Laserfiche WebLink
<br /> <br />Attachment C - Subrecipient Requirements <br /> <br />2. CONTRACT WITH SUBRECIPIENT <br />Prior to Licensee providing any Confidential Information directly to a Subrecipient, Licensee must <br />have a written contract with the Subrecipient. The contract must minimally contain the following or <br />substantially similar provisions, which must be equal in effect against the Subrecipient as DOL has <br />applied them against the Licensee. <br /> <br />Direct Subrecipients, and subsequent entities passing Confidential Information through to other <br />Subrecipients, must have a written contract. The contract must minimally contain the items under this <br />Attachment or substantially similar provisions, which must be equal in effect against each <br />Subrecipient as DOL has applied them against the Licensee. <br /> <br />Any Subrecipient contract that does not carry forward the required terms and conditions, or <br />substantially similar, of this Agreement lacks the inherent authority to grant the Subrecipient access <br />to any Confidential Information. If access to Confidential Information is provided to a Subrecipient <br />without such proper authority, it is a violation of the conditions of this Agreement. <br />a) All Data Security and Permissible Use terms, conditions and requirements set forth in <br />Attachments A – Data Licensing Statement, B – Data Security Requirements, and D – <br />Permissible Use Requirements, of this Agreement. Permissible Use(s) available to the <br />Subrecipient are limited to the Permissible Uses available to the Licensee in Attachment A – <br />Data Licensing Statement, of this Agreement. <br />b) All Security Breach Notification and Non-Conforming Permissible Use Notification requirements <br />included in Section 10, Data Security Breach and Misuse Notification, of this Agreement. <br />c) All records access, inspections, Driver Privacy Protection Act (DPPA), and records maintenance <br />requirements included in Section 34, Records Access, Inspection, and DPPA, of this Agreement. <br />d) All allowances granting DOL, or DOL’s agent, the right to access, investigate, and audit records <br />related to any Data provided under this Agreement. Such access must be afforded to DOL and <br />the Parties will work in good faith to determine if information should be withheld on the basis of <br />privilege or confidentiality. <br />e) All audit and annual certification requirements in Section 16, Audits, and Section 17, Annual <br />Internal Assessment, of this Agreement. <br />f) Subrecipient to provide DOL with access to its product at no cost to DOL, in cooperation with <br />Licensee when DOL has cause to request access. <br /> <br />3. SUBRECIPIENT DISQUALIFICATION <br />If Licensee discovers that DOL has disqualified a Subrecipient from receiving Confidential Information, <br />Licensee must immediately terminate and prevent the Subrecipient’s access to Confidential Information. <br /> <br />4. SUBRECIPIENT TRACKING <br />a) Licensee must provide DOL with a complete list of all Subrecipients within ten (10) days of <br />request. This information may be marked as being privileged or confidential, but may not be <br />withheld from DOL on such basis. The list must be provided in Excel format, or other format <br />approved by DOL without redactions. <br />b) For each request for DOL Data, Licensee must provide information identifying the Subrecipient <br />for whom the request was made. <br /> <br />5. GUIDANCE ON COMPLIANCE <br />a) Licensee must audit Subrecipients for compliance with Data Security and Permissible Use <br />requirements at least once in a three-year period. Licensee may accept current third-party audits. <br />b) Licensee is responsible to obtain annual attestations of compliance from direct Subrecipients. <br />