Laserfiche WebLink
EDD Agreement Number. M0113589 <br />EDD/SAPD <br />Customer Codes: E00663 <br />Page 3 of 3 <br />EXHIBIT D <br />(Standard Agreement) <br />c. Disclosure of any of the EDD information to any person or entity not specifically authorized in this <br />Agreement is strictly prohibited. Personnel assigned to work with the EDD's confidential information <br />shall not reveal or divulge to any person or entity any of the confidential information provided under this <br />Agreement except as authorized or required by law. <br />IV. PHYSICAL SAFEGUARDS <br />a. Take precautions to ensure that only authorized personnel are given access to physical, electronic and <br />on-line files. Store electronic and hard copy information in a place physically secure from access by <br />unauthorized persons. Process and store information in electronic format, such as magnetic tapes or <br />discs, in such a way that unauthorized persons cannot retrieve the information by means of computer, <br />remote terminal, or other means. <br />b. Secure and maintain any computer systems (network, hardware, and software applications) that will be <br />used in the performance of this Agreement. This includes ensuring that all security patches, upgrades, <br />and anti -virus updates are applied as appropriate to secure data that may be used, transmitted, or <br />stored on such systems in the performance of this Agreement. <br />c. Store all the EDD's confidential documents in a physically secure manner at all times to prevent <br />unauthorized access. <br />d. Store the EDD's confidential electronic records in a secure central computer facility. Where in -use on a <br />shared computer system or any shared data storage system, ensure appropriate information security <br />protections are in place. SAPD shall ensure that appropriate security access controls, storage <br />protections and use restrictions are in place to keep the confidential information in the strictest <br />confidence and shall make the information available to Its own personnel on a "need -to -know" basis <br />only. <br />e. Store the EDD's confidential data in encrypted format when recorded on removable electronic storage <br />media, or on mobile computing devices, such as a laptop computer. <br />f. Maintain an audit trail and record data access of authorized users and authorization level of access <br />granted to the EDD's data, based on job function. <br />g. Direct all personnel permitted to use the EDD's data to avoid leaving the data displayed on their <br />computer screens where unauthorized users may view it. Personnel should retrieve computer printouts <br />as soon as they are generated so that the EDD's data is not left unattended in printers where <br />unauthorized personnel may access them. <br />h. Dispose of confidential Information obtained from the EDD, and any copies thereof made by SAPID, <br />after the purpose for which the confidential information is disclosed is served. Disposal means return of <br />the confidential information to the EDD or destruction of the information utilizing an approved method of <br />confidential destruction, which includes electronic deletion (following Department of Defense <br />specifications) shredding, burning, or certified or witnessed destruction. <br />Confidentiality Requirements STD. (Rev 03/08/20161 <br />