|
IJUI.uoiy1 I CI iv lope IU J/Ol Lr O/1-o ru-400 I-MOOD-4I 140J000C4U
<br /> PO#:461002243
<br /> Routing#: 24-HA4-ZG-00107
<br /> State Records provided to Contractor or destroy such State Records and certify to the State
<br /> that it has done so, as directed by the State. If Contractor is prevented by law or regulation
<br /> from returning or destroying State Confidential Information, Contractor warrants it will
<br /> guarantee the confidentiality of, and cease to use, such State Confidential Information.
<br /> D. Incident Notice and Remediation
<br /> If Contractor becomes aware of any Incident, Contractor shall notify the State immediately
<br /> and cooperate with the State regarding recovery, remediation, and the necessity to involve
<br /> law enforcement, as determined by the State. Unless Contractor can establish that Contractor
<br /> and its Subcontractors are not the cause or source of the Incident, Contractor shall be
<br /> responsible for the cost of notifying each person who may have been impacted by the
<br /> Incident. After an Incident,Contractor shall take steps to reduce the risk of incurring a similar
<br /> type of Incident in the future as directed by the State, which may include, but is not limited
<br /> to, developing and implementing a remediation plan that is approved by the State at no
<br /> additional cost to the State. The State may adjust or direct modifications to this plan in its
<br /> sole discretion, and Contractor shall make all modifications as directed by the State. If
<br /> Contractor cannot produce its analysis and plan within the allotted time, the State, in its
<br /> discretion, may perform such analysis and produce a remediation plan, and Contractor shall
<br /> reimburse the State for the actual costs thereof. The State may, in its sole discretion and at
<br /> Contractor's sole expense, require Contractor to engage the services of an independent,
<br /> qualified, State-approved third party to conduct a security audit. Contractor shall provide the
<br /> State with the results of such audit and evidence of Contractor's planned remediation in
<br /> response to any negative findings.
<br /> E. Data Protection and Handling
<br /> Contractor shall ensure that all State Records and Work product in the possession of
<br /> Contractor or any Subcontractors are protected and handled in accordance with the
<br /> requirements of this Contract, including the requirements of any Exhibits hereto, at all times.
<br /> F. Safeguarding PII
<br /> If Contractor or any of its Subcontractors will or may receive PII under this Contract,
<br /> Contractor shall provide for the security of such PII, in a manner and form acceptable to the
<br /> State, including, without limitation, State non-disclosure requirements, use of appropriate
<br /> technology, security practices, computer access security, data access security, data storage
<br /> encryption, data transmission encryption, security inspections, and audits. Contractor shall
<br /> be a"Third-Party Service Provider"as defined in§24-73-103(1)(i),C.R.S. and shall maintain
<br /> security procedures and practices consistent with §§24-73-101 et seq., C.R.S. In addition, as
<br /> set forth in § 24-74-102,et seq.,C.R.S.,Contractor,including,but not limited to,Contractor's
<br /> employees, agents and Subcontractors, agrees not to share any PII with any third parties for
<br /> the purpose of investigating for, participating in, cooperating with, or assisting with Federal
<br /> immigration enforcement.
<br /> 11. CONFLICTS OF INTEREST
<br /> A. Actual Conflicts of Interest
<br /> Contractor shall not engage in any business or activities, or maintain any relationships that
<br /> conflict in any way with the full performance of the obligations of Contractor under this
<br /> Contract. Such a conflict of interest would arise when a Contractor or Subcontractor's
<br /> employee, officer or agent were to offer or provide any tangible personal benefit to an
<br /> Page 11 of 63
<br />
|