SALS Data Handling and Use Policy

From IDESG Wiki
Revision as of 04:03, 28 June 2018 by Omaerz (talk | contribs) (5 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Error creating thumbnail: File missing
This article is under construction and should not be considered complete.
Last modified by Omaerz


The definitive current text for this Policy is posted on the Web. Any versions in static downloadable form are provided for convenience only, and may not always represent the most current information.
PDF DOWNLOAD LINKS:

Policy: https://workspace.idesg.org/kws/public/download/429/latest/SALS-Data-Handling-v3.98-20160111.pdf
Exhibit 1 data usage table: https://workspace.idesg.org/kws/public/download/428/latest/SALS-Data-Handling-Exhibit-1-v3.98-20160111.pdf


In connection with its Self-Assessment Listing Service ("SALS") program, IDESG collects, uses, and maintains information that IDESG obtains voluntarily from participating service providers ("Service Providers") on the application forms for the SALS program. This Data Handling and Use Policy ("Policy") describes the information that IDESG collects and how IDESG uses and maintains that information. This Policy applies only to information collected from Service Providers as part of the IDESG SALS program.

For additional information about IDESG SALS, please see the SALS FAQs.


<1>

Data Collection.

The data elements collected by the SALS Program through the SALS Application Package and related documents are listed in Exhibit 1 to this Policy. IDESG collects information to assess and verify Service Providers’ authenticity, eligibility, and legitimacy for inclusion in the SALS, to inform Users about Service Providers, and to contact Service Providers as necessary. SALS displays organizational information provided by Service Providers.

Service Providers should only provide the information requested, and are prohibited under the SALS Supplemental Terms of Use from submitting information that violates any intellectual property rights of a third party, or that breaches or infringes any copyright, trademark, patent, trade secret, or duty of confidentiality or privacy. The SALS program specifically is designed as a repository for voluntarily disclosed information that is intended for widespread sharing.

<2>

Data Disclosure and Publication.

This Section summarizes IDESG disclosure practices with respect to certain SALS data as described definitely in the data elements table in Exhibit 1 (below). In case of any conflict between this Section 2 text and the data elements table, the table in Exhibit 1 controls.

IDESG will publish in SALS public materials, including on IDESG’s website, only the data elements about Service Providers that are identified in Exhibit 1 as "public". Additionally, Service Providers can choose not to have specific data elements displayed, except where those elements are identified as "public mandatory" on Exhibit 1.

Note that each completed Self-Assessment Matrix that is successfully submitted by a Service Provider to the SALS program as part of an Application Package routinely will be displayed as "public mandatory."

The contact information that a Service Provider provides (typically, a name, title, phone number and e-mail address) as part of the Application Package generally will not be published in SALS public materials. However, if Service Provider explicitly consents (typically, in its application), IDESG may disclose its point-of-contact information in response to inquiries about that Service Provider, or to answer specific questions or information requests that arise regarding the Service Provider's SALS information.

IDESG will not disclose or share other information collected in SALS Application Packages or related materials, with other organizations, persons or agencies without the consent of the Service Provider, except that IDESG also may share or disclose information (a) when required by law or to respond to legal process; (b) to protect IDESG members, Service Providers, or SALS Users; (c) to maintain the function, integrity, and security of IDESG services; and (d) to protect the rights or property of IDESG.

<3>

Data Retention and Disposal.

IDESG will use reasonable administrative, physical, and technical measures to safeguard the security of information collected from Service Providers. IDESG will retain all information collected from Service Providers for at least three years from the date of receipt, or if later, the date that the information was posted to the SALS website. Three years after the date that IDESG received or first posted the information, whichever is later, the information in a SALS Application Package and SALS Listing will be deemed obsolete. Service Providers will be required to re-confirm compliance annually and re-assess and re-attest conformance to the applicable IDEF Functional requirements on a periodic schedule set in the Supplemental Terms of Use, in order to remain Listed, as described below.

IDESG may retain obsolete information for seven years after initial collection, after which IDESG will securely dispose of, or securely retain (if destruction is not feasible), all such information, using reasonable care. Please note that IDESG’s disposal of information supplied by Service Providers does not cover any copies retained by SALS Users who may have accessed and copied information from SALS public materials, such as IDESG’s website, during the period that the information was readily available from the SALS.

<4>

Updates and Changes to SALS Data.

Service Providers may update or change any of the information listed for their organization within SALS at any time by contacting the program by e-mail at SALS@idesg.org [mailto: link]. The SALS Supplemental Terms of Use require Service Providers to keep their information accurate and up-to-date.

In addition, IDESG requires all Service Providers to re-assess and re-attest to their compliance with applicable Baseline Requirements, every 365 days through the submission of an updated Application Package. SALS Users do not have the ability to alter SALS information, but they can challenge the accuracy of information regarding a SALS Listed Provider through the process described at SALS Dispute Avoidance and Resolution Process.

<5>

Updates and Changes to This Policy; Relation to Terms of Use.

This Policy is incorporated by reference into the SALS Supplemental Terms of Use. Those terms permit that agreement and this Policy to be modified from time to time by IDESG, in the manner described in the Supplemental Terms of Use.

For answers to technical or general support questions, please see the SALS FAQs.


>> Forward to: Exhibit 1: SALS Data Usage Table
>> Application Instructions and Attestation Forms
>> Back to: SALS Supplemental Terms of Use
>> SALS Application Package