Body
The following documents are used by the CSU and CSUMB as part of the IT Procurement Contracting process:
Located on the CSYOU Systemwide Procurement page:
-
General Provisions-IT
-
IT-Supplemental Provisions for Acquisitions
-
Acknowledgement (1.0) - Ensures contract as defined is "protected" and subject to laws and regulations
-
Sub-Contractor Disclosure (2.0) - Ensures that Contractor holds its subcontractors to the terms to which they have agreed
-
Incident Response Plan (3.0) - Develop or maintain a Information Security Plan adequate to protect the CSU data
-
PCI Compliance (5.0) - Does the software store, process or transmit payment card data?
-
PCI-DSS Requirements (5.1) - Payment Card Industry Data Security Standards
-
PA-DSS Requirements (5.2) - Payment Application Data Security Standards
-
NACH Requirements (5.3) - Contractor comply with NACHA requirements.
-
HIPAA Requirements (5.4) - Contractor must comply with Health Insurance Portability and Accountability Act (HIPAA) requirements
-
Risk Management - Personnel Security (6.0) - Contractor (et al) is required to maintain security and privacy of CSU Information assets.
-
Record Retention (optional) (7.0) - must comply with applicable Record Retention requirements
-
Risk Assessment (8.0) - must comply with applicable Risk Assessment requirements
-
Return/Destroy Protected Data (9.0) - Contractor must ensure returns or adequately disposes of CSU Protected Data