DSHS DATA SECURITY REQUIREMENTS Sample Clauses

DSHS DATA SECURITY REQUIREMENTS. A. Data Transport – when transporting DSHS Confidential Information electronically, including via email, the data will be protected by: 1. Transporting the data within the State Governmental Network (SGN) or the Service Provider’s internal network, or; 2. Encrypting any data that will be in transit outside the SGN or Service Provider’s internal network. This includes transit over the public internet. B. Protection of Data – the Service Provider agrees to store data on one or more of the following media and protect the data as described: 1. Hard disk drives. Data stored on local workstation hard disks. Access to the data will be restricted to authorized users by requiring logon to the local workstation using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. 2. Network server disks. Data stored on hard disks mounted on network servers and made available through shared folders. Access to the data will be restricted to authorized users through the use of access control lists which will grant access only after the authorized user has authenticated to the network using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. 3. For DSHS confidential data stored on these disks, deleting unneeded data is sufficient as long as the disks remain in a secured area and otherwise meet the requirements listed in the above paragraph. Data disposition may be deferred until the disks are retired, replaced, or otherwise taken out of the secure environment. 4. Optical disks (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a secure area. When not in use for the contracted purpose, such discs must be locked in a drawer, cabinet, or other container to which only authorized users have the key, combination, or mechanism required to access the contents of the container. Workstations which access DSHS data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key,...