SECURITYDATAREQUIREMENTSCHECKLIST
(ProcurementProtectedInformation)
Pleasechoose Yes(Y)orNo(N)belowtoindicatetypesofCSU,Chicopersonalinformationtobecollected,shared,
accessed/transmitted,orstoredby subcontractororsubcontractor’sagentaspartofthecontractstatementofwork:
Line
Y
esor
No?
ConfidentialCSU Level 1 (S ection 8065.S02)
P
rocurement
U
se
O
n
ly
1.
Doesthesubcontractororagentemploy more than 100 employees, access more
than 1000
individual pieces of information (e.g., names and SSN, credit cards,
medicalrecords,orany
combination)orconductfullSAS70/SSAE16(TypeII)
audits?
N= Use Low Sec. Data
Requirements
Y = Use High Sec. Data
Requirements
PCIDSS;PADSS;NACH
A
Requirements; HIPAA Requirements
APPLICABLESECTIONS
LINES2thru6
2.
Namewithcreditca
rdpaymentto Universit
y
merchant ID
5.2
3.
P
urc
h
aseo
f
so
twaretoprocessname w
i
t
h
cre
di
tcar
d
payment to
U
n
i
vers
i
t
y
merchantID
5.3
4.
N
amew
i
t
h
ACH
paymentto
U
n
i
vers
i
t
y
b
an
k
account
5.4
5.
M
e
di
ca
l
recor
d
sre
l
ate
d
toan
i
n
di
v
id
ua
l
(i
nc
l
u
di
ng
di
sa
bili
t
y
i
n
f
ormat
i
on
)
5.5
6.
Psyc
h
o
l
ogica
l
counse
l
ingrecor
d
sre
l
ate
d
to an in
d
ivi
d
ua
l
5.5
APPLICABLESECTIONS LINES7thru 58
1,2,3,4, 5.1, 5.6, 6, 7, 8, 9
7.
The application stores passwordsorcredentialsthatgrant access to level 1 and level 2 data
8.
The application stores PINs(PersonalIdentificationNumbers)
9.
Bi
rt
h
d
atecom
bi
ne
d
w
i
t
h
l
ast
f
our
di
g
i
ts o
f
SSN
an
d
name
10.
C
re
di
tcar
d
num
b
ersw
i
t
h
car
dh
o
ld
er name
11.
T
ax
ID
w
i
t
h
name
12.
Driver’slicensenumber,stateidentification card, and other forms o
f
national orinternational identification
(suchaspassports,visas,
etc.)incombinationwithname
13.
S
oc
i
a
l
S
ecur
i
t
y
num
b
eran
d
name
14.
H
ea
l
t
h
i
nsurance
i
n
f
ormat
i
on
15.
M
e
di
ca
l
recor
d
sre
l
ate
d
toan
i
n
di
v
id
ua
l
(i
nc
l
u
di
ng
di
sa
bili
ty
)
16.
P
syc
h
o
l
og
i
ca
l
C
ounse
li
ngrecor
d
sre
l
ate
d
to an
i
n
di
v
id
ua
l
17.
Bankaccountordebitcardinformation in combination with an
y
required securit
y
code,access code,
orpasswordthatwould
permitaccesstoanindividual'sfinancialaccount
18.
Bi
ometr
i
c
i
n
f
ormat
i
on
19.
El
ectron
i
cor
di
g
i
t
i
ze
d
s
i
gnatures
20.
P
r
i
vate
k
e
y
(di
g
i
ta
l
cert
ifi
cate
)
21.
L
awen
f
orcement personne
l
recor
d
s
22.
C
r
i
m
i
na
l
b
ac
k
groun
d
c
h
ec
k
resu
l
ts
All No
All Yes
All Yes
All No
InternalUse‐ CSULevel2(Section8065.S02)
I
d
entit
y
Va
l
i
d
ationKeys
(
namewit
h)
:
23.
B
irt
h
d
ate
(f
u
ll
:mm‐
dd
‐yy
)
24.
Bi
rt
h
d
ate
(
part
i
a
l
:mm‐
dd
on
l
y
)
25.
Ph
oto
(
ta
k
en
f
or
id
ent
ifi
cat
i
onpurposes
)
S
tu
d
ent
I
n
f
ormat
i
on
Ed
ucat
i
ona
l
ecor
s
(
non
di
rectory
)
26.
G
ra
d
es
27.
C
oursesta
k
en
28.
S
c
h
e
d
u
l
e
29.
T
estscores
30.
Ad
v
i
s
i
ngrecor
d
s
31.
Ed
ucat
i
ona
l
serv
i
cesrece
i
ve
d
32.
Di
sc
i
p
li
nar
y
act
i
ons
33.
S
tu
d
ent
Ph
oto
34. Financia
l
Ai
d
receive
d
35. Mostrecente
d
ucationa
l
agenc
y
or institution atten
d
e
d
36.
P
art
i
c
i
pat
i
on
i
no
ffi
c
i
a
lly
recogn
i
ze
d
act
i
v
i
t
i
es an
d
sports
37.
W
e
i
g
h
tan
d
h
e
i
g
h
to
f
mem
b
ers o
f
at
hl
et
i
cteam
38.
T
ranscr
i
pt
39.
Lib
rar
y
c
i
rcu
l
at
i
on
i
n
f
ormat
i
on
40.
T
ra
d
esecretsor
i
nte
ll
ectua
l
propert
y
suc
h
as researc
h
act
i
v
i
t
i
es
41.
L
ocat
i
ono
f
cr
i
t
i
ca
l
orprotecte
d
assets
42.
Li
cense
d
so
f
tware
43.
Vu
l
nera
b
i
l
ity
/
securit
y
in
f
ormation re
l
ate
d
to a campus or system
44.
C
ampusattorne
y
‐c
l
ientcommunications
E
mp
l
oyee
I
n
f
ormat
i
on
(i
nc
l
u
di
ng stu
d
ent emp
l
oyees
)
45.
E
mp
l
oyeenetsa
l
ar
y
46.
H
omea
dd
ress
47.
P
ersona
l
te
l
ep
h
onenum
b
ers
48.
P
ersona
l
ema
il
a
dd
ress
49.
P
ayment
Hi
stor
y
50.
E
mp
l
oyeeeva
l
uat
i
ons
51.
P
re‐emp
l
oyment
b
ac
k
groun
d
i
nvest
i
gat
i
ons
52.
M
ot
h
er
sma
id
enname
53.
R
acean
d
et
h
n
i
c
i
t
y
54.
P
arents
an
d
ot
h
er
f
am
ily
mem
b
ers
names
55.
Bi
rt
h
p
l
ace
(Ci
ty,
S
tate,
C
ountry
)
56.
G
en
d
er
57.
M
ar
i
ta
l
S
tatus
58.
Ph
ys
i
ca
l
d
escr
i
pt
i
on
Name of company that offers the product or service:__________________________________________________________________________________
Name of the product or service being evaluated:_______________________________________________________________________________________ 
Name of Department/Business Unit: ___________________________________________________________________________________________________
Name of individual completing form:___________________________________________________________________________________________________ 
Nameof department manager (MPP):__________________________________________________________________________________________________
Signature of department manager (MPP): ___________________________________________________________Date________________________________________
All Yes
All No
All No
All Yes