|
DocuSign Envelope ID:3ABDCDAE-4B84-4B22-A37C-A4D48BC759BA
<br /> PO#:461001885
<br /> Routing#:22-HA4-ZG-00115
<br /> B. Inspection
<br /> Contractor shall permit the State and the FHWA to audit, inspect, examine, excerpt, copy and transcribe
<br /> Contractor Records during the Record Retention Period.Contractor shall make Contractor Records available
<br /> during normal business hours at Contractor's office or place of business, or at other mutually agreed upon
<br /> times or locations,upon no fewer than 2 Business Days' notice from the State,unless the State determines
<br /> that a shorter period of notice,or no notice,is necessary to protect the interests of the State.
<br /> C. Monitoring
<br /> The State,in its discretion,may monitor Contractor's performance of its obligations under this Contract using
<br /> procedures as determined by the State. The State shall monitor Contractor's performance in a manner that
<br /> does not unduly interfere with Contractor's performance of the Work.
<br /> D. Final Audit Report
<br /> Contractor shall promptly submit to the State a copy of any final audit report of an audit performed on
<br /> Contractor's records that relates to or affects this Contract or the Work, whether the audit is conducted by
<br /> Contractor or a third party.
<br /> 10. CONFIDENTIAL INFORMATION-STATE RECORDS
<br /> A. Confidentiality
<br /> Contractor shall keep confidential,and cause all Subcontractors to keep confidential,all State Records,unless
<br /> those State Records are publicly available. Contractor shall not,without prior written approval of the State,
<br /> use, publish, copy, disclose to any third party, or permit the use by any third party of any State Records,
<br /> except as otherwise stated in this Contract,permitted by law or approved in Writing by the State. Contractor
<br /> shall provide for the security of all State Confidential Information in accordance with all policies promulgated
<br /> by the Colorado Office of Information Security and all applicable laws, rules, policies, publications, and
<br /> guidelines. If Contractor or any of its Subcontractors will or may receive the following types of data,
<br /> Contractor or its Subcontractors shall provide for the security of such data according to the following:(i)the
<br /> most recently promulgated IRS Publication 1075 for all Tax Information and in accordance with the
<br /> Safeguarding Requirements for Federal Tax Information attached to this Contract as an Exhibit,if applicable,
<br /> (ii)the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all
<br /> PCI,(iii)the most recently issued version of the U.S.Department of Justice,Federal Bureau of Investigation,
<br /> Criminal Justice Information Services Security Policy for all CJI, and (iv) the federal Health Insurance
<br /> Portability and Accountability Act for all PHI and the HIPAA Business Associate Agreement attached to this
<br /> Contract,if applicable.Contractor shall immediately forward any request or demand for State Records to the
<br /> State's principal representative.
<br /> B. Other Entity Access and Nondisclosure Agreements
<br /> Contractor may provide State Records to its agents, employees, assigns and Subcontractors as necessary to
<br /> perform the Work, but shall restrict access to State Confidential Information to those agents, employees,
<br /> assigns and Subcontractors who require access to perform their obligations under this Contract. Contractor
<br /> shall ensure all such agents, employees, assigns,and Subcontractors sign nondisclosure agreements at least
<br /> as protective as those in this Contract, and that the nondisclosure agreements are in force at all times the
<br /> agent, employee,assign or Subcontractor has access to any State Confidential Information. Contractor shall
<br /> provide copies of those signed nondisclosure restrictions to the State upon request.
<br /> C. Use, Security,and Retention
<br /> Contractor shall use, hold and maintain State Confidential Information in compliance with any and all
<br /> applicable laws and regulations in facilities located within the United States, and shall maintain a secure
<br /> environment that ensures confidentiality of all State Confidential Information wherever located. Contractor
<br /> shall provide the State with access,subject to Contractor's reasonable security requirements,for purposes of
<br /> inspecting and monitoring access and use of State Confidential Information and evaluating security control
<br /> effectiveness. Upon the expiration or termination of this Contract, Contractor shall return State Records
<br /> provided to Contractor or destroy such State Records and certify to the State that it has done so, as directed
<br /> by the State. If Contractor is prevented by law or regulation from returning or destroying State Confidential
<br /> Information, Contractor warrants it will guarantee the confidentiality of, and cease to use, such State
<br /> Confidential Information.
<br /> Document Builder Generated Page 7 of 51 Version 0419
<br />
|