My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt19 County of San Mateo
RedwoodCity
>
City Clerk
>
Agreements
>
2010-2019
>
2019
>
Agmt19 County of San Mateo
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/15/2019 8:53:26 AM
Creation date
7/15/2019 8:53:14 AM
Metadata
Fields
Template:
Agreement
Contractor Name
County of San Mateo
PROJECT NAME
Information and Referral services at FOCC
RMP File Number
304
Date
6/26/2019
MO Ref
19-114
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
14
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
j. Contractor shall ensure that there are security guards or a monitored <br />alarm system at all times at Contractor's facilities and leased facilities <br />where five hundred (500) or more individually identifiable records of PH is <br />used, disclosed, or stored. Video surveillance systems are recommended. <br />k. Contractor shall ensure that data centers with servers, data storage <br />devices, and/or critical network infrastructure involved in the use, storage, <br />and/or processing of PII have perimeter security and physical access <br />controls that limit access to only those authorized by this Agreement. <br />Visitors to any Contractor data centers area storing PI as a result of <br />administration of a County program must be escorted at all times by <br />authorized Contractor's staff. <br />I. Contractor shall have policies that include, based on applicable risk <br />factors, a description of the circumstances under which Contractor staff <br />can transport Pit, as well as the physical security requirements during <br />transport. <br />m. Contractor shall ensure that any PII stored in a vehicle shall be in a non- <br />visible area such as a trunk, that the vehicle is locked, and under no <br />circumstances permit PII be left unattended in a vehicle overnight or for <br />other extended periods of time. <br />n. Contractor shall ensure that PI shall not be left unattended at any time in <br />airplanes, buses, trains, etc., including baggage areas. This should be <br />included in training due to the nature of the risk. <br />o. Contractor shall ensure that all workstations and laptops, which use, store <br />and/or process Pit, must be encrypted using a FIPS 140-2 certified <br />algorithm 128 bit or higher, such as Advanced Encryption Standard (AES). <br />The encryption solution must be full disk. It is encouraged, when available <br />and when feasible, that the encryption be 256 bit. <br />p. Contractor shall ensure that servers containing unencrypted PH must have <br />sufficient administrative, physical, and technical controls in place to protect <br />that data, based upon a risk assessment/system security review. It is <br />recommended to follow the guidelines documented in the latest revision of <br />the National Institute of Standards and Technology (NIST) Special <br />Publication (SP) 800-53, Security and Privacy Controls for Federal <br />Information Systems and Organizations. <br />q. Contractor agrees that only the minimum necessary amount of Pit <br />required to perform required business functions will be accessed, copied, <br />downloaded, or exported. <br />Template Version Date—August 26, 2016 <br />Page 8 <br />
The URL can be used to link to this page
Your browser does not support the video tag.