Common use of Retention Clause in Contracts

Retention. 1. The Contractor agrees it will not store, transfer or process data collected in connection with the services rendered under this Contract outside of the United States. This physical location requirement shall also apply in the implementation of cloud computing, cloud service or cloud storage capabilities, and includes backup data and Disaster Recovery locations. 2. The Contractor agrees to ensure proper security monitoring capabilities are in place to detect potential security events that can impact State of NH systems and/or Department confidential information for contractor provided systems. 3. The Contractor agrees to provide security awareness and education for its End Users in support of protecting Department confidential information. 4. The Contractor agrees to retain all electronic and hard copies of Confidential Data in a secure location and identified in section IV. A.2 5. The Contractor agrees Confidential Data stored in a Cloud must be in a FedRAMP/HITECH compliant solution and comply with all applicable statutes and regulations regarding the privacy and security. All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti- hacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a whole, must have aggressive intrusion-detection and firewall protection. 6. The Contractor agrees to and ensures its complete cooperation with the State’s Chief Information Officer in the detection of any security vulnerability of the hosting infrastructure.

Retention. 1. The Contractor agrees it will not store, transfer or process data collected in connection with the services rendered under this Contract outside of the United States. This physical location requirement shall also apply in the implementation of cloud computing, cloud service or cloud storage capabilities, and includes backup data and Disaster Recovery locations. 2. The Contractor agrees to ensure proper security monitoring capabilities are in place to detect potential security events that can impact State of NH systems and/or Department confidential information for contractor provided systems. 3. The Contractor agrees to provide security awareness and education for its End Users in support of protecting Department confidential information. 4. The Contractor agrees to retain all electronic and hard copies of Confidential Data in a secure location and identified in section IV. A.2 5. The Contractor agrees Confidential Data stored in a Cloud must be in a FedRAMP/HITECH compliant solution and comply with all applicable statutes and regulations regarding the privacy and security. All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti- hackerantihacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a whole, must have aggressive intrusion-detection and firewall protection. 6. The Contractor agrees to and ensures its complete cooperation with the State’s Chief Information Officer in the detection of any security vulnerability of the hosting infrastructure.

Retention. 1. The Contractor agrees it will not store, transfer or process data collected in connection with the services rendered under this Contract outside of the United States. This physical location requirement shall also apply in the implementation of cloud computing, cloud service or cloud storage capabilities, and includes backup data and Disaster Recovery locations. 2. The Contractor agrees to ensure proper security monitoring capabilities are in place to detect potential security events that can impact State of NH systems and/or Department confidential information for contractor provided systems. 3. The Contractor agrees to provide security awareness and education for its End Users in support of protecting Department confidential information. 4. The Contractor agrees to retain all electronic and hard copies of Confidential Data in a secure location and identified in section IV. A.2 5. The Contractor agrees Confidential Data stored in a Cloud must be in a FedRAMP/HITECH compliant solution and comply with all applicable statutes and regulations regarding the privacy and security. All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti- hacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a V5. Last update 10/09/18 Exhibit K Contractor Initials 26 of 31 SecAurpitpyeRndeiqxu"iDre.m1.e" nts Page 4 of 9 RFP HTH-5D6a0t-eW IC-21-02 whole, must have aggressive intrusion-detection and firewall protection. 6. The Contractor agrees to and ensures its complete cooperation with the State’s Chief Information Officer in the detection of any security vulnerability of the hosting infrastructure.

Retention. 1. The Contractor agrees it will not store, transfer or process data collected in connection with the services rendered under this Contract outside of the United States. This physical location requirement shall also apply in the implementation of cloud computing, cloud service or cloud storage capabilities, and includes backup data and Disaster Recovery locations. 2. The Contractor agrees to ensure proper security monitoring capabilities are in place to detect potential security events that can impact State of NH systems and/or Department confidential information for contractor provided systems. 3. The Contractor agrees to provide security awareness and education for its End Users in support of protecting Department confidential information. 4. The Contractor agrees to retain all electronic and hard copies of Confidential Data in a secure location and identified in section IV. A.2 5. The Contractor agrees Confidential Data stored in a Cloud must be in a FedRAMP/HITECH compliant solution and comply with all applicable statutes and regulations regarding the privacy and security. All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti- anti-hacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a whole, must have aggressive intrusion-detection and firewall protection. 6. The Contractor agrees to and ensures its complete cooperation with the State’s Chief Information Officer in the detection of any security vulnerability of the hosting infrastructure.