Core Language

Core Language

What should be the core language that I should always have in an RFP or contract?

In other words, "What is my baseline?" The working group proposes that five themes should be present in every RFP or contract:

- Data Definition: What data are the data that needs securing Make clear what data is owned by the institution and other interested parties.

- Use of Data: What can the third-party do and not do with that data?

- General Data Protection: How does the institution expect the third-party to protect the data?

- Data Protection After Contract Termination: What should the third-party do with the institution data upon termination of the contract?

- References to Third Party Compliance With Applicable Federal, State, and Local Laws and Regulatory Requirements: With what laws does the third-party need to comply as an institution agent or custodian of institution data?


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).