Confidential State Data definition

Confidential State Data is defined as data deemed confidential by State or Federal statute or regulation. The Contractor shall protect Confidential State Data as follows: (1) The Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data. (2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current version of Federal Information Processing Standard (“FIPS”) 140 -2 validated encryption technologies. (3) The Contractor and the Contractor’s processing environment containing Confidential State Data shall either (1) be in accordance with at least one of the following security standards: (i) International Standards Organization (“ISO”) 27001; (ii) Federal Risk and Authorization Management Program (“FedRAMP”); or (2) be subject to an annual engagement by a CPA firm in accordance with the standards of the American Institute of Certified Public Accountants (“AICPA”) for a System and Organization Controls for service organizations (“SOC”) Type II audit. The State shall approve the SOC audit control objectives. The Contractor shall provide proof of current ISO certification or FedRAMP authorization for the Contractor and Subcontractor(s), or provide the State with the Contractor’s and Subcontractor’s annual SOC Type II audit report within 30 days from when the CPA firm provides the audit report to the Contractor or Subcontractor. The Contractor shall submit corrective action plans to the State for any issues included in the audit report within 30 days after the CPA firm provides the audit report to the Contractor or Subcontractor. If the scope of the most recent SOC audit report does not include all of the current State fiscal year, upon request from the State, the Contractor must provide to the State a letter from the Contractor or Subcontractor stating whether the Contractor or Subcontractor made any material changes to their control environment since the prior audit and, if so, whether the changes, in the opinion of the Contractor or Subcontractor, would negatively affect the auditor’s opinion in the most recent audit report. No additional funding shall be allocated for these certifications, authorizations, or audits as these are included in the Estimated Liability of this Contract. Contractor shall meet all applicable requirements of the most current version of Internal Revenue Service Publication 1075. Contractor shall meet requirements of current version of Minimum Acceptable Risk S...

Split View

AI-Powered Contracts

Draft, Review & Redline at the Speed of AI

Get StartedBook a Demo

Confidential State Data is defined as data deemed confidential by State or Federal statute or regulation. The Contractor shall protect Confidential State Data as follows: (1) The Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data. (2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current version of Federal Information Processing Standard (“FIPS”) 140-2 validated encryption technologies. (3) The Contractor and the Contractor’s processing environment containing Confidential State Data shall either (1) be in accordance with at least one of the following security standards: (i) International Standards Organization (“ISO”) 27001; (ii) Federal Risk and Authorization Management Program (“FedRAMP”); or

Confidential State Data is defined as data deemed confidential by State or Federal statute or regulation. The Contractor shall protect Confidential State Data as follows: (1) The Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data. (2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current version of Federal Information Processing Standard (“FIPS”) 140-2 or 140-3 (current applicable version) validated encryption technologies. The State shall control all access to encryption keys. The Contractor shall provide installation and maintenance support at no cost to the State. (3) The Contractor and the Contractor’s processing environment containing Confidential State Data shall either (1) be in accordance with at least one of the following security standards: (i) International Standards Organization (“ISO”) 27001; (ii) Federal Risk and Authorization Management Program (“FedRAMP”); or (2) be subject to an annual engagement by a CPA firm in accordance with the standards of the American Institute of Certified Public Accountants (“AICPA”) for a System and Organization Controls for service organizations (“SOC”) Type II audit. The State shall approve the SOC audit control objectives. The Contractor shall provide proof of current ISO certification or FedRAMP authorization for the Contractor and Subcontractor(s), or provide the State with the Contractor’s and Subcontractor’s annual SOC Type II audit report within 30 days from when the CPA firm provides the audit report to the Contractor or Subcontractor. The Contractor shall submit corrective action plans to the State for any issues included in the audit report within 30 days after the CPA firm provides the audit report to the Contractor or Subcontractor. If the scope of the most recent SOC audit report does not include all of the current State fiscal year, upon request from the State, the Contractor must provide to the State a letter from the Contractor or Subcontractor stating whether the Contractor or Subcontractor made any material changes to their control environment since the prior audit and, if so, whether the changes, in the opinion of the Contractor or Subcontractor, would negatively affect the auditor’s opinion in the most recent audit report. No additional funding shall be allocated for these certifications, authorizations, or audits as these are included in the Maximum Liability of this Contract. (4) The Contractor must a...

Examples of Confidential State Data in a sentence

• No Confidential State Data received, obtained, or generated by the Party in connection with performance under this Agreement shall be processed, transmitted, stored, or transferred by any means outside the United States, except with the express written permission of the State.

• The Contractor shall notify the Department in writing (electronically) within two Business Days of becoming aware of any breach of Confidential State Data, unauthorized transmission of State Data, or any allegation or suspected violation of security procedures of the State.

• Contractor shall protect Confidential State Data as follows: Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data.

• No Confidential State Data received, obtained, or generated by Contractor in connection with performance under this Agreement shall be processed, transmitted, stored, or transferred by any means outside the United States, except with the express written permission of the State.

• Contractor shall report to the State: (i) the nature of the Security Breach; (ii) the Confidential State Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure; and (v) what corrective action the Contractor has taken or shall take to prevent future similar unauthorized use or disclosure.

• For information technology projects that involve Confidential State Data, the Contractor shall assure that each Sub-vendor submitting a project quote is, or will become, compliant with applicable requirements of contract section E.18., “Contractor Hosted Services and Confidential Data” prior to beginning work on the project, as applicable.

• Confidential State Data is defined as State data deemed confidential by State or Federal statute or regulation.

• To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with Confidential State Data, the Contractor shall cause HITRUST audit report to be conducted annually.

• Contractor services include the creation of and access to Confidential State Data.

• To the extent that Contractor shall have access to “Confidential State Data”, Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data.

More Definitions of Confidential State Data

Confidential State Data is defined as data deemed confidential by State or Federal statute or regulation that is processed by the Hosted Services or in connection with the Hosted Services, excluding Administrative Data, Payment Data, Support Data and Telemetry Data. The following provisions shall only apply if an Order expressly says that they apply to such Order:

Confidential State Data is defined as data deemed confidential by State or Federal statute or regulation and provided pursuant to this agreement. The Contractor shall protect Confidential State Data as follows: (1) The Contractor shall ensure that all Confidential State Data is housed in the continental United States, inclusive of backup data. (2) The Contractor shall encrypt Confidential State Data at rest and in transit using the current version of Federal Information Processing Standard (“FIPS”) 140 -2 validated encryption technologies. (3) The Contractor and the Contractor’s processing environment containing Confidential State Data shall either (1) be in accordance with at least one of the following security standards: (i) International Standards Organization (“ISO”) 27001; (ii) Federal Risk and Authorization Management Program (“FedRAMP”); or (2) be subject to an annual engagement by a CPA firm in accordance with the standards of the American Institute of Certified Public Accountants (“AICPA”) for a System and Organization Controls for service organizations (“SOC”) Type II audit. The following Trust Service Criteria (TSC) shall be components of the Contractor’s SOC examination: (1) security; (2) availability;