Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices. (c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _] (e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below. (f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology Vendor's administrative, operational and technical safeguards and practices to protect Protected Data PII under the MLSA are described in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirementsAmplify's Information Security Policy, among other recommended best practicesattached hereto.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 2 contracts
Sources: Master License and Services Agreement, Master License and Services Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan Plan, to the extent not set forth below, are as followsset forth in Vendor’s privacy policy located at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/help/privacy-policy/.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawssee attached privacy policy _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.See attached privacy policy
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee See attached privacy training modules that _]policy
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement
Data Security and Privacy Plan. Vendor KIDS DISCOVER agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor KIDS DISCOVER and is set forth below. Additional elements of Vendor’ KIDS DISCOVER’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor KIDS DISCOVER will: [ at Not collect, record, store, or otherwise obtain any Personally Identifiable Information from any users, whether students or teachers or principals, unless it is deemed necessary in order to deliver a minimumpurchased solution from Kids Discover. For instance, require under Kids Discover Online’s Library Media Plan, all usage of the solution is anonymous, utilizing a generic set of building- wide login credentials or IP Authentication. These measures will ensure that any subcontractors or other authorized person who may hav Kids Discover is in full compliance with state, federal, and local data security and privacy requirements. For more detail, please refer to Protected the Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state Security and federal law and Privacy Plan provided as an attachment to this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsAgreement.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor KIDS DISCOVER will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces Please refer to those individuals/subcontractors that need access to provide the services; use of the Data Security and Privacy Plan provided as an attachment for more details on Kids Discover’s cybersecurity framework, technology stack, safeguards, and protocols for handling Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicesData.
(c) Vendor KIDS DISCOVER will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor KIDS DISCOVER has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior Please refer to 2021the Data Security and Privacy Plan provided as an attachment for more details on how Kids Discover personnel, Vendor provided in-person training sessions including contracted workers, are trained and qualified to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]handle Protected Data.
(e) Vendor KIDS DISCOVER [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor KIDS DISCOVER engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor KIDS DISCOVER will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor KIDS DISCOVER will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 B of this Data Sharing and Confidentiality Agreement.
(g) Vendor KIDS DISCOVER will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]s
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.. DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: Vendor AGREEMENT: [ Limitation of internal acces maintains ISO 27001 certification, attesting to its information security governance. Vendor has a security department, responsible for information security governance, and maintains privacy policies and practices that support compliance with FERPA. Erie 1 BOCES data will be housed in data centers that are under Vendor's ISO scope, that additionally maintain their own industry standard certifications (e.g., ISO 27001), as well as undergo SSAE 18 audits. Vendor shall not collect, use or disclose Personal Information (defined as any data, either alone or in combination with other information, by which a natural person can be identified or located, or that can be used to identify or locate a natural person) except to carry out its obligations under this Agreement. Vendor shall limit access to Personal Information to those individuals/subcontractors that need persons who require access in order to provide the services; use of the Protected Data for only the purposes permitted Product(s) hereunder; use of encryption technology to protect Protected Data in motion]or at rest . Vendor shall handle Personal Information it receives from unauthorized disclosures Customer in accordance with best practices; and applicable laws. Vendor shall notify Customer as soon as commercially practical of any inquiries regarding the collection, use or disclosure of firewalls and username/password and other access control requirements, among other recommended best practicesPersonal Information by Vendor.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below, to the extent this is commercially feasible.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; See Attachment - Excelsoft's Security Policies and use of firewalls and username/password and other access control requirements, among other recommended best practicesStandards.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractorssubcontactors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractorssubcontactors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor MINDEX agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor MINDEX and is set forth below. Additional elements of Vendor’ MINDEX’s Data Security and Privacy Plan are as follows:
(a) In order to implement all relevant state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor MINDEX will: [ at a minimum• Follow policies and procedures compliant with (i) relevant state, require federal, and local data security and privacy requirements, including New York State’s Education Law Section 2-d Education law, (ii) this Exhibit, and (iii) BOCES’ data security and privacy policy; • No later than July 1, 2020, take measures to protect Protected Data that any subcontractors or other authorized person include adoption of technologies, safeguards and practices that align with the NIST Cybersecurity Framework; • Follow policies compliant with the Parents’ Bill of Rights provided in this Agreement; • Annually train its officers and employees who may hav have access to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the relevant federal and state laws governing confidentiality of Protected Data; and and_ • In the event any subcontractors are engaged in relation to this Agreement, Vendor will manage any relationships with sub-contractors to require sub-contractors to protect the security incidents in accordance with lawsof Protected Data [ _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor MINDEX will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation • Vendor will identify reasonably foreseeable internal and external risks relevant to its administrative, technical, operational, and physical safeguards; • Vendor will assess the sufficiency of internal acces safeguards in place to those individuals/subcontractors that need address the identified risks; • Vendor will adjust its security program in light of business changes or new circumstances; • Vendor will regularly test and monitor the effectiveness of key controls, systems, and procedures; and • Vendor will protect against the unauthorized access to provide the services; or use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.Data. [
(c) Vendor MINDEX will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor MINDEX has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to will train its officers and employees with access annually on a regular basis, applicable federal and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]state laws [
(e) Vendor MINDEX [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor MINDEX engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor MINDEX will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor MINDEX will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor MINDEX will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Sources: Master Services Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇/privacy-policy/
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with laws
(b) conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected See Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Privacy and use of firewalls and username/password and other access control requirements, among other recommended best practices.Security Plan attached
(cb) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(dc) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(ed) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(fe) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(gf) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav be compliant according to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsEU GDPR regulations _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individualssee ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.▇▇▇▇▇▇▇
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person yearly training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]conducted internally
(e) Vendor [check one] will x _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor Vendo r AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Sources: Data Privacy Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In As required by the NIST Cybersecurity Framework, in order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, MLSA,
a. Vendor will have the following reasonable administrative, technical, operational operational, and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces MLSA:
i. Data Security:
1. Data-at-rest & data-in-transit is encrypted 2. Data leak protections are implemented
ii. Information Protection Processes and Procedures:
1. Data destruction is performed according to those individualscontract and agreements
2. A plan for vulnerability management is developed and implemented
iii. Protective Technology:
1. Log/subcontractors that need access audit records are ascertained, implemented, documented, and reviewed according to provide the services; use of the Protected Data policy 2. Network communications are protected
iv. Identity Management, Authentication and Access Control:
1. Credentials and identities are issued, verified, managed, audited, and revoked, as applicable, for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.authorized dev
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] x will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies the district in accordance with the BOCES district’s Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES THE DISTRICT data security _ ] and privacy policy, Vendor will: [ at a minimumMaintain existing processes and policies in place for regulatory compliance with HIPAA, require that any subcontractors or other authorized person who may hav to Protected 42 CFR Part 2, NYS Mental Hygiene Law, Article 27-F of PSL, and FERPA. Vendor will main_tain existing Data execute written agreements acknowledging the data protection obligations imposed on Lo]ss Prevention safeguards for ePHI and PII. Vendor by state will maintain Email filtration, vulnerability remediation, and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide security awareness training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsprograms.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals[Internal/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; External penetration testing, Phish Testing, Risk Assessment, Monthly Vulnerability Assessments and use of firewalls and username/password and other access control requirements, among other recommended best practices.Role-Based Security Awareness Training. ]
(c) Vendor will comply with all obligations set forth in B OCES T H E D I S T R I C T “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior Data Security and Privacy Awareness Training required to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than be completed annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _].
(e) Vendor [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES THE DISTRICT “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES THE DISTRICT “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Sources: Data Privacy Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) : • In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with laws
(b) In conformance, the Vendor will implement commercially reasonable efforts to ensure such ▇▇▇▇▇▇▇▇▇▇.▇▇ order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation PFG will utilize PFG’ s Data Governance Policy K-12 and Data Retention and Deletion Policy K-12. This governance structure is in place to ▇▇▇▇▇▇ sound policy, clarity of internal acces controls and consistent, processes. PFG recognizes its responsibility to those individuals/subcontractors that need access protect the privacy and ensure security for all users. PFG has adopted this Data Governance Policy to comply with all applicable laws and regulations (see Addendum 1) to protect against unauthorized access. PFG will provide the services; use an annual training program for all employees and consultants who are directly or peripherally involved in design, production, development, monetization and operations of the products and employees and consultants involved in the collection, use, storage, disclosure or any other handling of data including PII. PFG evaluates all 3rd parties that we work with to ensure compliance.(See Addendum 1). PFG will manage data security and privacy incidents that implicate Protected Data for only the purposes permitted hereunder; use Data, including identify breaches and unauthorized disclosures of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Section 6 of this Data Sharing and use of firewalls Confidentiality Agreement and username/password and other access control requirementsutilizing PFG Data Breach Policy K-12 (see Addendum 1), among other recommended best practices.
(c) • Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) . • For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]
(e) these individuals are aware of and familiar with all applicable data security and privacy laws. • Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) . • Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) . • Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/sites/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and usernamedefault/password and other access control requirements, among other recommended best practices.files/pdf/Instructure%20Security%20Overvi ew.pdf
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] _X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor DESMOS agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor DESMOS and is set forth below. Additional elements of Vendor’ DESMOS Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES the Green Island UFSD data security _ ] and privacy policy, Vendor DESMOS will: [ at maintains a minimumcomprehensive information security plan that details the various technical and administrative protections in place throughout different parts of our information systems. These safeguards are regularly evaluated, require that any subcontractors or other authorized person who may hav and Desmos employees with access to Protected Data execute written agreements acknowledging the user data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents are trained in accordance with lawstheir application.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor DESMOS AGREEMENT, Vendor DESMOS will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor DESMOS AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.:
(c) Vendor DESMOS will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor DESMOS has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Training for new employees is conducted at the time of hire, Vendor provided in-person after a background check. Refresher training sessions to for existing employees with access on a regular basis, and no less than is conducted annually. Beginning The most recent training was in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]October 2023.
(e) Vendor [check DESMOS[check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor DESMOS AGREEMENT. In the event that Vendor DESMOS engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor GIMKI AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor DESMOS AGREEMENT,” below.
(f) Vendor DESMOS will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor DESMOS will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor DESMOS will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy.html and use of firewalls and username/password and other access control requirements, among other recommended best practices▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy_policy/.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _x will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. As more fully described herein, throughout the term of the Master Agreement, Vendor agrees that it will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data received it receives from Participating Educational Agencies in accordance PNW BOCES and/or its affiliates. Vendor’s Plan for protecting the Protected Data of PNW BOCES and/or its affiliates includes, but is not limited to, its agreement to comply with the BOCES Parents terms of PNW BOCES’s Bill of Rights for Data Privacy and Security, a copy of which is set forth below and has been signed by Vendor and is set forth belowthe Vendor. Additional elements components of Vendor’ ’s Data Security and Privacy Plan for protection of Protected Data of PNW BOCES and/or its affiliates throughout the term of the Master Agreement are as follows:
(a) In order to Vendor will implement all state, federal, and local data security and privacy requirements, requirements including those contained within the Master Agreement and this DPAData Sharing and Confidentiality Agreement, consistent with BOCES PNW BOCES’s data security _ ] and privacy policy.
(b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from PNW BOCES and/or its affiliates under the Master Agreement.
(c) Vendor will: [ at will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a minimumMaster Agreement between PNW BOCES and Discovery Education, Inc.” Vendor’s obligations described within this section include, but are not limited to:
(i) its obligation to require that any subcontractors or other authorized person who persons or entities to whom it may hav to disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and this DPA; the Master Agreement shall apply to the subcontractor, and
(ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination termination, expiration or assignment (to the extent authorized) of this DPA; the Master Agreement.
(d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _].
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including Data and will develop and implement plans to identify breaches and unauthorized disclosures, and . Vendor will provide prompt notification to PNW BOCES of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 6 5 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces Link to those individuals/subcontractors that need access to provide the services; use of the Protected Data Skill Struck’s Cyber Security Policy, which contains Skill Struck’s safeguards and plan for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicesprotecting student data.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Spider Learning Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Protection and use of firewalls and username/password and other access control requirements, among other recommended best practices.Security Plan (EdLaw 2D)
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:DocuSign Envelope ID: D775A58B-8273-40AA-B979-BD2F8E905109
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation Nearpod will ensure that only the employees, contractors, and sub- processors who have a “need to know” access to any Protected Data, actually have Page 18 of internal acces 2 access to those individuals/subcontractors the Protected Data by instituting separate types of user- permissions on the Nearpod platform back-end. Additionally, Nearpod will ensure that need access all employees, contractors, and sub-processors sign confidentiality agreements and non- disclosure agreements that limit the use of the data that is received in the course of their relationship with Nearpod to the limited purpose of providing the services needed to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology Nearpod services to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Erie 1 BOCES. Additionally, Nearpod will abide by its privacy policy, attached hereto and use of firewalls and username/password and other access control requirements, among other recommended best practicesincorporated by reference.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.. DocuSign Envelope ID: D775A58B-8273-40AA-B979-BD2F8E905109
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor COMPANY agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES ▇▇▇▇▇▇▇▇ CSD Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor COMPANY and is set forth below. Additional elements of Vendor’ COMPANY’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES ▇▇▇▇▇▇▇▇ CSD data security _ ] and privacy policy, Vendor COMPANY will: [ at a minimumCommonLit complies with all federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the local, state, and contractually mandated data protection obligations imposed on Vendor by state security and federal law privacy rules, regulations, and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsrequirements.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor COMPANY will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or CommonLit encrypts data at rest from unauthorized disclosures and in accordance with motion; administrative operational, and technical best practicespractices are followed; staff receive training on data security and use of firewalls privacy and username/password and other access control requirements, among other recommended best practices.
(c) Vendor COMPANY will comply with all obligations set forth in B OCES M A Y FI E LD C S D “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor COMPANY has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Staff are trained upon starting employment and annually thereafter on data security and privacy and best practices, Vendor provided in-person training sessions to employees with access on a regular basisas well as state, federal, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]local rules and regulations.
(e) Vendor COMPANY [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor COMPANY engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES ▇▇▇▇▇▇▇▇ CSD “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor COMPANY will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor COMPANY will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor COMPANY will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES ▇▇▇▇▇▇▇▇ CSD’s “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces [Adhere to those individualsits published Privacy Policy (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/support/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and usernameprivacy/password and other access control requirementspolicy/), among other recommended best practicesincluding its Privacy Policy FAQ (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/support/privacy/privacy-faq/)]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _x will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor Learning Ally Inc. agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor the Learning Ally Inc. and is set forth below. Additional elements of Vendor’ Learning Ally Inc.’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor Learning Ally Inc. will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Learning Ally Inc.’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Learning Ally Inc. will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor Learning Ally Inc. will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor Learning Ally Inc. will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor Learning Ally Inc. has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to Learning Ally Inc. will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor Learning Ally Inc. [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor Learning Ally Inc. engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor Learning Ally Inc. will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor Learning Ally Inc. will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor Learning Ally Inc. will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces refer to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data Security and Privacy Plan in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.Exhibit E.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] x will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces Refer to those individuals/subcontractors that need access to provide the services; use of the Protected PLS 3rd Learning Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practicesPrivacy Plan.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP and is set forth below. Additional elements of VendorEDUCATION CONSULTING RESEARCH ANALYTICS GROUP’ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging comply with the data security requirements herein for the protection obligations imposed on Vendor by of Personally Identifiable Information (PII). • ECRA is responsible for securing all PII in accordance with federal and state and federal law and data security measures consistent with standards and best practices within the educational technology industry to protect student data from unauthorized disclosure or acquisition by an unauthorized person; • ECRA is responsible for securing PII in accordance with BOCES policy on data security and privacy; • The BOCES Parents Bill of Rights for Data Privacy is adopted and attached as an exhibit to this DPAMaster Services Agreement; follow certain procedures • ECRA officers, employees and assignees (sub-contractors) who access PII have been trained on the recognition and requirements for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on handling PII in accordance with the federal and state laws and BOCES policy governing confidentiality and data security of Protected DataPII; • ECRA acknowledges that PII shall only be used for the purposes outlined in this Agreement. • ECRA shall de-identify data and manage destroy PII obtained under the Master Service Agreement when it is no longer needed for the purpose for which it was obtained; • If the Master Services Agreement is terminated, ECRA shall de-identify data and destroy PII. • The local school district shall establish reasonable procedures by which a parent, legal guardian, or eligible student may request the opportunity to inspect and review student data in the student’s records, and seek to amend student data that are inaccurate, misleading or in violation of the student’s right of privacy. ECRA shall respond in a timely manner to the local school district’s request to view or correct data as necessary. In the event that a parent, legal guardian, or student contacts ECRA to review any of the student data accessed pursuant to services, ECRA shall refer the individual to the local school district, who will follow the necessary and proper procedures regarding the requested information. • ECRA implements industry standard security incidents in accordance with lawsto protect computer systems, network devices and data including Advanced Encryption Standard “AES” algorithm.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP AGREEMENT, Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor EDUCATION CONSULTING RESEARCH ANALYTICS GROUP AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need ECRA limits access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology education records to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance persons with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.legitimate educational interest;
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill ▇▇▇▇ of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.See section below - Exhibit D-A)
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _x will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractorssubcontactors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractorssubcontactors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Sources: Master License and Service Agreement
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors All data that need access to provide is hosted by Eyemetric is hosted on the services; use of the Protected Data for only the purposes permitted hereunder; use of Microsoft Azure platform. This platform has data encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; tools that we employ, as well as conducts vulnerability scans on our software application regularly and use of firewalls and username/password and other access control requirements, among other recommended best practicesconsistently.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. New York privacy compliance guide and CodeHS privacy policy can be found here: ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇/privacy/newyork Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In As required by the NIST Cybersecurity Framework, in order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, MLSA,
a. Vendor will have the following reasonable administrative, technical, operational operational, and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces MLSA:
i. Data Security:
1. Data-at-rest & data-in-transit is encrypted 2. Data leak protections are implemented
ii. Information Protection Processes and Procedures:
1. Data destruction is performed according to those individualscontract and agreements
2. A plan for vulnerability management is developed and implemented
iii. Protective Technology:
1. Log/subcontractors that need access audit records are ascertained, implemented, documented, and reviewed according to provide the services; use of the Protected Data policy 2. Network communications are protected
iv. Identity Management, Authentication and Access Control:
1. Credentials and identities are issued, verified, managed, audited, and revoked, as applicable, for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.authorized dev
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor’s privacy policy can be found here: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy-policy/ Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In As required by the NIST Cybersecurity Framework, in order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, MLSA,
a. Vendor will have the following reasonable administrative, technical, operational operational, and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces MLSA:
i. Data Security:
1. Data-at-rest & data-in-transit is encrypted 2. Data leak protections are implemented
ii. Information Protection Processes and Procedures:
1. Data destruction is performed according to those individualscontract and agreements
2. A plan for vulnerability management is developed and implemented
iii. Protective Technology:
1. Log/subcontractors that need access audit records are ascertained, implemented, documented, and reviewed according to provide the services; use of the Protected Data policy 2. Network communications are protected
iv. Identity Management, Authentication and Access Control:
1. Credentials and identities are issued, verified, managed, audited, and revoked, as applicable, for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.authorized dev
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation A copy of internal acces to those individualsWorld Book, Inc.’s Privacy Policy is attached. It is also available on our website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/wb/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and usernamesubscribe/password and other access control requirements, among other recommended best practices.Help?id=privacy.html
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation July 1, 2023 - June 30, 2026 [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.See Attachment – SFI- Information Security Plan]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _✓_will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or Our privacy policy is located online at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/privacy- policy/
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide Please see the services; use of the Protected attached Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Handling and use of firewalls and username/password and other access control requirements, among other recommended best practicesPrivacy Statement.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.. For the avoidance of doubt, sub-contractors shall not include Vendor’s cloud hosting provider, and vendors used in the ordinary course of business who perform technology and software development and maintenance services under Vendor’s supervision on Vendor’s internal systems
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expiresexpires and written request is received from the applicable Participating Educational Agency, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor ▇▇▇▇▇▇▇ agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor ▇▇▇▇▇▇▇ and is set forth below. Additional elements of Vendor’ ▇▇▇▇▇▇▇’▇ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor ▇▇▇▇▇▇▇ will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the See attached data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsagreement _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor ▇▇▇▇▇▇▇ AGREEMENT, Vendor ▇▇▇▇▇▇▇ will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor ▇▇▇▇▇▇▇ AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.See attached data security agreement
(c) Vendor ▇▇▇▇▇▇▇ will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor ▇▇▇▇▇▇▇ has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior Ongoing training as processes are implemented to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, ensure best practices and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]procedures
(e) Vendor ▇▇▇▇▇▇▇ [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor FOG ARTY AGREEMENT. In the event that Vendor ▇▇▇▇▇▇▇ engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor ▇▇▇▇▇▇▇ AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor ▇▇▇▇▇▇▇ AGREEMENT,” below.
(f) Vendor ▇▇▇▇▇▇▇ will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor ▇▇▇▇▇▇▇ will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor ▇▇▇▇▇▇▇ will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES XXXX BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES XXXX BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor will comply with all obligations set forth in B OCES XXXX BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES XXXX BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES XXXX BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces access control policy designed to those individuals/subcontractors that need restrict access to provide the services; use of the any Protected Data for only the purposes permitted hereunderto authorized personnel; use background screening and employee training; encryption of encryption technology data when in transit to protect Protected Data in motion]or Hosted Services and stored encrypted at rest from unauthorized disclosures in accordance with best practicesrest; and use of firewalls and username/password and other access control requirementsthe measures outlined in Vendor’s Information Security Schedule, among other recommended best practices.which is attached as Attachment 1 to this Exhibit D.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.. DocuSign Envelope ID: 1EB45D86-3E6A-478D-84B2-7462BE67C97F
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] [ X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying confirmed breaches and unauthorized disclosures, and Vendor will provide prompt notification of any confirmed breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Upon written request, Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it As more fully described herein, throughout the term of the Master Agreement, Brisk Teaching will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data received it receives from Participating Educational Agencies in accordance the District. Brisk Teaching’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the BOCES Parents terms of the District’s Bill of Rights for Data Privacy Security and SecurityPrivacy, a copy of which is set forth below and has been signed by Vendor and is set forth belowthe Brisk Teaching. Additional elements components of Vendor’ Brisk Teaching’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
(a) In order to Brisk Teaching will implement all state, federal, and local data security and privacy requirements, requirements including those contained within the Master Agreement and this DPAData Sharing and Confidentiality Agreement, consistent with BOCES the District’s data security _ ] and privacy policy.
(b) Brisk Teaching will have specific administrative, Vendor will: [ at operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement.
(c) Brisk Teaching will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a minimumMaster Agreement between Washington- Saratoga-▇▇▇▇▇▇-▇▇▇▇▇▇▇▇-Essex BOCES and Brisk Teaching”. Brisk Teaching’s obligations described within this section include, but are not limited to:
i. its obligation to require that any subcontractors or other authorized person who persons or entities to whom it may hav to disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor Brisk Teaching by state and federal law and this DPA; the Master Agreement shall apply to the subcontractor, and ii. its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination termination, expiration or assignment (to the extent authorized) of this DPA; the Master Agreement.
(d) Brisk Teaching has provided or will provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _].
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor Brisk Teaching will manage data security and privacy incidents that implicate Protected Data, including Data and will develop and implement plans to identify breaches and unauthorized disclosures, and Vendor . Brisk Teaching will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 6 5 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policyAmendment, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on the federal Data Sharing and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsConfidentiality Agreement.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTAgreement, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTAgreement: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicesSee Section 3(b) above.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about in the AGREEMENTAgreement” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] _X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTAgreement and agrees to be responsible for their performance subject to the terms of the Agreement and this Amendment. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” belowThe list of subcontractors is located at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en-us/trust-center/privacy/data- access#subcontractors
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality AgreementAmendment.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT Agreement is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation The CapProSoft suite of internal acces software does not contain any personally identifiable information relative to those individuals/subcontractors that need access to provide Students, Teachers, Principals, and or Protected Data. The platform is hosted by the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures RIC and in accordance with best practices; and use of firewalls and username/password and other access control the hosting RIC’s data privacy requirements, among other recommended best practices.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will X_will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation [See attachment at end of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.document]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with laws
(b) conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.MLSA:
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor CENGAGE LEARNING/▇▇▇▇ agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor CENGAGE LEARNING/▇▇▇▇ and is set forth below. Additional elements of Vendor’ CENGAGE LEARNING/▇▇▇▇’▇ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor CENGAGE LEARNING/▇▇▇▇ will: [ at take reasonable steps designed to ensure the reliability of its staff and that they are subject to a minimumbinding written contractual obligation with CENGAGE LEARNING/▇▇▇▇ to keep the Protected Data confidential (except where disclosure is required in accordance with mandatory applicable laws, require that in which case CENGAGE LEARNING/▇▇▇▇ shall, where practicable and not prohibited by mandatory applicable law, notify BOCES of any subcontractors or such requirement before such disclosure) and any other authorized person acting under its supervision who may hav come into contact with, or otherwise have access to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage require that such personnel are aware of their responsibilities under this AGREEMENT and any security incidents in accordance with lawsmandatory applicable privacy laws (or CENGAGE LEARNING/▇▇▇▇’▇ own written binding policies that are at least as restrictive as this AGREEMENT).
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor CENGAGE LEARNING/▇▇▇▇ will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation A summary of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data CENGAGE LEARNING/▇▇▇▇ technical security measures are included in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicesExhibit 3: Cengage Learning Information Security Program Overview.
(c) Vendor CENGAGE LEARNING/▇▇▇▇ will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor CENGAGE LEARNING/▇▇▇▇ has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person provide staff with appropriate privacy and security training sessions to and monitor its employees and contingent workers for compliance with access the CENGAGE LEARNING/▇▇▇▇ privacy and security program requirements on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _].
(e) Vendor CENGAGE LEARNING/▇▇▇▇ [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor CENGAGE LEARNING/GALE engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor CENGAGE LEARNING/▇▇▇▇ will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor CENGAGE LEARNING/GALE will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor CENGAGE LEARNING/GALE will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: See Vendor AGREEMENTData Security and Privacy Plan at: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; ▇▇▇▇▇://▇▇▇▇▇.▇▇▇▇.▇▇▇/nwea-ny-privacy-and-security-plan.html and use of firewalls Vendor Security Whitepaper at: ▇▇▇▇▇://▇▇▇▇▇.▇▇▇▇.▇▇▇/map-growth-information-security- whitepaper.html (also attached as Exhibit E-2 and username/password and other access control requirements, among other recommended best practices.E-3)
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors Tequipment agrees that need access to provide it will protect the services; use confidentiality, privacy and security of the Protected Data for only received, as outlined in the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; data security and use of firewalls and username/password and other access control requirements, among other recommended best practicesprivacy plan.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will X_will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation Nearpod will ensure that only the employees, contractors, and sub- processors who have a “need to know” access to any Protected Data, actually have Page 18 of internal acces 2 access to those individuals/subcontractors the Protected Data by instituting separate types of user- permissions on the Nearpod platform back-end. Additionally, Nearpod will ensure that need access all employees, contractors, and sub-processors sign confidentiality agreements and non- disclosure agreements that limit the use of the data that is received in the course of their relationship with Nearpod to the limited purpose of providing the services needed to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology Nearpod services to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Erie 1 BOCES. Additionally, Nearpod will abide by its privacy policy, attached hereto and use of firewalls and username/password and other access control requirements, among other recommended best practicesincorporated by reference.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] X will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor BRAINPOP LLC agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill ▇▇▇▇ of Rights for Data Privacy and Security, a copy of which has been signed by Vendor BRAINPOP LLC and is set forth below. Additional elements of Vendor’ BRAINPOP LLC’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor BRAINPOP LLC will: [ at a minimumcomply with FERPA and COPPA. For more information on our privacy and security practices, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsplease review our privacy policy ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/about/privacy_policy/ _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor BRAINPOP LLC will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need [Data will be encrypted in transit and at rest. Servers are locked, secured, monitored, and protected by a firewall. Servers are stored in the U.S. and backed up daily. Subscribers can only access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicestheir own data.
(c) Vendor BRAINPOP LLC will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor BRAINPOP LLC has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior Employees receive training regarding data security and a limited number of employees are granted access to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, Protected Data accounts. Background checks and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]is company- wide for all employees.
(e) Vendor BRAINPOP LLC [check one] ⌡ will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor BRAINPOP LLC engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor BRAINPOP LLC will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor BRAINPOP LLC will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor BRAINPOP LLC will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAAgreement, consistent with BOCES BOCES’ data security _ ] and privacy policy, Vendor willVendor’s shall perform as follows: [ at (ISP) informed by routine risk analysis, industry best practices, and legal standards for the housing and management of legally protected information (PI). The Bidder’s ISP meets the criteria for compliance required for “Business Associates” under the HIPAA Security and HIPAA Privacy Rules and legislation governing the appropriate storage and handling of student and teacher personally identifiable information (PII) by “3rd-Party Contractors,” including (but not limited to) NYS Education Law 2-d. The Bidder will implement and maintain all state, federal and local data security and privacy requirements over the term of the Agreement in a minimum, require manner that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging is consistent with the data protection obligations imposed on Vendor security and privacy policies of the OCM BOCES and each Participating Educational Agency that purchase Bidder’s products and/or services pursuant to the Agreement by state maintaining the implementation of required administrative, physical, and federal law and this DPA; follow certain procedures for technical safeguards stipulated in the deletion regulations. evaluation of the Bidder’s compliance in response to environmental and/or destruction operational changes affecting the security of Protected Data upon termination of this DPA; provide training on the Customer data. Changes to state, federal and state local data security and privacy requirements are defined as in-scope “environmental changes” and, as such, are monitored, evaluated, and integrated (or otherwise appropriately responded to) with other environmental and operational changes impacting the security and privacy of protected data to ensure consistent Bidder compliance. When a new Participating Educational Agency becomes a user of Bidder software and associated deployment and support services pursuant to this RFB, the Bidder will review and sign the Agency’s “Parent’s Bill of Rights” and supplemental data security and privacy-related provisions, provided such requirements do not conflict with or weaken the Bidder’s implemented administrative, physical, and technical safeguards and practices or violate applicable laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawsregulations.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTreceives, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTagreement between the parties: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; • Security Management Process – Risk analysis procedure, risk management procedure, sanction policy, information system activity monitoring and use of firewalls and username/password and other access control requirements, among other recommended best practicesreview procedures.
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation The security and privacy plan is provided separately as "▇▇▇▇▇▇▇ Clinical Assessments Information Security Controls Alignment w NIST 20210921" [Insert here – also provide a copy of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Security and use of firewalls and username/password and other access control requirements, among other recommended best practices.Privacy Plan]
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not may utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENTMLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor PROQUEST agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor PROQUEST and is set forth below. Additional elements of Vendor’ PROQUEST’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security _ ] and privacy policy, Vendor PROQUEST will: [ at a minimum, require that any subcontractors or other authorized person who may hav Review its data security and privacy policy and practices to Protected Data execute written agreements acknowledging ensure they are in conformance with all applicable laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event PROQUEST’S policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, PROQUEST will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor PROQUEST will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; :. PROQUEST will protect and use of the Protected Data for only consistent with its published privacy statements and privacy policy (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/about/Privacy-Home.html) which reflect the purposes permitted hereunder; use of encryption technology to protect Protected requirements set out in the EU General Data in motion]or at rest from unauthorized disclosures in accordance with best practices; Protection Regulation (GDPR), Family Educational Rights and use of firewalls and username/password Privacy Act (FERPA), 20 U.S.C. Section 1232[g],et seq , the Children’s Online Privacy Protection Act (COPPA) and other access control requirements, among other recommended best practicesapplicable data protection and privacy laws.
(c) Vendor PROQUEST will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor PROQUEST has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior PROQUEST provides annual information security training to 2021all employees to ensure that these individuals are aware of and familiar with PROQUEST security and privacy policies and required compliance with applicable laws. If applicable, Vendor provided in-person training sessions to PROQUEST will require that officers or employees of subcontractors or assignees comply with access on a regular basis, applicable laws and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]PROQUEST policies.
(e) Vendor PROQUEST [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor PROQUEST engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor PROQUEST will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor PROQUEST will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor PROQUEST will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the follow established practices for data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with lawssecurity. _ ]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology AIS enforces safeguards and practices to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.customer data
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person Security training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]is part of AIS training
(e) Vendor [check one] will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Sources: Data Privacy & Security
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’ ’s Data Security and Privacy Plan are as follows:
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security _ ] and privacy policy, Vendor will: [ at a minimumReview its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging state, and local laws and the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination terms of this DPA; provide training on Data Sharing and Confidentiality Agreement. In the federal event Vendor’s policy and state laws governing confidentiality of Protected Data; and manage any security incidents practices are not in accordance with lawsconformance, the Vendor will implement commercially reasonable efforts to ensure such compliance.
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENTMLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENTMLSA: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practicesSee below.
(c) Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021Annually, Vendor provided in-person training sessions to will require that all of its employees with access on a regular basis, (or officers or employees of any of its subcontractors or assignees) undergo data security and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules to ensure that _]these individuals are aware of and familiar with all applicable data security and privacy laws.
(e) Vendor [check one] will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Vendor AGREEMENTMLSA,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.
Appears in 1 contract
Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows:.
(a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws[as required]
(b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices.as required ]
(c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below.
(d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _]as required
(e) Vendor [check one] x will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Vendor AGREEMENT. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Vendor AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Vendor AGREEMENT,” below.
(f) Vendor will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement.
(g) Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.
Appears in 1 contract
Sources: Data Privacy Agreement