Laserfiche WebLink
Special Terms and Conditions <br />(2) When being transported outside of a Secure Area, Portable Devices and Portable Media with <br />DSHS Confidential lnformation must be under the physical control of Contractor staff with <br />authorization to access the Data, even if the Data is encrypted. <br />h. Data stored for backup purposes. <br />(1) DSHS Confidential lnformation may be stored on Portable Media as part of a Contractor's <br />existing, documented backup process for business continuity or disaster recovery purposes. <br />Such storage is authorized until such time as that media would be reused during the course of <br />normal backup operations. lf backup media is retired while DSHS Confidential lnformation still <br />exists upon it, such media will be destroyed at that time in accordance with the disposition <br />requirements below in Section 8 Data Disposition. <br />(2) Data may be stored on non-portable media (e.9. Storage Area Network drives, virtual media, <br />etc.) as part of a Contractor's existing, documented backup process for business continuity or <br />disaster recovery purposes. lf so, such media will be protected as otheruvise described in this <br />exhibit. lf this media is retired while DSHS Confidential lnformation still exists upon it, the data <br />will be destroyed at that time in accordance with the disposition requirements below in Section 8 <br />Data Disposition <br />Cloud storage. DSHS Confidential Information requires protections equal to or greater than those <br />specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DSHS nor <br />the Contractor has control of the environment in which the Data is stored. For this reason: <br />(1) DSHS Data will not be stored in any consumer grade Cloud solution, unless all of the following <br />conditions are met: <br />(a) Contractor has written procedures in place governing use of the Cloud storage and <br />Contractor attest to the contact listed in the contract and keep a copy of that attestation for <br />your records in writing that all such procedures will be uniformly followed. <br />(b)The Data will be Encrypted while within the Contractor network. <br />(c) The Data will remain Encrypted during transmission to the Cloud. <br />(d) The Data will remain Encrypted at all times while residing within the Cloud storage solution <br />(e) The Contractor will possess a decryption key for the Data, and the decryption key will be <br />possessed only by the Contractor. <br />(0 The Data will not be downloaded to non-authorized systems, meaning systems that are not <br />on the contractor network <br />(g) The Data will not be decrypted until downloaded onto a computer within the control of an <br />Authorized User and within either the DSHS or Contractor's network. <br />(2) Data will not be stored on an Enterprise Cloud storage solution unless either: <br />(a) The Cloud storage provider is treated as any oiher Sub-Contractor, and agrees in writing to <br />all of the requirements within this exhibit; or, <br />(b) The Cloud storage solution used is HIPAA compliant. <br />DSHS Central Contract Services <br />1 769CS County Agreement (05-06-2025) <br />Page 24