SaaS Clause 10-20-20.pdf

The document provides detailed requirements and standards for information security, data protection, and privacy for a Cloud Vendor or Software as a Service (SaaS) Provider working with Yavapai College (YC). It covers access control, incident reporting, offshoring restrictions, patch management, encryption, regulatory compliance, backup and restoration, secure development, data ownership, privacy protection, business continuity planning, and Payment Card Industry Data Security Standard (PCI DSS) compliance. Emphasis is placed on safeguarding YC Data, including personal data, and ensuring compliance with laws such as FERPA, HIPAA, GDPR, and PCI DSS, as well as addressing emergency data handling, data ownership, and Supplier responsibilities for data security and confidentiality.