Laserfiche WebLink
prevent access by non -authorized staff such as janitorial or facility security staff, when authorized <br />Contractor staff are not present to ensure that non -authorized staff cannot access it. <br />p. "Staff" means the Contractor's directors, officers, employees, and agents who provide goods or <br />services pursuant to this Contract. "Staff also means Subcontractors' directors, officers, <br />employees, and agents who provide goods or services on behalf of the Contractor. The term "Staff <br />also means the Subcontractors' directors, officers, employees, and agents who provide goods or <br />services on behalf of the Subcontractor and Contractor. <br />q. "Trusted Network" means a network operated and maintained by the Contractor, which includes <br />security controls sufficient to protect DCYF Data on that network. Controls would include a firewall <br />between any other networks, access control lists on networking devices such as routers and <br />switches, and other such mechanisms which protect the confidentiality, integrity, and availability of <br />the Data. <br />r. "Unique User ID" means a string of characters that identifies a specific user and which, in <br />conjunction with a password, passphrase or other mechanism, authenticates a user to an <br />information system. <br />2. Authority. <br />The security requirements described in this contract reflect the applicable requirements of Standard <br />141.10 (https:Hocio.wa.gov/policies) of the Office of the Chief Information Officer for the state of <br />Washington, and of the DCYF Information Security Policy and Standards Manual. <br />3. Scope of Protection <br />The requirements described in this Contract apply to Confidential Information and Data related to the <br />subject matter of this Contract that is delivered, received, used, shared, acquired, created, developed, <br />revised, modified, or amended by DCYF, the Contractor, or Subcontractors. <br />4. Data Classification <br />a. The Washington State Office of the Chief Information Officer (OCIO) has established policies that <br />classify data into categories based on the data's sensitivity. The categories described in Section 4 <br />of OCIO policy No. 141.10 are adopted and incorporated by reference in this Agreement. Pursuant <br />to Section 4 of OCIO policy No. 141.10 the categories are as follows: <br />(1) Category 1 —Public Information <br />Public information is information that can be or currently is released to the public. It does not <br />need protection from unauthorized disclosure, but does need integrity and availability protection <br />controls. <br />(2) Category 2 — Sensitive Information <br />Sensitive information may not be specifically protected from disclosure by lawand is for official <br />use only. Sensitive information is generally not released to the public unless specifically <br />requested. <br />(3) Category 3 — Confidential Information <br />Confidential information is information that is specifically protected from either release or <br />disclosure by law. This includes, but is not limited to: <br />Department of Children, Youth & Families <br />2017CF County Pro gram Agreement 6-24-20 Page 17 <br />