Laserfiche WebLink
Docusign Envelope ID: 72A91 B3B-BEA1-46FE-ACDD-146571 BB7804 <br />EXHIBIT 2 <br />a. Conduct periodic privacy and security reviews of work activity by Contractor Staff, <br />including random sampling of work product. Examples include, but are not limited to, <br />access to case files or other activities related to the handling of PII. <br />b. The periodic privacy and security reviews must be performed or overseen by <br />management level personnel who are knowledgeable and experienced in the areas of <br />privacy and information security in the administration of their program, and the use or <br />disclosure of PII. <br />5. INFORMATION SECURITY AND PRIVACY STAFFING <br />The Contractor agrees to: <br />a. Designate information security and privacy officials who are accountable for compliance <br />with these and all other applicable requirements stated in this Agreement. <br />b. Provide County with applicable contact information for these designated individuals. Any <br />changes to this information should be reported to County within ten (10) days. <br />c. Assign staff to be responsible for administration and monitoring of all security related <br />controls stated in this Agreement. <br />6. PHYSICAL SECURITY <br />The Contractor shall ensure PII is used and stored in an area that is physically safe from access <br />by unauthorized persons at all times. The Contractor agrees to safeguard PII from loss, theft, <br />or inadvertent disclosure and, therefore, agrees to: <br />a. Secure all areas of the Contractor's facilities where Contractor Staff assist in the <br />administration of their program and use, disclose, or store PII. <br />b. These areas shall be restricted to only allow access to authorized individuals by using one <br />or more of the following: <br />L Properly coded key cards <br />ii. Authorized door keys <br />iii. Official identification <br />4 <br />City Council 7 — 120 7/15/2025 <br />