Laserfiche WebLink
ATTACHMENT A <br /> DATA SECURITY REQUIREMENTS <br /> DATA SECURITY REQUIREMENTS <br /> 1. Data Classification <br /> The classification of the Data shared is considered: <br /> ❑ Category 1 —Public Information <br /> ❑ Category 2—Sensitive Information <br /> ❑ Category 3—Confidential Information <br /> Z Category 4—Confidential Information Requiring Special Handling <br /> Data described in this Contract is assessed to be in the following data classification: <br /> "Category 4—Confidential Information Requiring Special Handling" as defined by Attachment A, Data Security <br /> Requirements. <br /> Confidential Information requiring special handling is information that is specifically protected from disclosure by <br /> law and for which: <br /> a. Especially strict handling requirements are dictated, such as by statutes, regulations, or this Contract. <br /> b. Serious consequences could arise from unauthorized disclosure, such as threats to health and safety, or <br /> legal sanctions. <br /> 2. Computer Security <br /> Licensee shall maintain the computers that access DOL Data by ensuring the operating system and software are <br /> updated and patched regularly, such that they remain secure from known vulnerabilities. Licensee further agrees <br /> that the computer device(s) are installed with an Anti-Virus solution and signatures updated frequently. <br /> 3. Access Security <br /> Access to the Data will be restricted to authorized Users by requiring a login using a unique User ID and complex <br /> password or other authentication mechanism which provides equal or greater security. Passwords must be <br /> changed on a periodic basis and the sharing of User ID and passwords is strictly prohibited. <br /> 4. Data Storage <br /> Licensee agrees that any and all DOL Data will be stored, processed, and maintained solely on designated <br /> computing equipment and that no DOL Data at any time will be processed on or transferred to any portable <br /> storage medium. <br /> 5. Data Transmission <br /> Licensee agrees that any and all electronic transmission or exchange of system and application data with DOL <br /> and/or any other parties expressly designated by DOL shall take place via secure means (e.g., HTTPS or SFTP). <br /> 6. Distribution of Data <br /> Licensee shall ensure no DOL Data of any kind shall be transmitted, exchanged, or otherwise passed to other <br /> Licensees/vendors or other parties except on a case-by-case basis as specifically agreed to in writing by DOL. <br /> Licensee further agrees not to provide screen prints outside their control. Any screen print must be destroyed as <br /> referenced in the Data Disposal section of these Data Security Requirements. <br /> 7. Data Disposal <br /> Unless otherwise specified in this Contract, Licensee agrees that upon termination of this Contract it shall erase, <br /> destroy, and render unrecoverable all DOL Data and certify in writing that these actions have been completed <br /> within thirty (30) days of the termination of this Contract or within seven (7) days of the request of DOL, whichever <br /> shall come first. At a minimum, media sanitization is to be performed according to the standards enumerated by <br /> NIST SP 800-88 Guidelines for Media Sanitization. <br /> K5881 Page 12 of 14 1/20/2017 <br />