The URL can be used to link to this page

Home My WebLink AboutN-808 - IT Vendor - Acceptable Use and Security of Confidential City InformationCITY OF PASCO ADMINISTRATIVE ORDERS Administrative Order No. 808 Information Services Subject: IT Vendor Acceptable Use and Security of Confidential City Information Initial Effective Date: January 27, 2014 Revised A roved I. PURPOSE: To establish guidelines for the review of IT Vendor Information Holders' acceptable use, non - disclosure, and security of confidential city information. II. DEPARTMENTS AFFECTED: All III. DEFINITIONS: IT Vendor: a vendor, contractor or supplier of technology related services, hardware, or software. Information Holder: means a third party that to which city has provided confidential information. Confidential Information: means any of the following in the care, custody and control of the City or Information Holder for which the City or Information Holder is legally responsible: 1. Information from which an individual may be uniquely and reliably identified or contacted, including, without limitation, an individual's name, address, telephone number, social security number, account relationships, account numbers, account balances, account histories and passwords; 2. Information concerning an individual that would be considered "nonpublic personal information" within the meaning of Title V of the Gramm -Leach Bliley Act of 1999 (Public Law 106 -102, 113 Stat. 1338) (as amended) and its implementing regulations; 3. Information concerning an individual that would be considered "protected health information" within Health Insurance Portability and Accountability Act of 1996 (as amended) and its implementing regulations; 4. Information used for authenticating customers for normal business transactions; 5. Any third party's trade secrets, data, designs, interpretations, forecasts, formulas, methods, practices, processes, records, reports or other item of information that is not available to the general public; 6. City network configuration (design, addressing, or architecture) or system, hardware, and software administrator usernames or passwords. IV. POLICY: Contracts with IT Vendors shall include language that sets forth acceptable use of confidential information and established standards of security and non - disclosure of confidential information. In lieu of contract or specific language regarding confidential information in a contract, the IT vendors data policy and security can be assessed and approved by an IS employee on the city's staff. Date ,l Administrative Order 808 - IT Vendor Acceptable Use and Security of Confidential City Information Page 2