation provided by the Data Trust is to be considered confidential Confidential Information and is proprietary to the Commonwealth. The Data Trust Individual User shall hold Confidential Information and any data from the Data Trust in confidence. The Data Trust Individual User shall not disclose, publish or otherwise reveal any of the Confidential Information received from the Commonwealth or the Project outside of the project’s other employees, agents, or subcontractors whatsoever except pursuant to the terms of the Data Trust User Agreement. The Data Trust Individual User shall not, without specific prior written authorization of the Data Trust User, relocate or remove any Restricted-Use Data or Confidential Information from the project office. Data Trust Individual User agrees that Restricted-Use Data or Confidential Information accessed by or in his/her possession shall be protected and stored pursuant to the Data Protection Security Plan in Exhibit B. Any Data Trust Individual User who is assigned to the Project and is a party to this Non- Non-Disclosure Agreement will be immediately dismissed from the Project in the event of any breach or threatened breach of this Non-Disclosure Agreement by such Data Trust Individual User or in the event that the Data Trust Individual User causes the Data Trust User to breach its Data Trust User Agreement with the Trustee.
Appears in 1 contract
Samples: Trust User Agreement
Question Response. Where will the restricted data be stored and how will the data files be encrypted? How often do you update and review access policies for all system users and administrators? Please provide the date of your most recent access policy review. Describe the procedures for limiting access to systems and data files to only authorized team members. Can data import, data export, and service management be conducted over secure industry accepted standardized network protocols? How will data be securely transmitted between team members (if applicable) within and external to your network? Describe the procedures in place to ensure Restricted Use Data restricted use data shall not be replicated or used in non-secure environments. Do you conduct network, application, and operating system layer vulnerability scans? Please provide the scanning frequency. Do you utilize industry standard malware protection on all systems with access to restricted data? What software will be used to visualize, analyze, and report results generated from the data? Where will the files generated by the visualization, analysis, and intelligence software be stored and how will the files be protected? Do you specifically train your employees, contractors, or agents regarding their specific roles and the information security controls they must fulfill? Please describe your training requirements and how you document employee acknowledgement of training. Do you audit your security practices or conduct security assessments annually? Are the results of internal and external audits available for review? Please provide the date of your most recent audit or security assessment. Do you conduct risk assessments associated with data governance requirements at least once a year? Please provide the date of your most recent risk assessment. Are the results of your most recent risk assessment available for review? Do you have controls in place to restrict and monitor the unauthorized movement of data within your systems? Please describe your backup strategy and data retention policies. Do you support secure deletion of archived and backed-up data? Do you have a documented security incident response plan? Please provide the date of your most recent test of your security incident response plan. Do you have a defined and documented incident notification process for reporting suspected security incidents within 24 hours? Exhibit EXHIBIT C: Data Trust Individual User NonDATA TRUST INDIVIDUAL USER NON-Disclosure Agreement DISCLOSURE AGREEMENT This Commonwealth of Virginia Data Trust Individual User Non-Disclosure Agreement (Non-Non- Disclosure Agreement) is made effective as of the _ day of _ , 20 , by and between the Chief Data Officer for the Commonwealth of Virginia as the Trustee of the Commonwealth of Virginia’s Data Trust ("Trustee") and _ , an employee, contractor, or agent of the Data Trust User (“Data Trust Individual User”). The Trustee has entered into the Commonwealth of Virginia Data Trust User Agreement (Data Trust User Agreement) with the Data Trust User. The Data Trust User will utilize data from the Commonwealth of Virginia Data Trust. The Data Trust User has identified the project and usage of the data in the Exhibits to the Data Trust User Agreement. The Data Trust User has identified the Data Trust Individual User as a member of the project. The Data Trust User and the Data Trust Individual User hereby agree to adhere to all terms of the Data Trust User Agreement and the Exhibits, including this Exhibit C. The Data Trust Individual User hereby certifies that he or she has been provided the Data Trust User Agreement with the Exhibits and will comply with all of the Data Trust User Agreement’s provisions. The Data Trust Individual User agrees that the data, information and documentation provided by the Data Trust is to be considered confidential Confidential Information and is proprietary to the Commonwealth. The Data Trust Individual User shall hold Confidential Information and any data from the Data Trust in confidence. The Data Trust Individual User shall not disclose, publish or otherwise reveal any of the Confidential Information received from the Commonwealth or the Project outside of the project’s other employees, agents, or subcontractors whatsoever except pursuant to the terms of the Data Trust User Agreement. The Data Trust Individual User shall not, without specific prior written authorization of the Data Trust User, relocate or remove any Restricted-Use Data or Confidential Information from the project office. Data Trust Individual User agrees that Restricted-Use Data or Confidential Information accessed by or in his/her possession shall be protected and stored pursuant to the Data Protection Security Plan in Exhibit B. Any Data Trust Individual User who is assigned to the Project and is a party to this Non- Non-Disclosure Agreement will be immediately dismissed from the Project in the event of any breach or threatened breach of this Non-Disclosure Agreement by such Data Trust Individual User or in the event that the Data Trust Individual User causes the Data Trust User to breach its Data Trust User Agreement with the Trustee.
Appears in 1 contract
Samples: Trust User Agreement
Question Response. Where will the restricted data be stored and how will the data files be encrypted? How often do you update and review access policies for all system users and administrators? Please provide the date of your most recent access policy review. Describe the procedures for limiting access to systems and data files to only authorized team members. Can data import, data export, and service management be conducted over secure industry accepted standardized network protocols? How will data be securely transmitted between team members (if applicable) within and external to your network? Describe the procedures in place to ensure Restricted Use Data restricted use data shall not be replicated or used in non-secure environments. Do you conduct network, application, and operating system layer vulnerability scans? Please provide the scanning frequency. Do you utilize industry standard malware protection on all systems with access to restricted data? What software will be used to visualize, analyze, and report results generated from the data? Where will the files generated by the visualization, analysis, and intelligence software be stored and how will the files be protected? Do you specifically train your employees, contractors, or agents regarding their specific roles and the information security controls they must fulfill? Please describe your training requirements and how you document employee acknowledgement of training. Do you audit your security practices or conduct security assessments annually? Are the results of internal and external audits available for review? Please provide the date of your most recent audit or security assessment. Do you conduct risk assessments associated with data governance requirements at least once a year? Please provide the date of your most recent risk assessment. Are the results of your most recent risk assessment available for review? Do you have controls in place to restrict and monitor the unauthorized movement of data within your systems? Please describe your backup strategy and data retention policies. Do you support secure deletion of archived and backed-up data? Do you have a documented security incident response plan? Please provide the date of your most recent test of your security incident response plan. Do you have a defined and documented incident notification process for reporting suspected security incidents within 24 hours? Exhibit C: Data Trust Individual User Non-Disclosure Agreement This Commonwealth of Virginia Data Trust Individual User NonRegistry TEAM_MEMBER_NAME PROJECT_TITLE POSITION US_CITIZEN NDA_SIGNED CRIMINAL_BACKGROUND_CHECK_PERFORMED CRIMINAL_BACKGROUND_CHECK_DATE Exhibit D: Agency Supplied Terms Restricted-Disclosure Agreement (Non-Disclosure Agreement) Use data is made effective as of the day of , 20 , by and between the Chief Data Officer for the Commonwealth of Virginia as the Trustee of the Commonwealth of Virginia’s Data Trust ("Trustee") and , an employee, contractor, or agent of the provided through a Data Trust User (“Data Trust Individual User”)Sharing Agreement limiting access only to specific organizations and specific personnel for specific purposes under specific security conditions. The Trustee has entered into the Commonwealth of Virginia Data Trust User Agreement (Data Trust User Agreement) with the Data Trust User. The Data Trust User will utilize data from the Commonwealth of Virginia Data Trust. The Data Trust User has identified the project and usage This Exhibit shall become part of the data in the Exhibits to the Data Trust User Agreement. The Data Trust User has identified the Data Trust Individual User as a member of the project. The Data Trust User and the Data Trust Individual User hereby agree to adhere to all terms of the Data Trust User Agreement and provides the Exhibits, including this Exhibit C. The Data Trust Individual User hereby certifies that he or she has been provided the Data Trust User Agreement with the Exhibits and will comply with all of the Data Trust User Agreement’s provisions. The Data Trust Individual User agrees that the data, information and documentation provided by the Data Trust is to be considered confidential and is proprietary to the Commonwealth. The Data Trust Individual User shall hold Confidential Information and any data from the Data Trust in confidence. The Data Trust Individual User shall not disclose, publish or otherwise reveal any of the Confidential Information received from the Commonwealth or the Project outside of the project’s other employees, agents, or subcontractors whatsoever except pursuant to the additional terms of the Data Trust User Agreement. The Data Trust Individual User shall not, without specific prior written authorization of the Data Trust User, relocate or remove any Restricted-Use Data or Confidential Information from the project office. Data Trust Individual User agrees that Restricted-Use Data or Confidential Information accessed by or in his/her possession shall be protected and stored pursuant to the Data Protection Security Plan in Exhibit B. Any Data Trust Individual User who is assigned to the Project and is a party to this Non- Disclosure Agreement will be immediately dismissed from the Project in the event of any breach or threatened breach of this Non-Disclosure Agreement by such Data Trust Individual User or in the event that the Data Trust Individual User causes the Data Trust User to breach its Data Trust User Agreement with the Trustee.below:
Appears in 1 contract
Samples: Trust User Agreement
Question Response. Where will the restricted data be stored and how will the data files be encrypted? How often do you update and review access policies for all system users and administrators? Please provide the date of your most recent access policy review. Describe the procedures for limiting access to systems and data files to only authorized team members. Can data import, data export, and service management be conducted over secure industry accepted standardized network protocols? How will data be securely transmitted between team members (if applicable) within and external to your network? Describe the procedures in place to ensure Restricted Use Data shall not be replicated or used in non-secure environments. Do you conduct network, application, and operating system layer vulnerability scans? Please provide the scanning frequency. Do you utilize industry standard malware protection on all systems with access to restricted data? What software will be used to visualize, analyze, and report results generated from the data? Where will the files generated by the visualization, analysis, and intelligence software be stored and how will the files be protected? Do you specifically train your employees, contractors, or agents regarding their specific roles and the information security controls they must fulfill? Please describe your training requirements and how you document employee acknowledgement of training. Do you audit your security practices or conduct security assessments annually? Are the results of internal and external audits available for review? Please provide the date of your most recent audit or security assessment. Do you conduct risk assessments associated with data governance requirements at least once a year? Please provide the date of your most recent risk assessment. Are the results of your most recent risk assessment available for review? Do you have controls in place to restrict and monitor the unauthorized movement of data within your systems? Please describe your backup strategy and data retention policies. Do you support secure deletion of archived and backed-up data? Do you have a documented security incident response plan? Please provide the date of your most recent test of your security incident response plan. Do you have a defined and documented incident notification process for reporting suspected security incidents within 24 hours? Exhibit C: Data Trust Individual User Non-Disclosure Agreement This Commonwealth of Virginia Data Trust Individual User Non-Disclosure Agreement (Non-Disclosure Agreement) is made effective as of the ____ day of ___________, 20 20__, by and between the Chief Data Officer for the Commonwealth of Virginia as the Trustee of the Commonwealth of Virginia’s Data Trust ("Trustee") and _______________, an employee, contractor, or agent of the Data Trust User (“Data Trust Individual User”). The Trustee has entered into the Commonwealth of Virginia Data Trust User Agreement (Data Trust User Agreement) with the Data Trust User. The Data Trust User will utilize data from the Commonwealth of Virginia Data Trust. The Data Trust User has identified the project and usage of the data in the Exhibits to the Data Trust User Agreement. The Data Trust User has identified the Data Trust Individual User as a member of the project. The Data Trust User and the Data Trust Individual User hereby agree to adhere to all terms of the Data Trust User Agreement and the Exhibits, including this Exhibit C. The Data Trust Individual User hereby certifies that he or she has been provided the Data Trust User Agreement with the Exhibits and will comply with all of the Data Trust User Agreement’s provisions. The Data Trust Individual User agrees that the data, information and documentation provided by the Data Trust is to be considered confidential and is proprietary to the Commonwealth. The Data Trust Individual User shall hold Confidential Information and any data from the Data Trust in confidence. The Data Trust Individual User shall not disclose, publish or otherwise reveal any of the Confidential Information received from the Commonwealth or the Project outside of the project’s other employees, agents, or subcontractors whatsoever except pursuant to the terms of the Data Trust User Agreement. The Data Trust Individual User shall not, without specific prior written authorization of the Data Trust User, relocate or remove any Restricted-Use Data or Confidential Information from the project office. Data Trust Individual User agrees that Restricted-Use Data or Confidential Information accessed by or in his/her possession shall be protected and stored pursuant to the Data Protection Security Plan in Exhibit B. Any Data Trust Individual User who is assigned to the Project and is a party to this Non- Non-Disclosure Agreement will be immediately dismissed from the Project in the event of any breach or threatened breach of this Non-Disclosure Agreement by such Data Trust Individual User or in the event that the Data Trust Individual User causes the Data Trust User to breach its Data Trust User Agreement with the Trustee.
Appears in 1 contract
Samples: Trust User Agreement
