Laserfiche WebLink
B. Monitoring <br /> The State will monitor Grantee's performance of its obligations under this Grant Award <br /> Letter using procedures as determined by the State. The State shall monitor Grantee's <br /> performance in a manner that does not unduly interfere with Grantee's performance of the <br /> Work. <br /> C. Final Audit Report <br /> Grantee shall promptly submit to the State a copy of any final audit report of an audit <br /> performed on Grantee's records that relates to or affects this Grant or the Work, whether the <br /> audit is conducted by Grantee or a third party. <br /> 10. CONFIDENTIAL INFORMATION-STATE RECORDS <br /> A. Confidentiality <br /> Grantee shall hold and maintain, and cause all Subcontractors to hold and maintain, any and <br /> all State Records that the State provides or makes available to Grantee for the sole and <br /> exclusive benefit of the State, unless those State Records are otherwise publically available <br /> at the time of disclosure or are subject to disclosure by Grantee under CORA. Grantee shall <br /> not,without prior written approval of the State,use for Grantee's own benefit,publish, copy, <br /> or otherwise disclose to any third party, or permit the use by any third party for its benefit or <br /> to the detriment of the State, any State Records, except as otherwise stated in this Grant <br /> Award Letter. Grantee shall provide for the security of all State Confidential Information in <br /> accordance with all policies promulgated by the Colorado Office of Information Security and <br /> all applicable laws,rules,policies,publications,and guidelines including,without limitation: <br /> (i)the most recently promulgated IRS Publication 1075 for all Tax Information, (ii)the most <br /> recently updated PCI Data Security Standard from the PCI Security Standards Council for all <br /> PCI, (iii)the most recently issued version of the U.S. Department of Justice, Federal Bureau <br /> of Investigation, Criminal Justice Information Services Security Policy for all CJI, and (iv) <br /> the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA <br /> Business Associate Addendum attached to this Contract. Grantee shall immediately forward <br /> any request or demand for State Records to the State's principal representative. <br /> B. Other Entity Access and Nondisclosure Agreements <br /> Grantee may provide State Records to its agents, employees, assigns and Subcontractors as <br /> necessary to perform the Work, but shall restrict access to State Confidential Information to <br /> those agents, employees, assigns and Subcontractors who require access to perform their <br /> obligations under this Grant Award Letter. Grantee shall ensure all such agents, employees, <br /> assigns, and Subcontractors sign nondisclosure agreements with provisions at least as <br /> protective as those in this Grant, and that the nondisclosure agreements are in force at all <br /> times the agent, employee, assign or Subcontractor has access to any State Confidential <br /> Information. Grantee shall provide copies of those signed nondisclosure restrictions to the <br /> State upon request. <br /> C. Use, Security, and Retention <br /> Grantee shall use, hold and maintain State Confidential Information in compliance with any <br /> and all applicable laws and regulations in facilities located within the United States,and shall <br /> maintain a secure environment that ensures confidentiality of all State Confidential <br /> Information wherever located. Grantee shall provide the State with access, subject to <br /> Grantee's reasonable security requirements,for purposes of inspecting and monitoring access <br /> Contract No. CTGG1 2018-1624 Page 6 of 10 Version 0717 <br />