23
DCAMasterServicesAgreement_DRAFT_slovett_7.20.2002v9.6
protect the work areas and storage spaces, together with the IT Assets, physical contents,
and human readable information contained therein, from unauthorized observation,
alteration, damage, destruction, or the theft thereof, and protect authorized persons therein
from hazards, natural disasters and bodily harm.
“Agency Data” means confidential information, and collectively PII, CII, and ePHI of
Agency including that of its employees, contractors and customers, as applicable.
“Security” or “Security Measure” means the protective and preemptive actions that
encompass all of the Administrative, Physical and Technical Safeguards (collectively, the
“Safeguards”) applicable to any consulting service, managed service, IT Asset, Solution,
or combination thereof that is provided by Processor to Agency, or one of Agency’s
commercial customers and/or residential subscribers, or applicable to any IT Asset, Data
File, credit or debit card, prepaid debit or gift card, or any contracted service used by
Processor and its Authorized Personnel in doing business as a going concern, including: (i)
password protection, encryption, network partitioning, configuration management,
firewall, malware, virus, trap and circumvention protections, (ii) access, authorization,
logging, testing, patching, bug fixing, monitoring and auditing, (iii) developing and
updating disaster recovery plans, software licensing and lifecycle plans, IT hardware,
equipment and facility access, maintenance and lifecycle plans, electronic data storage,
retention and destruction plans, and Exploit Incident notification plans, as well as (iv) the
development of annual budgets and assurance reviews to validate the existence of these
measures and to evaluate their effectiveness.
“Sponsor Organization” or “Agency Sponsor” means a public sector agency or institution,
or private sector organization authorized to grant entitlements and assets (including cash,
annuities, securities, credit, tax wavers and incentives) under various specific legal
conditions, restrictions, eligibilities and administrative compliance requirements that have
been assigned to the Georgia Department of Community Affairs as a fiduciary
responsibility for administration and proper distribution to eligible and qualified
individuals and business in the state of Georgia.
“Technical Safeguards” means the IT controls and preemptive measures used to limit
and/or monitor authorized access and visibility, prevent unauthorized intrusion, and
obstruct unauthorized visibility into IT Assets and their contents, together with protection
of the machine-readable settings and electronic data contained therein, from unauthorized
observation, alteration, destruction, damage or the theft thereof.
“Provider” or “Third-party Provider” may also be referred to under Information Protection
Law and Industry Standards, as well as under regulatory guidance from federal agencies
including HUD, OCC, FTC, CFPB and the State of Georgia Technology Agency as Third-
party Vendor or Professional Service Provider, and refers to any party or third-party
pursuing and/or agreeing to continue a business relationship arrangement with the DCA,
or may refer to a business relationship that exists or may exist in the future between the
Provider and a non-affiliated third-party used by the Provider in provision of products
and/or services to the DCA as part of the business relationship being pursued and/or
continued between the parties by contract, license or otherwise, where the third-party entity