Laserfiche WebLink
<br /> <br />7. Electronic Data Transmission <br />Licensee shall maintain secure means (e.g., HTTPS or SFTP) for the electronic transmission or <br />exchange of system and application data with DOL or any other authorized Licensee. <br /> <br />8. Data Encryption <br />Licensee shall encrypt all Data that is defined as Confidential Information, whether in transit or at <br />rest, by using only NIST or ISO approved encryption algorithms; this includes all back- up copies of <br />Data. Licensee further must install any laptop/notebook computing device, processing Data, with <br />end-point encryption (i.e., full disk encryption). <br /> <br />9. Distribution of Data <br />Licensee may only use and exchange Confidential Information for the purposes as expressly <br />described and allowed in this Agreement. In addition to any other restrictions on Permissible Use, <br />Confidential Information may not be distributed, repurposed or shared across other applications, <br />environments, or business units of Licensee. Licensee must assure that no Confidential Information <br />of any kind is transmitted, exchanged or otherwise passed to other contractors/vendors or interested <br />parties except Licensee and/or Subrecipients who have an authorized legal Permissible Use <br />according to this Agreement, and who are under contract with the Licensee. <br /> <br />10. Data Disposal <br />Unless a more immediate disposal requirement is set forth in this Agreement, Licensee, upon <br />termination of this Agreement, shall erase, destroy, and render unrecoverable all DOL Confidential <br />Information and certify in writing that these actions have been completed within thirty (30) days of the <br />termination of this Agreement. At a minimum, media sanitization is to be performed according to the <br />standards enumerated by NIST SP 800-88r1 Guidelines for Media Sanitization. <br />If Confidential Information, whether on its own or as comingled with other data, is subject to state or <br />federal retention periods, or other legally required purposes, including without limitation class action <br />settlements, such Confidential Information may be retained for the added necessary period. <br />Additionally, if Licensee needs to retain Confidential Information for other commercially required <br />purposes, Licensee may retain the Confidential Information while it seeks approval from DOL to <br />retain the Confidential Information for a longer period, which will not be unreasonably withheld by <br />DOL. For all retained Confidential Information, Licensee shall abide by all Data Security <br />requirements, audit requirements, and Permissible Use requirements stated in this Agreement; such <br />requirements hereby expressly survive the termination of this Agreement for that period. <br /> <br />11. Offshoring <br />Licensee must maintain the primary, backup, disaster recovery and other sites for storage of <br />Confidential Information only from locations in the United States. <br />Licensee may not commit the following unless it has advance written approval from DOL: <br />a) Directly or indirectly (including through Subrecipients) transmit any Confidential <br />Information outside the United States; or <br />b) Allow any Confidential Information to be accessed by Subrecipients from <br />locations outside of the United States. <br /> <br /> <br />If the Confidential Information is to be physically stored, processed, or distributed, Licensee shall <br />apply the following requirements: <br />12. Hardcopy Storage <br />To prevent unauthorized access to printed information obtained under this Agreement, and loss of, or <br />unauthorized access to this information, printed copies must be stored in locked containers or <br />storage areas, e.g. cabinets or vaults. Hard copy documents must never be unattended or in areas <br />accessible to the public, especially after business hours.