Common use of Data Validation Clause in Contracts

Data Validation. Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider shall return or destroy all confidential information received from CPS, or created or received by Provider on behalf of CPS. ● In the event that Provider determines that returning or destroying the confidential information is infeasible, Provider shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.

Data Validation. Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider shall return or destroy all confidential information received from CPS, or created or received by Provider on behalf of CPS. ● In the event that Provider determines that returning or destroying the confidential information is infeasible, Provider shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXXNIST, XXX 00000 ISO 27000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.