Laserfiche WebLink
ATTACHMENT A <br />HIPAA AND DATA SECURITY REQUIREMENTS <br />penetration tests, and confirm compliance with the security requirements herein. The audit <br />should include any specific data center facility where the service is deployed, and all <br />failover facilities unless those facilities provide their own SOC 2 Type 2 audit. <br />12. Disaster Recovery. Contractor shall document, test and maintain a disaster recovery plan <br />including an alternate facility to assure the system/service is recovered within 24 hours of <br />a force majeure event. The recovery plan must protect against more than 24 hours of DOC <br />data being lost. <br />12. Insurance Requirements. If this agreement involves the Contractor collecting, storing, <br />creating, altering, processing, transmitting, routing, or handling any DOC Category 3 or <br />Category 4 data, then Contractor shall obtain and maintain for the duration of the <br />Agreement, at Contractor's expense, the following insurance coverages which the parties <br />agree are unaffected by any limitation of liability language within this Agreement. <br />a. Technology Professional Liability (errors and omissions) <br />The Contractor shall maintain Technology Professional Liability (errors and <br />omissions) insurance, to include coverage of claims involving infringement of <br />intellectual property. This shall include but is not limited to infringement of <br />copyright, trademark, trade dress, invasion of privacy violations, information theft, <br />damage to or destruction of electronic information, release of private information, <br />alteration of electronic information, extortion, network security, regulatory defense <br />(including fines and penalties), and notification costs. The coverage limits must be <br />at least $1,000,000 per covered claim without sublimit, and $2,000,000 annual <br />aggregate. <br />b. Crime and Employee Dishonesty <br />The Contractor shall maintain Employee Dishonesty and (when applicable) <br />Inside/Outside Money and Securities coverages for property owned by the State <br />of Washington in the care, custody, and control of Contractor, to include electronic <br />theft and fraud protection. The coverage limits must be at least $1,000,000 per <br />covered claim without sublimit, $2,000,000 annual aggregate. <br />c. Cyber Risk Liability Insurance <br />The Contractor shall maintain coverage for Cyber Risk Liability, including <br />information theft, computer and data loss replacement or restoration, release of <br />private information, alteration of electronic information, notification costs, credit <br />monitoring, forensic investigation, Cyber extortion, crises management, public <br />relations expenses, regulatory defense (including fines and penalties), network <br />security, and liability to third parties from failure(s) of contractor to handle, manage, <br />store, and control personally identifiable information belonging to others. The <br />policy must include full prior acts coverage. The coverage limits must be at least <br />$1,000,000 per covered claim without sublimit, $2,000,000 annual aggregate. <br />Washington State K14078 Page 19 of 19 <br />Department of Corrections Attachment A 26RAD <br />