Laserfiche WebLink
LJUI.UOIYI I CI IVCIUpe IU.J/Of LI-WA-04r.7-4D0 I-MDOJ-4 114OJOODC4U <br /> PO#:461002243 <br /> Routing#: 24-HA4-ZG-00107 <br /> performance in a manner that does not unduly interfere with Contractor's performance of the <br /> Work. <br /> D. Final Audit Report <br /> Contractor shall promptly submit to the State a copy of any final audit report of an audit <br /> performed on Contractor's records that relates to or affects this Contract or the Work,whether <br /> the audit is conducted by Contractor or a third party. <br /> 10. CONFIDENTIAL INFORMATION-STATE RECORDS <br /> A. Confidentiality <br /> Contractor shall keep confidential, and cause all Subcontractors to keep confidential, all State <br /> Records,unless those State Records are publicly available. Contractor shall not,without prior <br /> written approval of the State, use,publish, copy, disclose to any third party, or permit the use <br /> by any third party of any State Records, except as otherwise stated in this Contract,permitted <br /> by law or approved in writing by the State. Contractor shall provide for the security of all <br /> State Confidential Information in accordance with all policies promulgated by the Colorado <br /> Office of Information Security and all applicable laws, rules, policies, publications, and <br /> guidelines. If Contractor or any of its Subcontractors will or may receive the following types <br /> of data, Contractor or its Subcontractors shall provide for the security of such data according <br /> to the following: (i) the most recently promulgated IRS Publication 1075 for all Tax <br /> Information and in accordance with the Safeguarding Requirements for Federal Tax <br /> Information attached to this Contract as an Exhibit, if applicable, (ii) the most recently <br /> updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, <br /> (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of <br /> Investigation, Criminal Justice Information Services Security Policy for all CJI, and (iv) the <br /> federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA <br /> Business Associate Agreement attached to this Contract, if applicable. Contractor shall <br /> immediately forward any request or demand for State Records to the State's principal <br /> representative. <br /> B. Other Entity Access and Nondisclosure Agreements <br /> Contractor may provide State Records to its agents, employees, assigns and Subcontractors <br /> as necessary to perform the Work, but shall restrict access to State Confidential Information <br /> to those agents, employees, assigns and Subcontractors who require access to perform their <br /> obligations under this Contract. Contractor shall ensure all such agents, employees, assigns, <br /> and Subcontractors sign nondisclosure provisions at least as protective as those in this <br /> Contract, and that the nondisclosure provisions are in force at all times the agent, employee, <br /> assign or Subcontractor has access to any State Confidential Information. Contractor shall <br /> provide copies of those signed nondisclosure provisions to the State upon execution of the <br /> nondisclosure provisions if requested by the State. <br /> C. Use, Security, and Retention <br /> Contractor shall use, hold and maintain State Confidential Information in compliance with <br /> any and all applicable laws and regulations in facilities located within the United States, and <br /> shall maintain a secure environment that ensures confidentiality of all State Confidential <br /> Information wherever located. Contractor shall provide the State with access, subject to <br /> Contractor's reasonable security requirements, for purposes of inspecting and monitoring <br /> access and use of State Confidential Information and evaluating security control <br /> effectiveness. Upon the expiration or termination of this Contract, Contractor shall return <br /> Page 10 of 63 <br />