Loading...
HomeMy WebLinkAboutCAG2021-358 - Original - Washington State Auditor's Office (SAO) - Interagency Data Sharing Agreement (DSA) - 08/17/20218/6/2021 Okay to sign A. Long Agency DSA 21-01 INTERAGENCY DATA SHARING AGREEMENT Between City of Kent And the Office of the Washington State Auditor This Interagency Data Sharing Agreement (DSA) is entered into by and between City of Kent hereinafter referred to as "Agency", and the Office of the Washington State Auditor, hereinafter referred to as "SAO", pursuant to the authority granted by Chapter 39.34 RCW and 43.09 RCW. AGENCY PROVIDING DATA: Agency Agency Name: City of Kent Contact Name: Lisa Thornton Title: Accounting Manager Address: 220 4' Ave S., Kent, WA 98032 Phone: 253-856-5264 E-mail: Thornton@kentwa.gov AGENCY RECEIVING DATA: SAO Agency Name: Office of the Washington State Auditor Contact Name: Alexander Beherndt Title: Audit Manager Address: 841 Central Ave N., Suite 201 Kent, WA 98032 Phone: 253-372-6251 E-mail: behemdta@sao.wa.gov PURPOSE OF THE DSA The purpose of the DSA is to provide the requirements and authorization for the Agency to exchange confidential information with SAO. This agreement is entered into between Agency and SAO to ensure compliance with legal requirements and Executive Directives (Executive Order 16-01, RCW 42.56, and OCIO policy 141.10) in the handling of information considered confidential. 2. DEFINITIONS "Agreement" means this Interagency Data Sharing Agreement, including all documents attached or incorporated by reference. DSA Agreement between Agency and SAO Agency DSA: 21-01 Agency DSA 21-01 "Data Access" refers to rights granted to SAO employees to directly connect to Agency systems, networks and/ or applications combined with required information needed to implement these rights. "Data Transmission" refers to the methods and technologies to be used to move a copy of the data between systems, networks and/ or employee workstations. "Data Storage" refers to the place data is in when at rest. Data can be stored on removable or portable media devices such as a USB drive or SAO managed systems or OCIO/ State approved services. "Data Encryption" refers to enciphering data with a NIST-approved algorithm or cryptographic module using a NIST-approved key length. Encryption must be applied in such a way that it renders data unusable to anyone but the authorized users. "Personal Information" means information defined in RCW 42.56.590(10). 3. PERIOD OF AGREEMENT This agreement shall begin on 7/01/2021 or date of execution, whichever is later, and end on 6/30/2022, unless terminated sooner or extended as provided herein. 4. JUSTIFICATION FOR DATA SHARING SAO is the auditor of all public accounts in Washington State. SAO's authority is broad and includes both explicit and implicit powers to review records, including confidential records, during the course of an audit or investigation. DESCRIPTION OF DATA TO BE SHARED The data to be shared includes information and data related to financial activity, operation and compliance with contractual, state and federal programs, security of computer systems, performance and accountability for agency programs as applicable to the audit(s) performed. Specific data requests will be limited to information needed for SAO audits, investigations and related statutory authorities as identified through auditor requests. 6. DATA ACCESS If desired, with the Agency's permission, the Agency can provide direct, read-only access into its system. SAO will limit access to the system to employees who need access in support of the audit(s). SAO agrees to notify the agency when access is no longer needed. 7. DATA TRANSMISSION Transmission of data between Agency and SAO will use a secure method that is commensurate to the sensitivity of the data being transmitted. DATA STORAGE AND HANDLING REQUIREMENTS Agency will notify SAO if they are providing confidential data. All confidential data provided by Agency will be stored with access limited to the least number of SAO staff needed to complete the purpose of the DSA. DSA Agreement between Agency and SAO Agency DSA: 21-01 Agency DSA 21-01 9. INTENDED USE OF DATA The Office of the Washington State Auditor will utilize this data in support of their audits, investigations, and related statutory responsibilities as described in RCW 43.09. 10. CONSTRAINTS ON USE OF DATA The Office of the Washington State Auditor agrees to strictly limit use of information obtained under this Agreement to the purpose of carrying out our audits, investigations and related statutory responsibilities as described in RCW 43.09. 11. SECURITY OF DATA SAO shall take due care and take reasonable precautions to protect Agency's data from unauthorized physical and electronic access. SAO complies with the requirements of the OCIO 14 1. 10 policies and standards for data security and access controls to ensure the confidentiality, and integrity of all data shared. 12. NON -DISCLOSURE OF DATA SAO staff shall not disclose, in whole or in part, the data provided by Agency to any individual or agency, unless this Agreement specifically authorizes the disclosure. Data may be disclosed only to persons and entities that have the need to use the data to achieve the stated purposes of this Agreement. In the event of a public disclosure request for the Agency's data, SAO will notify the Agency a. SAO shall not access or use the data for any commercial or personal purpose. b. Any exceptions to these limitations must be approved in writing by Agency. c. The SAO shall ensure that all staff with access to the data described in this Agreement are aware of the use and disclosure requirements of this Agreement and will advise new staff of the provisions of this Agreement. IRMIi/91311-1 :IN The SAO agrees that Agency will have the right, at any time, to monitor, audit, and review activities and methods in implementing this Agreement in order to assure compliance. 14. TERMINATION Either party may terminate this Agreement with 30 days written notice to the other party's Agreement Administrator named on Page 1. However, once data is accessed by the SAO, this Agreement is binding as to the confidentiality, use of the data, and disposition of all data received as a result of access, unless otherwise amended by the mutual agreement of both parties. 15. DISPUTE RESOLUTION In the event that a dispute arises under this Agreement, a Dispute Board shall determine resolution in the following manner. Each party to this Agreement shall appoint one member to the Dispute Board. The members so appointed shall jointly appoint an additional member to the Dispute Board. The Dispute Board shall review facts, contract terms, and applicable statutes and rules and make a determination of the dispute. 16. GOVERNANCE a. The provisions of this Interagency Data Sharing Agreement are severable. If any provision of this Agreement is held invalid by any court that invalidity shall not affect the DSA Agreement between Agency and SAO Agency DSA: 21-01 08/16/2021 Mayor