IT Service Agreements & Supplemental Provisions

The following documents are used by the CSU and CSUMB as part of the IT Procurement Contracting process:

Located on the CSYOU Systemwide Procurement page:

  1. General Provisions-IT

  2. IT-Supplemental Provisions for Acquisitions

    • Acknowledgement (1.0) - Ensures contract as defined is "protected" and subject to laws and regulations

    • Sub-Contractor Disclosure (2.0) - Ensures that Contractor holds its subcontractors to the terms to which they have agreed

    • Incident Response Plan (3.0) - Develop or maintain a Information Security Plan adequate to protect the CSU data

    • PCI Compliance (5.0) - Does the software store, process or transmit payment card data?

      • PCI-DSS Requirements (5.1) - Payment Card Industry Data Security Standards

      • PA-DSS Requirements (5.2) - Payment Application Data Security Standards

      • NACH Requirements (5.3) - Contractor comply with NACHA requirements. 

      • HIPAA Requirements (5.4) - Contractor must comply with Health Insurance Portability and Accountability Act (HIPAA) requirements 

    • Risk Management - Personnel Security (6.0) - Contractor (et al) is required to maintain security and privacy of CSU Information assets. 

    • Record Retention (optional) (7.0) - must comply with applicable Record Retention requirements

    • Risk Assessment (8.0) - must comply with applicable Risk Assessment requirements

    • Return/Destroy Protected Data (9.0) - Contractor must ensure returns or adequately disposes of CSU Protected Data 




Print Article


Article ID: 51475
Wed 4/4/18 5:30 AM
Tue 6/4/24 10:25 AM

Related Services / Offerings (1)

Campus Departments submit this form for IT approval of all contracts or service agreements that involve Information Technology resources. The Procurement Office requires IT approval prior to finalizing any IT related service agreement or contract.