Laserfiche WebLink
applicable federal, state and local laws, rules, and regulations. At a minimum, <br />Agency's safeguards for the protection of Confidential Information shall <br />include: <br />i. limiting access of Confidential Information to authorized employees; <br />ii. maintaining an adequate network firewall; <br />iii, securing business facilities, data centers, paper files, servers, backup <br />systems, and computing equipment, including but not limited to devices <br />with information storage capability; <br />iv, implementing secure storage and disposal of Confidential Information; <br />v. implementing authentication, and access controls within operating <br />systems and equipment; and <br />vi. implementing appropriate personnel security and integrity procedures <br />and practices, including conducting background checks consistent with <br />applicable law and providing appropriate privacy and information <br />security training to Agency employees. <br />5. Audits. NICB may issue a security assessment questionnaire and conduct <br />independent onsite security assessments of Agency related to Agency's compliance <br />this Agreement. For any onsite inspection, NICB will provide at least 30 days prior <br />written notice. Such assessments shall not occur more than once per calendar year, at <br />a time that minimizes operational interruptions to Agency. Agency's failure to <br />adequately respond in a timely manner to a security assessment questionnaire, timely <br />submit to an onsite inspection, or timely or adequately, in NICB's sole determination, <br />remedy any compliance or security concern raised by NICB, may result in immediate <br />suspension of Agency's ISO C1aimSearch access pursuant to Section 10 of the MOU. <br />6. Security Breach <br />A. Notification. Agency shall promptly, but in no case later than 48 hours, notify <br />NICB of any confirmed or based on a good faith determination by NICB or <br />Agency there is a significant risk to Confidential Information unauthorized or <br />improper access to or use or disclosure of Confidential Information while in the <br />possession or control of Agency, its Administrator or its Designees ("Security <br />Breach"). <br />B. Mitigation and Cooperation. Agency shall promptly implement steps to <br />remediate and mitigate the effects of any Security Breach. Agency shall <br />cooperate with reasonable requests for information from NICB or its <br />representatives regarding the Security Breach. To the extent possible, Agency <br />shall promptly provide a written description of the number of individuals' data <br />involved, the location (i.e., State) of the individuals, the amount of data <br />involved, the type of data involved and any other relevant information <br />