CSI. All service providers that work in the proximity of Confidential and Sensitive Information (CSI) must agree to abide by the College’s Identity Theft Prevention policies and procedures. In the event that the service provider becomes aware of a red flag or data incident, the service provider is required to report the incident to their point of contact at the College. The point of contact is required to notify the Chair of the Red Flags Committee and report the incident, provide the Chair with the contact information of the service provider, and assist the Chair as necessary in incident reporting and resolution. All service providers that process, store or transport CSI provided by the college are required to give the College sufficient documentation to assess the provider’s data security risk.
Appears in 2 contracts
Sources: Purchase Agreement, Purchase Agreement