Laserfiche WebLink
Agency DSA 22-01 <br />DSA Agreement between Agency and SAO <br />Agency DSA: 22-01 <br />4.JUSTIFICATION FOR DATA SHARING <br />SAO is the auditor of all public accounts in Washington State. SAO’s authority is broad and <br />includes both explicit and implicit powers to review records, including confidential records, <br />during the course of an audit or investigation. <br />5.DESCRIPTION OF DATA TO BE SHARED <br />The data to be shared includes information and data related to audit results, financial activity, <br />operation and compliance with contractual, state and federal programs, security of computer <br />systems, performance and accountability for agency programs as applicable to the audit(s) <br />performed. Specific data requests will be limited to information needed for SAO audits, <br />investigations and related statutory authorities as identified through auditor requests. <br />6.DATA TRANSMISSION <br />Transmission of data between Agency and SAO will use a secure method that is commensurate to <br />the sensitivity of the data being transmitted. <br />7.DATA STORAGE AND HANDLING REQUIREMENTS <br />Agency and SAO will notify each other if they are providing confidential data. All confidential <br />data provided by Agency will be stored with access limited to the least number of SAO staff <br />needed to complete the purpose of the DSA. <br />8.INTENDED USE OF DATA <br />The Office of the Washington State Auditor will utilize this data in support of their audits , <br />investigations, and related statutory responsibilities as described in RCW 43.09 and 42.40. <br />9.CONSTRAINTS ON USE OF DATA <br />The Office of the Washington State Auditor agrees to strictly limit use of information obtained <br />under this Agreement to the purpose of carrying out our audits, investigations and related <br />statutory responsibilities as described in RCW 43.09 and 42.40. <br />10.SECURITY OF DATA <br />SAO shall take due care and take reasonable precautions to protect Agency’s data from <br />unauthorized physical and electronic access. SAO complies with the requirements of the OCIO <br />141.10 policies and standards for data security and access controls to ensure the confidentiality, <br />and integrity of all data shared. <br />11.NON-DISCLOSURE OF DATA <br />SAO staff shall not disclose, in whole or in part, the confidential data provided by Agency to any <br />individual or agency, unless this Agreement specifically authorizes the disclosure. Confidential <br />data may be disclosed only to persons and entities that have the need to use the data to achieve <br />the stated purposes of this Agreement. In the event of a public disclosure request for the <br />Agency's Confidential data, SAO will notify the Agency <br />a.SAO shall not access or use the data for any commercial or personal purpose. <br />b.Any exceptions to these limitations must be approved in writing by Agency. <br />c.The SAO shall ensure that all staff with access to the data described in this Agreement <br />are aware of the use and disclosure requirements of this Agreement and will advise new <br />staff of the provisions of this Agreement.