|
Grantee shall make, keep, and maintain, all records, documents, communications, notes and
<br /> other written materials,electronic media files,and communications,pertaining in any manner
<br /> to this Grant for a period of three years following the completion of the close out of this
<br /> Grant. Grantee shall permit the State to audit, inspect, examine, excerpt, copy and transcribe
<br /> all such records during normal business hours at Grantee's office or place of business,unless
<br /> the State determines that an audit or inspection is required without notice at a different time
<br /> to protect the interests of the State.
<br /> B. Monitoring
<br /> The State will monitor Grantee's performance of its obligations under this Grant Award
<br /> Letter using procedures as determined by the State. The State shall monitor Grantee's
<br /> performance in a manner that does not unduly interfere with Grantee's performance of the
<br /> Work.
<br /> C. Final Audit Report
<br /> Grantee shall promptly submit to the State a copy of any final audit report of an audit
<br /> performed on Grantee's records that relates to or affects this Grant or the Work, whether the
<br /> audit is conducted by Grantee or a third party.
<br /> 10. CONFIDENTIAL INFORMATION-STATE RECORDS
<br /> A. Confidentiality
<br /> Grantee shall hold and maintain, and cause all Subcontractors to hold and maintain, any and
<br /> all State Records that the State provides or makes available to Grantee for the sole and
<br /> exclusive benefit of the State, unless those State Records are otherwise publically available
<br /> at the time of disclosure or are subject to disclosure by Grantee under CORA. Grantee shall
<br /> not,without prior written approval of the State,use for Grantee's own benefit,publish, copy,
<br /> or otherwise disclose to any third party, or permit the use by any third party for its benefit or
<br /> to the detriment of the State, any State Records, except as otherwise stated in this Grant
<br /> Award Letter. Grantee shall provide for the security of all State Confidential Information in
<br /> accordance with all policies promulgated by the Colorado Office of Information Security and
<br /> all applicable laws,rules,policies,publications,and guidelines including,without limitation:
<br /> (i)the most recently promulgated IRS Publication 1075 for all Tax Information, (ii)the most
<br /> recently updated PCI Data Security Standard from the PCI Security Standards Council for all
<br /> PCI, (iii)the most recently issued version of the U.S. Department of Justice, Federal Bureau
<br /> of Investigation, Criminal Justice Information Services Security Policy for all CJI, and (iv)
<br /> the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA
<br /> Business Associate Addendum attached to this Contract. Grantee shall immediately forward
<br /> any request or demand for State Records to the State's principal representative.
<br /> B. Other Entity Access and Nondisclosure Agreements
<br /> Grantee may provide State Records to its agents, employees, assigns and Subcontractors as
<br /> necessary to perform the Work, but shall restrict access to State Confidential Information to
<br /> those agents, employees, assigns and Subcontractors who require access to perform their
<br /> obligations under this Grant Award Letter. Grantee shall ensure all such agents, employees,
<br /> assigns, and Subcontractors sign nondisclosure agreements with provisions at least as
<br /> protective as those in this Grant, and that the nondisclosure agreements are in force at all
<br /> times the agent, employee, assign or Subcontractor has access to any State Confidential
<br /> Contract No.CTGGI 2018-1623 Page 6 of 10 Version 0717
<br />
|