Laserfiche WebLink
Special Terms and Conditions <br />authentication mechanisms which provide equal or greater security, such as biometrics or smart <br />cards. Data on disks mounted to such servers must be located in an area which is accessible only <br />to authorized personnel, with access controlled through use of a key, card key, combination lock, or <br />comparable mechanism. <br />For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as <br />long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above <br />paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be <br />deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. <br />c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS <br />on optical discs which will be used in local workstation optical disc drives and which will not be <br />transported out of a Secure Area. When not in use for the contracted purpose, such discs must be <br />Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located <br />in an area which is accessible only to authorized personnel, with access controlled through use of a <br />key, card key, combination lock, or comparable mechanism. <br />d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by <br />DSHS on optical discs which will be attached to network servers and which will not be transported <br />out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through <br />the use of access control lists which will grant access only after the Authorized User has <br />authenticated to the network using a Unique User ID and Hardened Password or other <br />authentication mechanisms which provide equal or greater security, such as biometrics or smart <br />cards. Data on discs attached to such servers must be located in an area which is accessible only <br />to authorized personnel, with access controlled through use of a key, card key, combination lock, or <br />comparable mechanism. <br />e. Paper documents. Any paper records must be protected by storing the records in a Secure Area <br />which is only accessible to authorized personnel. When not in use, such records must be stored in <br />a Secure Area. <br />Remote Access. Access to and use of the Data over the State Governmental Network (SGN) or <br />Secure Access Washington (SAW) will be controlled by DSHS staff who will issue authentication <br />credentials (e.g. a Unique User ID and Hardened Password) to Authorized Users on Contractor's <br />staff. Contractor will notify DSHS staff immediately whenever an Authorized User in possession of <br />such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an <br />Authorized User's duties change such that the Authorized User no longer requires access to <br />perform work for this Contract. <br />g. Data storage on portable devices or media. <br />(1) Except where otherwise specified herein, DSHS Data shall not be stored by the Contractor on <br />portable devices or media unless specifically authorized within the terms and conditions of the <br />Contract. If so authorized, the Data shall be given the following protections: <br />(a) Encrypt the Data. <br />(b) Control access to devices with a Unique User ID and Hardened Password or stronger <br />authentication method such as a physical token or biometrics. <br />(c) Manually lock devices whenever they are left unattended and set devices to lock <br />automatically after a period of inactivity, if this feature is available. Maximum period of <br />inactivity is 20 minutes. <br />DSHS Central Contract Services <br />6017CF County Program Agreement (10-31-2017) Page 21 <br />