Wash. Admin. Code § 182-70-440

Current through Register Vol. 24-23, December 1, 2024
Section 182-70-440 - Accountability
(1) The data vendor must submit an annual report to the lead organization, the authority, and the office of the state chief information security office that includes the following information:
(a) Summary results of its independent security assessment; and
(b) Summary of its penetration testing and vulnerability assessment results.
(2) The data vendor, upon reasonable notice, must allow access and inspections by staff of the office of the state chief information security officer to ensure compliance with state standards.
(3) The data vendor, upon reasonable notice, must allow on-site inspections by the authority to ensure compliance with laws, rules and contract terms and conditions.
(4) The data vendor must have data retention and destruction policies that are no less stringent than that required by federal standards, including the most current version of NIST Special Publication 800-88, Guidelines for Media Sanitization.

Wash. Admin. Code § 182-70-440

WSR 19-24-090, recodified as § 182-70-440, filed 12/3/19, effective 1/1/20
Amended by WSR 20-08-059, Filed 3/25/2020, effective 4/25/2020

Statutory Authority: Chapter 43.371 RCW. WSR 17-08-079, § 82-75-440, filed 4/4/17, effective 5/5/17.