Requirement to Protect LEVEL ONE SITES INC.
Personally Identifiable Confidential information
- In performing this Agreement, the Service Provider will receive, obtain on their own, maintain, process or otherwise will have access to personally identifiable confidential information on customers, employees and other people associated with LEVEL ONE SITES INC. (Covered Data). “Personally identifiable confidential information” is defined as “Personally identifiable information about LEVELONESITES INC. people including SSN and any other nonpublic information as well as information not listed as directory information and any other information about an individual that has been marked as private by that individual.”
- The Service Provider shall:
- Limit access to Covered Data to those employees of the Service Provider with a specific business need to know.
- Obtain written approval from LEVEL ONE SITES INC. prior to sharing Covered Data with anyone not a direct employee or contractor of the Service Provider for any purpose other than as required by law, in which case LEVEL ONE SITES INC. shall be promptly notified of any such sharing, unless such notice is prohibited by law.
- Obtain written approval from LEVEL ONE SITES INC. prior to the development or implementation of any new remote (including Internet) access to Covered Data by anyone not a direct employee or contractor of the Service Provider. This requirement specifically includes any application by which LEVEL ONE SITES INC. people or others can access information about themselves or about others.
- Adhere to LEVEL ONE SITES INC. rules for password requirements and data protection policies as enumerated in LEVEL ONE SITES INC. security policy.
- Provide results to LEVEL ONE SITES INC. of a SAS-70 Type I or Type II audit of the service being provided to LEVEL ONE SITES INC. or agree to a LEVEL ONE SITES INC. managed audit if LEVEL ONE SITES INC. decides that it wants an audit for any or no reason.
- Notify LEVEL ONE SITES INC. within (4) business hours of any security breach or compromise that jeopardizes the security of Covered Data.
- Segregate server computers from client computers on Service Provider internal data network.
- LEVELONESITES INC. may further identify additional pieces of information as either confidential, personally identifiable, or sensitive for business-specific reasons. The Service Provider must implement the above safeguards to protect any such additional information.
- Survival of Data Protection Requirements after Termination of Agreement. The provisions of this rider shall survive the termination of this or any other agreements between LEVEL ONE SITES INC. and the Service Provider at least in regard to any LEVEL ONE SITES INC. Covered Data in the possession of the Service Provider.
Note: For more information about SAS 70 audits see http://www.sas70.com/about.htm