Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the Provider. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider shall return or destroy all confidential information received from CPS, or created or received by Provider on behalf of CPS. ● In the event that Provider determines that returning or destroying the confidential information is infeasible, Provider shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.
Appears in 6 contracts
Samples: Services Agreement, Master Agreement, Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform. ● Documented security controls in place to protect sensitive and/or confidential information.
Appears in 1 contract
Samples: Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.. ● Documented security controls in place to protect sensitive and/or confidential information. EXHIBIT D Informed Consent for COVID-19 Vaccine Administration (Non-CPS Student Form) I hereby give my consent to CIMPAR, S.C. (“Cimpar”) and its personnel to administer the COVID-19 vaccine (the “Vaccine”). I understand that the Vaccine is a two-part vaccine series. By signing this consent, I am agreeing that I will receive the first and second part of the Vaccine series. I understand that the common risks associated with the Vaccine include but are not limited to pain, redness or swelling at the site of injection, tiredness, headache, muscle pain, chills, joint pain, fever, nausea, feeling unwell or swollen lymph nodes (lymphadenopathy). I understand that the Vaccine may cause a severe allergic reaction which can include anaphylaxis (difficulty breathing, swelling of the face and throat, a fast heartbeat, a rash all over the body, dizziness and/or weakness). I understand that these may not be all the side effects of the Vaccine as the Vaccine is still being studied in clinical trials. I also understand that it is not possible to predict all possible side effects or complications which could be associated with the Vaccine. I understand that the long-term side effects or complications of the Vaccine are not known at this time. I have received and read or had explained to me the FDA’s Fact Sheet on the Vaccine. I also acknowledge that I have had a chance to ask questions and that such questions were answered to my satisfaction. Further, I acknowledge that I have been advised that I should remain near the vaccination location for observation for approximately 15 to 30 minutes after administration. I acknowledge that Cimpar and its affiliates, officers, directors, employees and agents expressly disclaim any responsibility for the Vaccine or its administration. My consent is given in light of this knowledge, and in consideration of Cimpar administering the Vaccine. I, for myself and my heirs, administrators, trustees, executors, assigns and successors in interest, hereby release and hold harmless Cimpar, its affiliates, successors, assigns, officers, trustees, employees, volunteers and agents from and against any and all demands, damages, losses, costs, expenses, obligations, liabilities, claims, actions and cause of action (whether any of which is groundless or otherwise) of any nature whatsoever (including, without limitation, reasonable attorney’s fees and court costs) by reason of or resulting, in any way, from any and all acts, accidents, events, occurrences, omissions and the like related to, or arising out of, directly or indirectly, my receipt of the Vaccine. CIMPAR MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE REGARDING THE VACCINE OR ITS EFFECTIVENESS. I understand that Cimpar will xxxx my insurance company for administering the Vaccine. I agree to supply such information as reasonably requested by Cimpar with respect to billing my insurance. By executing this Consent, I authorize Cimpar to disclose the fact that I will receive or have received the COVID-19 Vaccine to Chicago Public Schools (“CPS”). I understand that if Cimpar bills my insurance and CPS is also my health insurer, CPS’ health benefit plan will have access to my health information. I further understand and agree that Cimpar may be required to submit Vaccine administration data to the Illinois Comprehensive Automated Immunization Registry Exchange (I-CARE) and report moderate and severe adverse events following vaccination to the federal Vaccine Adverse Event Reporting System (VAERS). Name: Signature: Date: EXHIBIT E Informed Student Consent for COVID-19 Vaccine Administration As the parent or guardian of the below named child, I understand that I am giving my child’s consent for Cimpar, S.C.(“Cimpar”) and its personnel to administer the COVID-19 vaccine, or other eligible COVID-19 vaccines authorized and recommended by the Centers for Disease Control and Prevention (“CDC”) (the “Vaccine”) to my child. I understand that the Vaccine is a two-part vaccine series. By signing this consent, I am agreeing that my child be administered the first and second part of the Vaccine series. I understand that the common risks associated with the Vaccine include but are not limited to pain, redness or swelling at the site of injection, tiredness, headache, muscle pain, chills, joint pain, fever, nausea, feeling unwell or swollen lymph nodes (lymphadenopathy). I understand that the Vaccine may cause a severe allergic reaction which can include anaphylaxis (difficulty breathing, swelling of the face and throat, a fast heartbeat, a rash all over the body, dizziness and/or weakness). I understand that these may not be all the side effects, including effects on minor children, of the Vaccine as the Vaccine is still being studied in clinical trials. I also understand that it is not possible to predict all possible side effects or complications which could be associated with the Vaccine. I understand that the long-term side effects or complications of the Vaccine are not known at this time. I have received and read or had explained to me the FDA’s Fact Sheet on the Vaccine (xxxxx://xxx.xxx.xxx/coronavirus/2019-ncov/vaccines/different-vaccines.html). I also acknowledge that I have had a chance to ask questions and that such questions were answered to my satisfaction. Further, I acknowledge that I have been advised that my child should remain near the vaccination location for observation for approximately 15 to 30 minutes after administration. I acknowledge that I have discussed all precautions and information with my child. I acknowledge that a licensed medical provider offering care, treatment, diagnosis, or advice without charge on behalf of CPS is not liable for civil damages resulting from his or her acts or omissions in providing such medical care, treatment, diagnosis, or advice except for willful or wanton misconduct. By signing below, I hereby release and hold harmless THE BOARD OF EDUCATION OF THE CITY OF CHICAGO, its members, trustees, agents, officers, contractors, volunteers and By employees (“CPS”) from any liability which may accrue to me or to my child, for any and all losses, injuries, damages to me or my child, both known and unknown, foreseen and unforeseen, arising in connection with my child receiving the Vaccine whether or not said losses, injuries, damages, or liabilities result in whole or part from the negligence from the negligence of Cimpar or CPS, its members, trustees, employees, officers, contractors, volunteers, agents, or representatives. I further acknowledge that Cimpar and its affiliates, officers, directors, employees, and agents expressly disclaim any responsibility for the Vaccine or its administration. My consent is given in light of this knowledge, and in consideration of Cimpar administering the Vaccine. I, for myself, my child, and my heirs, administrators, trustees, executors, assigns and successors in interest, hereby release and hold harmless Cimpar, its affiliates, successors, assigns, officers, trustees, employees, volunteers and agents from and against any and all demands, damages, losses, costs, expenses, obligations, liabilities, claims, actions and cause of action (whether any of which is groundless or otherwise) of any nature whatsoever (including, without limitation, reasonable attorney’s fees and court costs) by reason of or resulting, in any way, from any and all acts, accidents, events, occurrences, omissions and the like related to, or arising out of, directly or indirectly, my receipt of the Vaccine. CIMPAR MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING EXHIBIT E BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE REGARDING THE VACCINE OR ITS EFFECTIVENESS. I authorize Cimpar to use my child’s Medicaid, ALL KIDS number, or private health insurance for billing purposes only. I understand that if I fail to sign this Consent Form and Release of Liability, my child will not receive any services under this program including the Vaccine. I understand that Cimpar will xxxx my insurance company for administering the Vaccine. I agree to supply such information as reasonably requested by Cimpar with respect to billing my insurance. I further acknowledge and understand the following: COVID-19 vaccination providers cannot: ● Charge my child or me for a vaccine ● Charge my child or me directly for any administration fees, copays, or coinsurance ● Deny vaccination to anyone who does not have health insurance coverage, is underinsured, or is out of network ● Charge an office visit or other fee to the recipient if the only service provided is a COVID-19 vaccination ● Require additional services in order for a person to receive a COVID-19 vaccine; however, additional healthcare services can be provided at the same time and billed as appropriate
Appears in 1 contract
Samples: Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.
Appears in 1 contract
Samples: Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider solution Vendor Solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Thus, the Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS upon request from CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will must be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, API, or a by placing the data in an online shared storage facility securityfacility. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development development, or permissioning must be documented. ● Data exchanges with CPS shall be done in an automated fashiondocumented and approved by CPS. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team and Identity and Access Management teams to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up dailydaily (at least every 24 hours, unless other terms expressed), with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must The Solution must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspxxxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx , xxxxx://xxxxxx.xxx.xxx/download.aspx?ID=77) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a access controls and security plan policies and incident plans that complies with XXXXNIST, XXX 00000 series ISO / IEC 27001, and current CPS approved security policies. ● Report to the CIO or the Information Security Director of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systemsimpact CPS. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes describe how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, XXXX protocol / Rapid ID, or other CPS approved SSO service platformplatforms. (XXXX, OAuth, OpenID Connect, WS -Federation, CAS) Disentanglement (end of contract) Vendor will work with CPS to establish a Disentanglement Plan (DP) for the end of the Contract term (including any renewals), as a deliverable, which should include the transfer of all CPS generated information and deleting all CPS information from the system after CPS receives and validates the data. Vendor shall not assume any liberty to use aggregate or scrabbled CPS data without written permission. During the Contract (Data Lifecycle Plan) term (including any renewals), Vendor shall delete the Board’s data when no longer necessary to provide the Services outlined in the Contract. This would include working or backup copies of CPS data, data used in Development or Staging environments, or data from previous school years that are no longer required for Vendor to provide Services. THIS CONTRACT WILL BE POSTED ON THE CPS WEBSITE. EXHIBIT F TRANSITION, IMPLEMENTATION, AND MANAGEMENT PLAN SEE ATTACHED. Chicago Public Schools, Web Content Filtering Services T. Transition, Implementation, and Management Plan Proposer shall provide a Transition, Implementation, and Management Plan indicating how it will provide the Products and Services described in this RFP. Proposer must detail the methodology and approach for transitioning to (as applicable), implementing, managing and providing the Products and Services (both implementation and ongoing services described in this RFP). Methodology should include Proposer’s approach to providing Products and Services, including without limitation transition (as applicable), project management, scheduling, budget management and quality management. CDW•G Project Management Overview CDW•G routinely plans and manages complex technical projects that provide significant business value to our customers. We believe effective project management requires ownership, leadership, careful attention to the plan elements and an appropriate level of communication amongst team members. As such, our typical plans will include weekly project status meetings, communication of project activities, and provisions for immediate contact between the customer and your project management team. Your Project Manager provides a single point of contact and escalation for engineers, partners, and you, the customer. We combine industry standard project management tools and methodologies with the extensive knowledge of our partners, supply-chain, and logistics to plan, execute, and control projects. We designed our standard project management procedures for structured deployments to ensure that our work and deliverables are complete and accurate, and that our customers fully understand what is expected. We begin our process by defining the project scope. During this phase, we will work with you to define the dependencies and responsibilities, for CDW•G, Lightspeed Systems, and for Chicago Public Schools, for each phase of the project. By the time the deployment phase begins, each side has a clear understanding of what duties are required, and what to expect, in terms of roles, timeline, technical impact, and interaction between teams. Most of our project plans consist of modular components, which allow us to address your needs with minimum overhead. Upon award, we will work with you to create a detailed project plan and milestones specific to your project requirements. Once established, any changes to the project timeline, project scope, or revision of requirements are addressed through a change request process. We will inform the team at CPS of any potential changes to the project timeline. Chicago Public Schools, Web Content Filtering Services CDW•G Structured Deployment Methodology CDW•G applies methodologies based on Project Management Institute (PMI) standards and internal best practices to all our service engagements. Our Services Management Approach represents a mature application of project management skills, methodologies, and tools integrated with an effective application of superior customer service and consistent communication amongst team members. We define a successful project as one that meets project objectives, is delivered on time, within budget, and with high customer satisfaction. Our experience with complex projects has allowed CDW•G to continually refine our project management processes. We utilize PMI-based best practices combined with real-world lessons learned to effectively manage our projects. This methodology has resulted in a standard for how we choose the people we hire, the way we structure our project teams, and the project milestones we set for client acceptance. For this project, your dedicated Project Manager will be aligned directly to Lightspeed Systems to optimize the speed and efficiency for response times and any troubleshooting that needs addressing within your customized web filtering system. Your dedicated, longstanding CDW•G account team is also of course always available. Further, these dedicated support resources will not only be available for the requested 90 days of enhanced post-implementation support from the date the Board accepts the solution as implemented, but also for the full life of the contract. Upon award, we will schedule preliminary meetings to assess your unique user requirements and needs. Your Project Manager will work directly with the CPS team to recommend, select, and appropriately scale components to create customized Transition, Implementation, and Project Management Plans, including testing and training plans, that will efficiently achieve your desired outcome. On the following pages, please find sample project plans from Lightspeed Systems, and CDW•G to give the District a sense of how our organizations approach these requirements. Sample plans include: ▪ Installation and Migration Plan ▪ Training Plan ▪ Project Management Plan Additionally, we have included a compliance matrix summarizing our responses to Selection Acceptance Criteria, Initial Implementation, Test Plan and Implementation, Ongoing Support Services, Management and Additional Services requirements outlined in the RFP. In addition, both CDW-G and Lightspeed Systems acknowledge the requirements set forth in Attachment K: CPS Information, Integration, and Data Management of the RFP, and look forward to discussing further should we be awarded this opportunity. Chicago Public Schools, Web Content Filtering Services Compliance Matrix Solution Acceptance Criteria Requirements Comply/Understood? Y N The Solution will be implemented by the awarded Proposer at no cost to the Board until the Solution is accepted in writing by the authorized Board representative as designated by the Chief Information Officer (or Interim Chief information Officer, as the case may be) (“CIO”) X The installed equipment and services will need to be able to scale to full production, and the equipment and services will shift to a production role once accepted by the Board X The Solution must have the capability to fall back to the Board’s existing web filtering solution. At no time will the Solution cause the Board to be in breach of CIPA compliance. X During the implementation, at any time the Board may determine that the Solution has failed to meet the District’s Acceptance Criteria, including but not limited to the below- listed factors. If the awarded Proposer is unable to cure such failure within thirty (30) days after notice from Board, the Board, at its sole discretion, may opt to terminate the contract.
Appears in 1 contract
Samples: Contract for Web
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.. ● Documented security controls in place to protect sensitive and/or confidential information. EXHIBIT E Informed Consent for COVID-19 Vaccine Administration I hereby give my consent to CIMPAR, S.C. (“Cimpar”) and its personnel to administer the COVID-19 vaccine (the “Vaccine”). I understand that the Vaccine is a two-part vaccine series. By signing this consent, I am agreeing that I will receive the first and second part of the Vaccine series. I understand that the common risks associated with the Vaccine include but are not limited to pain, redness or swelling at the site of injection, tiredness, headache, muscle pain, chills, joint pain, fever, nausea, feeling unwell or swollen lymph nodes (lymphadenopathy). I understand that the Vaccine may cause a severe allergic reaction which can include anaphylaxis (difficulty breathing, swelling of the face and throat, a fast heartbeat, a rash all over the body, dizziness and/or weakness). I understand that these may not be all the side effects of the Vaccine as the Vaccine is still being studied in clinical trials. I also understand that it is not possible to predict all possible side effects or complications which could be associated with the Vaccine. I understand that the long-term side effects or complications of the Vaccine are not known at this time. I have received and read or had explained to me the FDA’s Fact Sheet on the Vaccine. I also acknowledge that I have had a chance to ask questions and that such questions were answered to my satisfaction. Further, I acknowledge that I have been advised that I should remain near the vaccination location for observation for approximately 15 to 30 minutes after administration. I acknowledge that Cimpar and its affiliates, officers, directors, employees and agents expressly disclaim any responsibility for the Vaccine or its administration. My consent is given in light of this knowledge, and in consideration of Cimpar administering the Vaccine. I, for myself and my heirs, administrators, trustees, executors, assigns and successors in interest, hereby release and hold harmless Cimpar, its affiliates, successors, assigns, officers, trustees, employees, volunteers and agents from and against any and all demands, damages, losses, costs, expenses, obligations, liabilities, claims, actions and cause of action (whether any of which is groundless or otherwise) of any nature whatsoever (including, without limitation, reasonable attorney’s fees and court costs) by reason of or resulting, in any way, from any and all acts, accidents, events, occurrences, omissions and the like related to, or arising out of, directly or indirectly, my receipt of the Vaccine. CIMPAR MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE REGARDING THE VACCINE OR ITS EFFECTIVENESS. I understand that Cimpar will xxxx my insurance company for administering the Vaccine. I agree to supply such information as reasonably requested by Cimpar with respect to billing my insurance. By executing this Consent, I authorize Cimpar to disclose the fact that I will receive or have received the COVID-19 Vaccine to Chicago Public Schools (“CPS”). I understand that if Cimpar bills my insurance and CPS is also my health insurer, CPS’ health benefit plan will have access to my health information. I further understand and agree that Cimpar may be required to submit Vaccine administration data to the Illinois Comprehensive Automated Immunization Registry Exchange (I-CARE) and report moderate and severe adverse events following vaccination to the federal Vaccine Adverse Event Reporting System (VAERS). Name:
Appears in 1 contract
Samples: Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution Software and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution Software uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. .. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required ● In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized synchronized. Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution Software should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform. ● Documented security controls in place to protect sensitive and/or confidential information.
Appears in 1 contract
Samples: Software and Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.. ● Documented security controls in place to protect sensitive and/or confidential information. EXHIBIT D Informed Consent for COVID-19 Vaccine Administration (Non-CPS Student Form) I hereby give my consent to Prism Holistic Care, Ltd., d/b/a Prism Health Lab (“Prism”) and its personnel to administer the COVID-19 vaccine (the “Vaccine”). I understand that the Vaccine is a two-part vaccine series. By signing this consent, I am agreeing that I will receive the first and second part of the Vaccine series. I understand that the common risks associated with the Vaccine include but are not limited to pain, redness or swelling at the site of injection, tiredness, headache, muscle pain, chills, joint pain, fever, nausea, feeling unwell or swollen lymph nodes (lymphadenopathy). I understand that the Vaccine may cause a severe allergic reaction which can include anaphylaxis (difficulty breathing, swelling of the face and throat, a fast heartbeat, a rash all over the body, dizziness and/or weakness). I understand that these may not be all the side effects of the Vaccine as the Vaccine is still being studied in clinical trials. I also understand that it is not possible to predict all possible side effects or complications which could be associated with the Vaccine. I understand that the long-term side effects or complications of the Vaccine are not known at this time. I have received and read or had explained to me the FDA’s Fact Sheet on the Vaccine. I also acknowledge that I have had a chance to ask questions and that such questions were answered to my satisfaction. Further, I acknowledge that I have been advised that I should remain near the vaccination location for observation for approximately 15 to 30 minutes after administration. I acknowledge that Prism and its affiliates, officers, directors, employees and agents expressly disclaim any responsibility for the Vaccine or its administration. My consent is given in light of this knowledge, and in consideration of Prism administering the Vaccine. I, for myself and my heirs, administrators, trustees, executors, assigns and successors in interest, hereby release and hold harmless Prism, its affiliates, successors, assigns, officers, trustees, employees, volunteers and agents from and against any and all demands, damages, losses, costs, expenses, obligations, liabilities, claims, actions and cause of action (whether any of which is groundless or otherwise) of any nature whatsoever (including, without limitation, reasonable attorney’s fees and court costs) by reason of or resulting, in any way, from any and all acts, accidents, events, occurrences, omissions and the like related to, or arising out of, directly or indirectly, my receipt of the Vaccine. PRISM MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE REGARDING THE VACCINE OR ITS EFFECTIVENESS. I understand that Prism will xxxx my insurance company for administering the Vaccine. I agree to supply such information as reasonably requested by Prism with respect to billing my insurance. By executing this Consent, I authorize Prism to disclose the fact that I will receive or have received the COVID-19 Vaccine to Chicago Public Schools (“CPS”). I understand that if Prism bills my insurance and CPS is also my health insurer, CPS’ health benefit plan will have access to my health information. I further understand and agree that Prism may be required to submit Vaccine administration data to the Illinois Comprehensive Automated Immunization Registry Exchange (I-CARE) and report moderate and severe adverse events following vaccination to the federal Vaccine Adverse Event Reporting System (VAERS). Name: Signature: Date: EXHIBIT E Informed Student Consent for COVID-19 Vaccine Administration As the parent or guardian of the below named child, I understand that I am giving my child’s consent for Prism Holistic Care, Ltd., d/b/a Prism Health Lab (“Prism”) and its personnel to administer the COVID-19 vaccine, or other eligible COVID-19 vaccines authorized and recommended by the Centers for Disease Control and Prevention (“CDC”) (the “Vaccine”) to my child. I understand that the Vaccine is a two-part vaccine series. By signing this consent, I am agreeing that my child be administered the first and second part of the Vaccine series. I understand that the common risks associated with the Vaccine include but are not limited to pain, redness or swelling at the site of injection, tiredness, headache, muscle pain, chills, joint pain, fever, nausea, feeling unwell or swollen lymph nodes (lymphadenopathy). I understand that the Vaccine may cause a severe allergic reaction which can include anaphylaxis (difficulty breathing, swelling of the face and throat, a fast heartbeat, a rash all over the body, dizziness and/or weakness). I understand that these may not be all the side effects, including effects on minor children, of the Vaccine as the Vaccine is still being studied in clinical trials. I also understand that it is not possible to predict all possible side effects or complications which could be associated with the Vaccine. I understand that the long-term side effects or complications of the Vaccine are not known at this time. I have received and read or had explained to me the FDA’s Fact Sheet on the Vaccine (xxxxx://xxx.xxx.xxx/coronavirus/2019-ncov/vaccines/different-vaccines.html). I also acknowledge that I have had a chance to ask questions and that such questions were answered to my satisfaction. Further, I acknowledge that I have been advised that my child should remain near the vaccination location for observation for approximately 15 to 30 minutes after administration. I acknowledge that I have discussed all precautions and information with my child. I acknowledge that a licensed medical provider offering care, treatment, diagnosis, or advice without charge on behalf of CPS is not liable for civil damages resulting from his or her acts or omissions in providing such medical care, treatment, diagnosis, or advice except for willful or wanton misconduct. By signing below, I hereby release and hold harmless THE BOARD OF EDUCATION OF THE CITY OF CHICAGO, its members, trustees, agents, officers, contractors, volunteers and By employees (“CPS”) from any liability which may accrue to me or to my child, for any and all losses, injuries, damages to me or my child, both known and unknown, foreseen and unforeseen, arising in connection with my child receiving the Vaccine whether or not said losses, injuries, damages, or liabilities result in whole or part from the negligence from the negligence of Prism or CPS, its members, trustees, employees, officers, contractors, volunteers, agents, or representatives. I further acknowledge that Prism and its affiliates, officers, directors, employees, and agents expressly disclaim any responsibility for the Vaccine or its administration. My consent is given in light of this knowledge, and in consideration of Prism administering the Vaccine. I, for myself, my child, and my heirs, administrators, trustees, executors, assigns and successors in interest, hereby release and hold harmless Prism, its affiliates, successors, assigns, officers, trustees, employees, volunteers and agents from and against any and all demands, damages, losses, costs, expenses, obligations, liabilities, claims, actions and cause of action (whether any of which is groundless or otherwise) of any nature whatsoever (including, without limitation, reasonable attorney’s fees and court costs) by reason of or resulting, in any way, from any and all acts, accidents, events, occurrences, omissions and the like related to, or arising out of, directly or indirectly, my receipt of the Vaccine. PRISM MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING EXHIBIT E BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE REGARDING THE VACCINE OR ITS EFFECTIVENESS. I authorize Prism to use my child’s Medicaid, ALL KIDS number, or private health insurance for billing purposes only. I understand that if I fail to sign this Consent Form and Release of Liability, my child will not receive any services under this program including the Vaccine. I understand that Prism will xxxx my insurance company for administering the Vaccine. I agree to supply such information as reasonably requested by Prism with respect to billing my insurance. I further acknowledge and understand the following: COVID-19 vaccination providers cannot: ● Charge my child or me for a vaccine ● Charge my child or me directly for any administration fees, copays, or coinsurance ● Deny vaccination to anyone who does not have health insurance coverage, is underinsured, or is out of network ● Charge an office visit or other fee to the recipient if the only service provided is a COVID-19 vaccination ● Require additional services in order for a person to receive a COVID-19 vaccine; however, additional healthcare services can be provided at the same time and billed as appropriate
Appears in 1 contract
Samples: Services Agreement
Portability. It is critical that CPS be able to retrieve its data and applications from the solution and move it into different CPS environments, or directly to a new Solution at the expiration or termination of any applicable contract with the ProviderVendor. If the Solution uses proprietary software and formats to store customer data or applications, it may end up being very difficult to retrieve applications and data in a usable format; if this condition exists then Provider Vendor shall transform the data for CPS consumption. In addition, CPS may need to retrieve data to respond to a Freedom of Information Act (“FOIA”) request or otherwise uphold its legal obligations. Assessment results are only stored at an anonymized, aggregated level. Data Validation Integration of multiple datasets together can be fraught with difficulty, including inconsistent fields, missing datasets, and conflicting sets of information. The Provider Vendor solution will need rules to ensure referential integrity between datasets: ● Ensure that primary keys in one dataset are indeed unique, even compound primary keys ● Ensure that foreign keys in one file match the primary keys in another file ● Validation that all other fields are well formed, and cleaned as required In the data integration environment, it's also important that data issues can be quickly acted upon. Provider Vendor shall provide the following options: ● Automatic quarantining of data to ensure that invalid data is not ingested. Even if this is only part of a file, the invalid data is removed and the remainder quarantined ● Email alerts when data issues are identified so they can quickly be escalated us when jobs are not synchronized Data Management ● The Provider Vendor will not copy any CPS data to any media, including hard drives, flash drives, or other electronic devices, other than as expressly approved by CPS, unless the media are appropriately protected. ● Provider Vendor shall return or destroy all confidential information received from CPS, or created or received by Provider Vendor on behalf of CPS. ● In the event that Provider Vendor determines that returning or destroying the confidential information is infeasible, Provider Vendor shall notify CPS of the conditions that make return or destruction infeasible, but such plans will be approved by CPS. ● If CPS agrees that return or destruction of confidential information is infeasible; Provider Vendor shall extend the protections for such confidential information and limit further uses and disclosures of such confidential information. ● Return all data that is the property of CPS in an electronic format, via an online secure service, such as SFTP, or a shared storage facility security. ● The Solution should support the latest encryption and SSL in motion and at rest for PII (Personally identifiable information). ● Security practices regarding secure application development must be documented. ● Data exchanges with CPS shall be done in an automated fashion. Data Conversion and Validation The Provider Vendor must provide human resources to partner with the CPS Enterprise Data Team to document the proper conversion mapping and perform test validation for any/all bi-directional data exchanges, or any automation. Data Protection Data shall be protected with the latest backup technologies, and be backed up daily, with retention of no less than 30 days, and for the duration of the agreement. Protection techniques shall exist within the production and DR environments, where information is hosted and protected in the United States for student information. Identity and Access Management ● Must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain a security plan that complies with XXXX, XXX 00000 NIST,ISO 27000 series and CPS approved security policies. ● Report to the CIO of CPS within 24 hours of discovery of any security incidents that occur within solution / information systems that may affect CPS systems. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describes how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX, Google, Rapid ID, or other CPS approved SSO service platform.. ● Documented security controls in place to protect sensitive and/or confidential information. Exhibit E Scope of Data Collected This Scope of Data Collected (“Data Collected”) will be conducted pursuant to the terms and conditions of the Services Agreement ("Agreement") by and between the Board of Education of the City of Chicago, commonly known as the Chicago Public Schools (the “Board” or “CPS”), and Bio-Reference Laboratories, Inc (the “Vendor”). Defined terms used in this Scope will have the same meanings as those ascribed to such terms in the Agreement. If there is any conflict between this Scope of Data Collected and the Agreement, the Agreement shall govern and control
Appears in 1 contract
Samples: Services Agreement
