Laserfiche WebLink
Special Terms and Conditions <br />(2) Data will not be stored on an Enterprise Cloud storage soluiion unless either: <br />(a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to <br />all of the requirements within this exhibit; or, <br />(b) The Cloud storage solution used is FedRAMP certified. <br />(3) lf the Data includes protected health information covered by the Health lnsurance Portability and <br />Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior <br />io Data being stored in their Cloud solution. <br />6.System Protection. To prevent compromise of systems which contain DSHS Data or through which <br />that Data passes: <br />a. Systems containing DSHS Data must have all security patches or hotfixes applied within 3 months <br />of being made available. <br />b. The Contractor will have a method of ensuring that the requisite patches and hotfixes have been <br />applied wiihin the required timeframes. <br />c. Systems containing DSHS Data shall have an Anti-Malware application, if available, installed. <br />d Anti-Malware software shall be kept up to date. The product, its anti-virus engine, and any malware <br />database the system uses, will be no more than one update behind current. <br />7. Data Segregation <br />DSHS Data must be segregated or otheru,rise distinguishable from non-DSHS data. This is to <br />ensure that when no longer needed by the Contractor, all DSHS Data can be ideniified for return or <br />destruction. lt also aids in determining whether DSHS Data has or may have been compromised in <br />the event of a security breach. As such, one or more of the following methods will be used for data <br />segregation. <br />(1) DSHS Data will be kept on media (e.9. hard disk, optical disc, tape, etc.) which will contain no <br />non-DSHS Data. And/or, <br />(2) DSHS Data will be stored in a logical container on electronic media, such as a partition or folder <br />dedicated to DSHS Data. And/or, <br />(3) DSHS Data will be stored in a database which will contain no non-DSHS data. And/or, <br />(4) DSHS Data will be stored within a database and witl be distinguishable from non-DSHS data by <br />the value of a specific fleld or fields within database records. <br />(5) When stored as physical paper documents, DSHS Data will be physically segregated from non- <br />DSHS data in a drawer, folder, or other container. <br />b. When it is not feasible or practical to segregate DSHS Data from non-DSHS data, then both the <br />DSHS Data and the non-DSHS data wiih which it is commingled must be protected as described in <br />this exhibit. <br />8. Data Disposition. When the contracted work has been completed orwhen the Data is no longer <br />needed, except as noted above in Section 5.b, Data shall be returned to DSHS or destroyed. Media on <br />which Data may be stored and associated acceptable methods of destruction are as follows: <br />0SHS Central Contracl Senrices <br />801 7CF County Program Agreemeni (lO-31'2A17j Paqe j5 <br />a