One Step Ahead
May 5, 2009, Volume 55, No. 32	Print Issue

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

The University’s Purchase Order Terms and Conditions document states the general terms of contracts applicable between the University and its vendors. The document is automatically incorporated into each University purchase order. Recently, the Terms and Conditions were updated with respect to privacy and security of information. The new Terms and Conditions include strong requirements to protect confidential data, including provisions for data security safeguards, access and use restrictions and breach reporting.

See www.purchasing.upenn.edu/for_suppliers/terms-conditions-exhibit-A.pdf

As indicated, the Purchase Order Terms and Conditions set out general requirements for University purchase orders and contracts. It is important to note that there could also be circumstances involving, for example, particularly sensitive data, where more extensive contractual protections would be warranted.

If your school or center is renewing or renegotiating a vendor agreement that involves storage, transmission or processing of confidential data, be sure that appropriate data privacy and security requirements are included in the agreement.

For more information regarding data privacy, contact the Office of Audit, Compliance and Privacy at (215) 573-4492. For questions concerning the applicability of the Purchase Order Terms and Conditions, contact Purchasing Services at (215) 898-7216.

_____________________________________

To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.