Laserfiche WebLink
Special Terms and Conditions <br />(2) When being transported outs de of a Secure Area, Portable Devices and Portable Media with <br />DSHS Confidential Informaticn must be under the physical control of Contractor staff with <br />authorization to access the Data, even if the Data is encypted. <br />h, Data stored for backup purposes. <br />(1) DSHS Confidential Information may be stored on Portable Media as part of a Contractor's <br />existing, documented backup process fcr business continuity or disaster recovery purposes. <br />Such storage is authorized until such time as that media would be reused during the course of <br />normal backup operations. It backup media is retired while DSHS Confidential Information still <br />exists upon it, such media wi I be destroyed at that time in accordance with the disposition <br />requirements below in Section 8 Data D sposition. <br />(2) Data may be stored on non-Fortable media (e.g. Storage Area Network drives, virtual media, <br />etc.) as part of a Contractor's existing, documented backup process for business continuity or <br />disaster recov. iy purposes. If so, such media will be protected as otherwise described in this <br />exhibit. If this media is retired while DSHS Confidential Information still exists upon it, the data <br />will be destroyed at that time in accordance with the disposition requirements below in Section 8 <br />Data Disposition <br />1. Cloud storage. DSHS Confidertial Information requires protections equal to or greater than those <br />specified elsewhere within this exhibit. Cloud storage of Data is p-oblematic as neither DSHS nor <br />the Contractor has control of the environme-it in which the Data is stored. For this reason: <br />(1) DSHS Data will not be storec in any consumer grade Cloud solution, unless all of the following <br />conditions are met: <br />(a) Contractor has written procedures ir i cic: governing use of the Cloud storage and <br />Contractor attest to the contact listed m [he contract and keep a copy of that attestation for <br />your records in writing that all such procedures will t:e uniformly followed. <br />(b)The Data will be Encrypted while within the Contractor network. <br />(c) The Data will remain Encrypted during transmiss on to the Cloud. <br />(d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. <br />(e) The Contractor will possess a decryption key for the Data. and the decryption key will be <br />possessed only by the Contractor. <br />M The Data will not be downloaded to -ion-authorized systems, meaning systems that are not <br />on the contractor network <br />(g) The Data will not be decrypted until downloaded onto a computer within the control of an <br />Authorized User and within either the DSHS or Contractor's network. <br />(2) Data will not be stored on an Enterprise Cloud storage s.oluticn unless either: <br />(a) The Cloud storage provicer is treated as any other Sub -Contractor, and agrees in writing to <br />all of the requirements within this exhibit; or, <br />(b) The Cloud storage solution used is HIPAA comp iant. <br />DSHS Central Contract Services <br />Page 24 <br />1769CS County Agreement 05-16-2023 <br />