My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
SHJ26-007 DOC 1 FOR 1 COMPACT - PARTIALLY EXECUTED
>
Meetings
>
2026
>
07. July
>
2026-07-21 10:00 AM - Commissioners' Agenda
>
SHJ26-007 DOC 1 FOR 1 COMPACT - PARTIALLY EXECUTED
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/16/2026 12:45:58 PM
Creation date
7/16/2026 12:43:00 PM
Metadata
Fields
Template:
Meeting
Date
7/21/2026
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Item
Request to Approve a Resolution Authorizing Execution of the Agreement between the Washington State Department of Corrections and Kittitas County
Order
9
Placement
Consent Agenda
Row ID
146685
Type
Contract
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
30
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
ATTACHMENT A <br />HIPAA AND DATA SECURITY REQUIREMENTS <br />e. The architecture must provide continuous monitoring of both internal and external <br />activity for anomalies and identify, report, and defend against security intrusions before <br />data is compromised. <br />f. Contractor shall conduct penetration tests at least once every 24 months, system <br />vulnerability assessments at least monthly, and application vulnerability assessments <br />prior to the production release of any changes to source code. <br />g. Contractor has implemented application/system development practices consistent <br />with the current version of NIST SP800-64 for low to moderate impact systems, and <br />warrants the software does not contain any of the Open Web Application Security <br />project (OWASP) top 10 vulnerabilities - https://www.owasp.org/index.php/Main Page <br />h. Contractor has a practice of systematic collection, monitoring, alerting, maintenance, <br />retention, and disposal of security event logs and application audit trails. Logs and <br />audit trails are written to an area inaccessible to system users and are protected from <br />editing. At a minimum the logs and audit trails will provide historical details on all <br />transactions within the system that are necessary to reconstruct activities. Including <br />recording; type of event, date, time, account identification and machine identifiers for <br />each logged transaction. Audit and log files can be analyzed by type in order to find <br />emerging issues or trends. Contractor has settings triggering an immediate notification <br />to appropriate system administrators for severe incidents. Logs are secured against <br />unauthorized changes. At a minimum, logs must be retained for a period of 6 months. <br />Data Segregation. <br />a. DOC Data must be segregated or otherwise distinguishable from non-DOC data. This <br />is to ensure that when no longer needed by the Contractor, all DOC Data can be <br />identified for return or destruction. It also aids in determining whether DOC Data has <br />or may have been compromised in the event of a security breach. As such, one or <br />more of the following methods will be used for data segregation. <br />(1) DOC Data will be kept on media (e.g. hard disk, optical disc, tape, etc.) which will <br />contain no non-DOC Data. And/or, <br />(2) DOC Data will be stored in a logical container on electronic media, such as a <br />partition or folder dedicated to DOC Data. And/or, <br />(3) DOC Data will be stored in a database which will contain no non-DOC data. And/or, <br />(4) DOC Data will be stored within a database and will be distinguishable from non- <br />DOC data by the value of a specific field or fields within database records. <br />(5) When stored as physical paper documents, DOC Data will be physically <br />segregated from non-DOC data in a drawer, folder, or other container. <br />b. When it is not feasible or practical to segregate DOC Data from non-DOC data, then <br />both the DOC Data and the non-DOC data with which it is commingled must be <br />protected as described in this exhibit. <br />Washington State K14078 Page 17 of 14 <br />Department of Corrections Attachment A 26iZAD <br />
The URL can be used to link to this page
Your browser does not support the video tag.