AR-03-727 Privacy Requirements for Contractors and Service Providers
Privacy Requirements for Contractors and Service Providers
AR-03-727
Privacy Requirements for Contractors and Service Providers
Accountability, Audit and Risk Management
Identify
External Vendors and Third Party Providers, Information Security Risk Management, Privacy and Confidentiality
NOT SELECTED
NA
No
Customer information is improperly disclosed when transmitted to a third party.
The organization:
a. Establishes privacy roles, responsibilities, and access requirements for contractors and service providers; and
b. Includes privacy requirements in contracts and other acquisition-related documents.
Service providers are subject to agency privacy requirements and held accountable for such.
No statewide control
Obtain contracts and service agreements with third parties and service providers; other relevant documents or records and ascertain if:
(I) the organization establishes privacy roles, responsibilities, and access requirements for contractors and service providers; and
(ii) the organization includes privacy related requirements in contracts and other acquisition-related documents.