Kaufman Hall provides you (“Third-Party User”) access to its Collaborative Tools, as defined below, subject to the following policy (the “Access Policy”) and by using the Collaborative Tools, you agree to be bound by this Access Policy. If you are a business entity, by using the Collaborative Tools you agree (i) to require each of your employees that use or access the Collaborative Tools to be bound by the Access Policy and (ii) you remain responsible and liable for all acts and omissions of your employees in connection with the use of the Collaborative Tools, including any breach of the Access Policy.
If you do not agree to abide by this Access Policy as set forth in this notice, then do not use the Collaborative Tools.
Third-Party User and Kaufman Hall will use project management and collaboration resource(s) provided by Kaufman Hall for the services (“Services”), as defined in the applicable Agreement.
Third-Party User and Kaufman Hall agree that the terms of this Access Policy shall apply to Third-Party User’s access and use of such project management and collaboration resource. This Access Policy applies to all clients, partners, and third parties accessing Kaufman Hall’s Project Collaborative Tool.
Kaufman Hall shall own its working papers, pre-existing materials, and software, as well as any general skills, know-how, processes, methodologies, tools, techniques, or other intellectual property (including a non-entity specific version of any Deliverables), which Kaufman Hall may have discovered or created in connection with the Services (collectively, “Consultant Materials”). Kaufman Hall’s reporting will include, without limitation, oral advice and various written outlines, executive summaries, presentations, memoranda, analysis of issues, and schedules prepared for and delivered to entity in connection with the Services (collectively, “Deliverables”). If, in the course of Kaufman Hall rendering the Services, Third-Party User collaborates with Kaufman Hall on the development of Consulting Materials through the direct contribution of text, suggestions, information, documents, or other materials (“Collaborative Materials”) that do not qualify as Third-Party User private, confidential of proprietary information (“Third-Party User Content”), such Collaborative Materials shall be solely and exclusively owned by Kaufman Hall and Third-Party User shall have the same rights to such Collaborative Materials as it does to the Deliverables.
Project Management and Collaboration
Parties may, from time to time, agree to create project management and collaboration files in the computer systems and facilities, including those Kaufman Hall manages and licenses from third parties, to which Kaufman Hall grants Third-Party User access for the purpose of saving notes, files, and documents related to the Services (collectively the “Project Collaborative Tool(s)”).
Permitted Users
Third-Party User shall limit access to the Project Collaborative Tool to “Permitted Users,” which shall mean the designated employees of Third-Party User that shall be approved in advance by a designated Kaufman Hall information security coordinator and Third-Party User, who shall be permitted to access and use the Project Collaborative Tool.
Restrictions on Access
Third-Party User represents, warrants, and covenants that Third-Party User shall not (i) make the Project Collaborative Tool available to or use the Project Collaborative Tool for the benefit of any third parties, (ii) use the Project Collaborative Tool to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (iii) use the Project Collaborative Tool to store or transmit malicious code, (iv) attempt to gain unauthorized access to the Project Collaborative Tool or its related systems or networks, or (v) use the Project Collaborative Tool except as expressly allowed hereunder.
Restrictions on Use
Third-Party User agrees not to copy, download, or use for any purpose, any Consultant Materials, Kaufman Hall work papers or Kaufman Hall’s Confidential Information within the Project Collaborative Tool. Third-Party User shall immediately destroy or return all Deliverables, Kaufman Hall work papers, or Kaufman Hall’s Confidential Information at the expiration or termination of Third-Party User’s access to the Project Collaborative Tool. Kaufman Hall may request notice that the data was disposed of according to NIST Media Sanitation Guidelines (NIST Special Publication 800-88 Rev 1.)
Disclaimers
To the maximum extent permitted by applicable law, the project collaborative tool is provided “as is” and Kaufman Hall makes no warranty of any kind, whether express, implied, statutory, or otherwise, including that a particular business result will occur through use of the project collaborative tool, and Kaufman Hall specifically disclaims all implied warranties, including any implied warranty of merchantability, fitness for a particular purpose, or title, to the maximum extent permitted by applicable law. Kaufman Hall does not warrant and is not responsible for the accuracy or timeliness of the project collaborative tool. Kaufman Hall does not warrant that the project collaborative tool will operate without interruption or be error-free.
Contractor Inventory
Kaufman Hall shall annually perform an inventory of all Third-Party User’s contractors who store, access or process sensitive data according to its data classification.
Risk Profile
Kaufman Hall shall perform a risk-based profile assessment annually to classify Third-Party User into risk categories per Kaufman Hall risk policy and NIST 800-30. Each risk category will be assigned a specific set of validation requirements jointly defined by the Information Security Department and the Compliance Department.
Risk Assessment
The Information Security Department or an approved delegate shall conduct an annual review of the information security risks of all Permitted Users with access to Deliverables, Consultant Materials, Kaufman Hall work papers, or Kaufman Hall’s Confidential Information.
Information Security Responsibilities
All Third-Party Users shall document information security responsibilities through specific language in contracts that define their relationship with Kaufman Hall. All Third-Party User’s agreements with network service providers shall contain specified security requirements so that external networks are at least as secure as Kaufman Hall’s internal networks.
Security Policy Acknowledgement
All Third-Party Users shall know the Kaufman Hall security policies and agree to follow Kaufman Hall ‘s information security policies. Kaufman Hall follows NIST CSF and 800-53 R4 controls.
Access Approval
Before a user ID can be issued to a Permitted User, documented evidence of an information security system or process shall be provided to and approved by Kaufman Hall’s CIO or their designate. Third-Party User shall maintain this system or method to prevent unauthorized and improper use of Kaufman Hall systems.
Cyber Security
To protect systems, networks, and data and to prevent cybercrime Third-Party User is responsible for managing cyber security risk under its policies and procedures.
Third-Party User represents that you have been informed of the terms and conditions of access to the Project Collaborative Tool for Permitted Users, and its confidentiality and cyber security obligations, as set forth herein and in the applicable Agreement.
Third-Party User agrees that it shall be liable for any breach of this Policy by Permitted Users.