Security and Privacy Plan Sample Clauses
Security and Privacy Plan. As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows:
(a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy.
(b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement.
(c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Washington-Saratoga-▇▇▇▇▇▇-▇▇▇▇▇▇▇▇-Essex BOCES and Assistiveware ”. Vendor’s obligations described within this section include, but are not limited to:
i. its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and ii. its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement.
(d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access.
(e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provi...
Security and Privacy Plan. Contractor, in its role as LO as well as Data Vendor, must maintain compliance with applicable security and privacy standards for collecting data, maintaining data, and transferring data to approved Data Requestors while complying with all with all HCA and WA OCIO policies and standards. If any new or updated security reviews are requested, Contractor and Data Vendor must submit detailed descriptions to HCA and WA OCIO to ensure robust security measures are in place and fully participate in the review activities. Contractor must develop a Security and Privacy Plan that includes: • Demonstrating internal controls and affiliations with separate organizations as appropriate to ensure safe data collection, security of the data with state-of- the-art encryption methods, and data review for accuracy and quality assurance; • Process for Data Suppliers to submit data in a secure manner; • Data storage practices, using secure servers that are compliant with HIPAA Security Rule guidelines and OCIO Policy 141.10; and • Process for maintaining state of the art security standards for securely transferring data to approved Data Requestors.