Information Resources Contract Clauses

Vendor Access Language

[PROVIDER] hereby acknowledges responsibility to comply with all applicable [MEMBER] policies, rules, standards, practices, and agreements, including but not limited to: safety policies, privacy policies, security policies, auditing policies, software licensing policies, acceptable use policies, and nondisclosure as required by [MEMBER].

For purposes of this section concerning Vendor Access, Confidential Information is defined as information that must be protected from unauthorized disclosure or public release based on state or federal law or other legally binding agreement and may include but is not limited to the following: personally identifiable information (social security number and/or financial account numbers, student education records); intellectual property (as set forth in Section 51.914 of the Texas Education Code); and medical records. Mission Critical Information is information that is defined by [MEMBER] to be essential to the continued performance of the mission of [MEMBER], the unavailability of which would result in consequences to [MEMBER].

In the event [PROVIDER] should obtain or be granted access to Confidential and/or Mission Critical Information of [MEMBER] ("[MEMBER] Information"), [PROVIDER] will keep and protect [MEMBER] Information confidential to no less than the same degree of care as required by [MEMBER] policies, rules and procedures. At the expiration or early termination of this Agreement, [PROVIDER] agrees to return all [MEMBER] Information or agrees to provide adequate certification that the [MEMBER] Information has been destroyed. [PROVIDER], its employees, agents, contractors, and subcontractors shall use the [MEMBER] Information solely in connection with performance by [PROVIDER] of the services provided to [MEMBER] pursuant to this Agreement, and for no other purpose. Should [PROVIDER], its employees, agents, contractors, or subcontractors acquire other [MEMBER] Information during the course of this Agreement, it shall not be used for [PROVIDER]'s own purposes or divulged to third parties. [PROVIDER] shall comply with all terms and conditions of any [MEMBER] non-disclosure agreement applicable to this Agreement. Failure to comply with the requirement not to release information, except for the sole purpose stated above, will result in cancellation of this Agreement and the eligibility for [PROVIDER] to receive any [MEMBER] Information from [MEMBER] for a period of not less than five (5) years.

Both parties shall each provide contact information for specific individuals. The designated contact for [MEMBER] shall be ____________, Department of __________________, _____ TAMU, College Station, TX 77843-____, Telephone: (979) _________, Email:_____________. The designated contact for [PROVIDER] shall be ______________________________(include email address and phone number). Should the designated contact for either party need to be changed, the new contact information shall be updated and provided to the respective parties within 24 hours of any staff changes. Should [PROVIDER] have a need to access [MEMBER] Information, that request shall be directed to [MEMBER]'s designated contact. Further, [PROVIDER] is responsible for reporting all security breaches directly to [MEMBER]. [MEMBER]'s designated contact for breaches shall be Help Desk Central (helpdesk@tamu.edu; (979) 845-8300). Help Desk Central can be contacted 24/7. Security breach investigation reports shall be provided to the designated contact for [MEMBER] and [MEMBER]'s Chief Information Security Officer (ciso@tamu.edu).