Skip to main content
Learn More

Appendix G – Confidential Information Agreement (Non-Disclosure) for Data Transferred to an External Service Provider

Appendix G – Confidential Information Agreement (Non-Disclosure) for Data Transferred to an External Service Provider

SAMPLE

Information Security Program

Appendix G - Confidential Information Agreement (Non-Disclosure) for Data Transferred to an External Service Provider

This form is a sample.  A comparable form approved by the Office of General Counsel should be signed by an appropriate representative of any external organization before any member of that organization can obtain non-public University information.

Confidential Information Agreement for Data Transferred to an External Service Provider

This agreement is hereby entered into, by and between

(hereinafter "Service Provider")
and McNeese State University (hereinafter “McNeese”) on
.
McNeese State University and Service Provider mutually agree to the terms of this Agreement whereby McNeese will provide the following data and information:
to Service Provider for the following purposes:
Such data and information shall be provided to Service Provider for a defined period, starting upon the execution of this agree . If any conflict exists between the terms of this agreement and any prior agreement, the terms of this agreement shall govern.
  1. Definition:
    1. Covered Data and Information will include all data and information provided by McNeese to Service Provider specifically for the aforementioned purposes as well as any data and information that Service Provider may derive from such data and information.
  2. Acknowledgment of Access to Covered Data and Information: Service Provider acknowledges that the Agreement allows the Service Provider access to Covered Data and Information, and that Covered Data and Information will be used for testing and assessment purposes only.
  3. Prohibition on Unauthorized Use or Disclosure of Covered Data and Information: Service Provider agrees to hold the Covered Data and Information in strict confidence. Service Provider shall not use or disclose Covered Data and Information received from or on behalf of McNeese except as permitted or required by the Agreement, as required by law, or as otherwise authorized in writing by McNeese.
  4. Safeguard Standard: Service Provider agrees that it will protect the Covered Data and Information it receives from or on behalf of McNeese according to commercially acceptable standards and no less rigorously than it protects its own Covered Data and Information.
  5. Return or Destruction of Covered Data and Information: Upon termination, cancellation, expiration or other conclusion of the Agreement, Service Provider shall:
    1. Return to McNeese or, if return is not feasible, destroy all Covered Data and Information in whatever form or medium that Service Provider received from or created on behalf of McNeese. This provision shall also apply to all Covered Data and Information that is in the possession of subcontractors or agents of Service Provider. In such case, Service Provider shall retain no copies of such information, including any compilations derived from and allowing identification of Covered Data and Information. Service Provider shall complete such return or destruction as promptly as possible, but not less than thirty (30) days after the effective date of the conclusion of this Agreement. Within such thirty (30) day period, Service Provider shall certify in writing to McNeese that such return or destruction has been completed.
    2. If Service Provider believes that the return or destruction of Covered Data and Information is not feasible, Service Provider shall provide written notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction is not feasible, Service Provider shall extend the protections of this Agreement to Covered Data and Information received from or created on behalf of McNeese, and limit further uses and disclosures of such Covered Data and Information, for so long as Service Provider maintains the Covered Data and Information.
  6. Term and Termination:
    1. This Agreement shall take effect upon execution.
    2. In addition to the rights of the parties established by the underlying Agreement, if McNeese reasonably determines in good faith that Service Provider has materially breached any of its obligations under this Agreement, McNeese, in its sole discretion, shall have the right to:
      1. Exercise any of its rights to reports, access and inspection under this Agreement; and/or
      2. Require Service Provider to submit to a plan of monitoring and reporting, as McNeese may determine necessary to maintain compliance with this Agreement; and/or
      3. Provide Service Provider with a fifteen (15) day period to cure the breach; and/or
      4. Terminate the Agreement immediately if Service Provider has breached a material term of this Agreement and cure is not possible.
    3. Before exercising any of these options, McNeese shall provide written notice to Service Provider describing the violation and the action it intends to take.
  7. Subcontractors and Agents: If Service Provider provides any Covered Data and Information which was received from, or created for, McNeese to a subcontractor or agent, then Service Provider shall require such subcontractor or agent to agree to the same restrictions and conditions as are imposed on Service Provider by this Agreement.
  8. Maintenance of the Security of Electronic Information: Service Provider shall develop, implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of all electronically maintained or transmitted Covered Data and Information received from, or on behalf of, McNeese.
  9. Reporting of Unauthorized Disclosures or Misuse of Covered Data and Information: Service Provider shall report to McNeese any use or disclosure of Covered Data and Information not authorized by this Agreement or in writing by McNeese. Service Provider shall make the report to McNeese not less than one (1) business day after Service Provider learns of such use or disclosure. Service Provider’s report shall identify:
    1. The nature of the unauthorized use or disclosure,
    2. The Covered Data and Information used or disclosed,
    3. Who made the unauthorized use or received the unauthorized disclosure,
    4. What Service Provider has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and
    5. What corrective action Service Provider has taken or shall take to prevent future similar unauthorized use or disclosure.

    Service Provider shall provide such other information, including a written report, as reasonably requested by McNeese.
  10. Indemnity. Service Provider shall defend and hold McNeese harmless from all claims, liabilities, damages, or judgments involving a third party, including McNeese’s costs and attorney fees, which arise as a result of Service Provider’s failure to meet any of its obligations under this Agreement.
  11. Survival. The respective rights and obligations of Service Provider under Section 5 shall survive the termination of this Agreement

IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf.
McNeese State University
Service Provider