Laserfiche WebLink
Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued <br /> version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice <br /> Information Services Security Policy for all CJI, and (iv) the federal Health Insurance <br /> Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum <br /> attached to this Contract. Grantee shall immediately forward any request or demand for State <br /> Records to the State's principal representative. <br /> B. Other Entity Access and Nondisclosure Agreements <br /> Grantee may provide State Records to its agents, employees, assigns and Subcontractors as <br /> necessary to perform the Work, but shall restrict access to State Confidential Information to <br /> those agents, employees, assigns and Subcontractors who require access to perform their <br /> obligations under this Agreement. Grantee shall ensure all such agents, employees, assigns, <br /> and Subcontractors sign agreements containing nondisclosure provisions at least as protective <br /> as those in this Contract, and that the nondisclosure provisions are in force at all times the <br /> agent, employee, assign or Subcontractor has access to any State Confidential Information. <br /> Grantee shall provide copies of those signed nondisclosure provisions to the State upon <br /> execution of the nondisclosure provisions. <br /> C. Use, Security, and Retention <br /> Grantee shall use, hold and maintain State Confidential Information in compliance with any <br /> and all applicable laws and regulations in facilities located within the United States,and shall <br /> maintain a secure environment that ensures confidentiality of all State Confidential <br /> Information wherever located. Grantee shall provide the State with access, subject to <br /> Grantee's reasonable security requirements,for purposes of inspecting and monitoring access <br /> and use of State Confidential Information and evaluating security control effectiveness.Upon <br /> the expiration or termination of this Agreement, Grantee shall return State Records provided <br /> to Grantee or destroy such State Records and certify to the State that it has done so,as directed <br /> by the State. If Grantee is prevented by law or regulation from returning or destroying State <br /> Confidential Information, Grantee warrants it will guarantee the confidentiality of,and cease <br /> to use, such State Confidential Information. <br /> D. Use, Security, and Retention <br /> Grantee shall use, hold and maintain State Confidential Information in compliance with any <br /> and all applicable laws and regulations in facilities located within the United States,and shall <br /> maintain a secure environment that ensures confidentiality of all State Confidential <br /> Information wherever located. Grantee shall provide the State with access, subject to <br /> Grantee's reasonable security requirements,for purposes of inspecting and monitoring access <br /> and use of State Confidential Information and evaluating security control effectiveness.Upon <br /> the expiration or termination of this Agreement, Grantee shall return State Records provided <br /> to Grantee or destroy such State Records and certify to the State that it has done so,as directed <br /> by the State. If Grantee is prevented by law or regulation from returning or destroying State <br /> Confidential Information, Grantee warrants it will guarantee the confidentiality of, and cease <br /> to use, such State Confidential Information. <br /> E. Compliance <br /> Grantee shall review, on a semi-annual basis, all OIS policies and procedures which OIS has <br /> promulgated pursuant to CRS §§ 24-37.5-401 through 406 and 8 CCR § 1501-5 and posted <br /> at http://oit.state.co.us/ois,to ensure compliance with the standards and guidelines published <br /> Contract No. CTGG1 2019-130 Page 10 of 23 <br />