Common use of SECURE PROTECTION AND HANDLING OF STATE DATA Clause in Contracts

SECURE PROTECTION AND HANDLING OF STATE DATA. If Contractor is given access to State Data, the protection of State Data shall be an integral part of the business activities of Contractor, and Contractor shall ensure that there is no inappropriate or unauthorized use of State Data. Contractor shall safeguard the confidentiality, integrity, and availability of the State Data and comply with the conditions outlined below. The Eligible User reserves the right to verify Contractor’s adherence to the following conditions to ensure they are met: Network Security: Contractor shall maintain network security that, at a minimum, includes: network firewall provisioning, intrusion detection, and regular third-party penetration testing. Contractor shall maintain network security and ensure that Contractor network security policies conform to one of the following: Those standards the State of Utah applies to its own network, found outlined in DTS Policy 5000-0002 Enterprise Information Security Policy; Current standards set forth and maintained by the National Institute of Standards and Technology, includes those at: xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf; or Any generally recognized comparable standard that Contractor then applies to its own network and pre-approved by the Eligible User in writing. State Data Security: Contractor shall protect and maintain the security of State Data with protection that is at least as good as or better than that maintained by the State of Utah which will be provided by an Eligible User upon Contractor’s request (DTS Policy 5000-0002). These security measures included but are not limited to maintaining secure environments that are patched and up to date with all appropriate security updates as designated (ex. Microsoft Notification). The Eligible User reserves the right to determine if Contractor’s level of protection meets the Eligible User’s security requirements. State Data Transmission: Contractor shall ensure all transmission or exchange of system application data with the Eligible User and State of Utah and/or any other parties expressly designated by the State of Utah, shall take place via secure means (ex. HTTPS or FTPS).

SECURE PROTECTION AND HANDLING OF STATE DATA. If Contractor is given access to State DataData as part of this Contract, the protection of State Data shall be an integral part of the business activities of Contractor, and Contractor shall to ensure that there is no inappropriate or unauthorized use of State Data. To the extent that Contractor is given State Data, Contractor shall safeguard the confidentiality, integrity, and availability of the State Data and comply with the conditions outlined below. The Eligible User DTS reserves the right to verify Contractor’s adherence to the following conditions to ensure they are metmet during the life of the contract: Network Security: Contractor shall agrees at all times to maintain network security that, that - at a minimum, minimum - includes: network firewall provisioning, intrusion detection, and regular third-third party penetration testing. Contractor shall also agrees to maintain network security and ensure that Contractor network security policies conform conforms to one of the following: : (1) Those standards the State of Utah applies to its own network, found outlined in DTS Policy 5000-0002 Enterprise Information Security Policy; Policy (copy available upon request); (2) Current standards set forth and maintained by the National Institute of Standards and Technology, includes those at: xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf; or or (3) Any generally recognized comparable standard that Contractor then applies to its own network and pre-approved by the Eligible User DTS in writing. State Data Security: Contractor shall agrees to protect and maintain the security of State Data with protection that is at least as good as or better than that maintained by the State of Utah which will be provided by an Eligible User upon Contractor’s request (as identified in DTS Policy 5000-0002). These security measures included but are not limited to maintaining secure environments that are patched and up to date with all appropriate security updates as designated (ex. Microsoft Notification). The Eligible User DTS reserves the right to determine if Contractor’s level of protection adequately meets the Eligible UserState’s security requirements. State Data Transmission: Contractor shall ensure agrees that any and all transmission or exchange of system application data with the Eligible User DTS and State of Utah and/or any other parties expressly designated by the State of Utah, shall take place via secure means (ex. HTTPS or FTPS). State Data Storage: Contractor agrees that all State Data will be stored and maintained in data centers in the United States. Contractor agrees that no State Data at any time will be processed on or transferred to any portable or laptop computing device or any portable storage medium, except for devices that are used and kept only at Contractor’s United States data centers, unless such medium is part of the Contractor's designated backup and recovery process. Contractor shall permit its employees and Subcontractors to access non-State Data remotely only as required to provide technical support. Contractor may provide technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited by this contract. State Data Encryption: Contractor agrees to store all data provided to Contractor, including State, as well as any backups made of that data, in encrypted form using no less than 128 bit key and include all data as part of a designated backup and recovery process. Password Protection: Contractor agrees that any portable or laptop computer that has access to DTS or State of Utah network, or stores any non-public State of Utah data is equipped with strong and secure password protection. State Data Re-Use: Contractor agrees that any and all data exchanged shall be used expressly and solely for the purpose enumerated in this Contract. Contractor further agrees that no State Data of any kind shall be transmitted, exchanged, or otherwise passed to other Contractors or interested parties except on a case-by-case basis as specifically agreed to in writing by DTS.

SECURE PROTECTION AND HANDLING OF STATE DATA. If Contractor is given access to State DataData as part of this Contract, the protection of State Data shall be an integral part of the business activities of Contractor, and Contractor shall to ensure that there is no inappropriate or unauthorized use of State Data. To the extent that Contractor is given State Data, Contractor shall safeguard the confidentiality, integrity, and availability of the State Data and comply with the conditions outlined below. The Eligible User DTS reserves the right to verify Contractor’s adherence to the following conditions to ensure they are metmet during the life of the contract: Network Security: Contractor shall agrees at all times to maintain network security that, that - at a minimum, minimum - includes: network firewall provisioning, intrusion detection, and regular third-third party penetration testing. Contractor shall also agrees to maintain network security and ensure that Contractor network security policies conform conforms to one of the following: : (1) Those standards the State of Utah applies to its own network, found outlined in DTS Policy 5000-0002 Enterprise Information Security Policy; Policy (copy available upon request); (2) Current standards set forth and maintained by the National Institute of Standards and Technology, includes those at: xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf; or or (3) Any generally recognized comparable standard that Contractor then applies to its own network and pre-approved by the Eligible User DTS in writing. State Data Security: Contractor shall agrees to protect and maintain the security of State Data with protection that is at least as good as or better than that maintained by the State of Utah which will be provided by an Eligible User upon Contractor’s request (as identified in DTS Policy 5000-0002). These security measures included but are not limited to maintaining secure environments that are patched and up to date with all appropriate security updates as designated (ex. Microsoft Notification). The Eligible User DTS reserves the right to determine if Contractor’s level of protection adequately meets the Eligible UserState’s security requirements. State Data Transmission: Contractor shall ensure agrees that any and all transmission or exchange of system application data with the Eligible User DTS and State of Utah and/or any other parties expressly designated by the State of Utah, shall take place via secure means (ex. HTTPS or FTPS). State Data Storage: Contractor agrees that all State Data will be stored and maintained in data centers in the United States. Contractor agrees that no State Data at any time will be processed on or transferred to any portable or laptop computing device or any portable storage medium, except for devices that are used and kept only at Contractor’s United States data centers, unless such medium is part of the Contractor's designated backup and recovery process. Contractor shall permit its employees and Subcontractors to access non-State Data remotely only as required to provide technical support. Contractor may provide technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited by this contract. State Data Encryption: Contractor agrees to store all data provided to Contractor, including State, as well as any backups made of that data, in encrypted form using no less than 128 bit key and include all data as part of a designated backup and recovery process. Password Protection: Contractor agrees that any portable or laptop computer that has access to DTS or State of Utah network, or stores any non-public State of Utah data is equipped with strong and secure password protection. State Data Re-Use: Contractor agrees that any and all data exchanged shall be used expressly and solely for the purpose enumerated in this Contract. Contractor further agrees that no State Data of any kind shall be transmitted, exchanged, or otherwise passed to other contractors or interested parties except on a case-by-case basis as specifically agreed to in writing by DTS.