|One Step Ahead
May 5, 2009, Volume 55, No. 32
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Updated Purchase Order Terms and Conditions Regarding
Information Privacy & Security
The University’s Purchase Order Terms and Conditions document states the general terms of contracts applicable between the University and its vendors. The document is automatically incorporated into each University purchase order. Recently, the Terms and Conditions were updated with respect to privacy and security of information. The new Terms and Conditions include strong requirements to protect confidential data, including provisions for data security safeguards, access and use restrictions and breach reporting.
As indicated, the Purchase Order Terms and Conditions set out general requirements for University purchase orders and contracts. It is important to note that there could also be circumstances involving, for example, particularly sensitive data, where more extensive contractual protections would be warranted.
If your school or center is renewing or renegotiating a vendor agreement that involves storage, transmission or processing of confidential data, be sure that appropriate data privacy and security requirements are included in the agreement.
For more information regarding data privacy, contact the Office of Audit, Compliance and Privacy at (215) 573-4492. For questions concerning the applicability of the Purchase Order Terms and Conditions, contact Purchasing Services at (215) 898-7216.
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.