Database Requirements Clause Samples
Database Requirements. The Contractor shall provide a data record of all transactions through the inmate telephone system that shall be maintained in a database for monitoring and analysis of inmate telephone calls. This data is used to alert authorized Department staff of possible trends with inmate calls that could jeopardize the security of inmates, staff, or facilities. The Contractor shall be responsible for the generation and creation of a centralized system database. The system shall provide the capability for every call in and out of the system to be recorded with a transaction record that includes, at a minimum, a recording of the telephone call in a .wav or other format acceptable to the Department. The database shall be maintained in such a manner as to allow authorized personnel the capability to review and monitor inmate call data regardless of which Department facility is housing the inmate. The database shall contain multiple data fields. At a minimum, the database shall contain all fields required to generate reports as indicated in Section II., M., and all information required to establish Inmate Phone Access as indicated in Section II, I.,
Database Requirements a. Each different individual, entity, or employer listed in the database shall be assigned a single account number.
b. The database shall be searchable by name and taxpayer identification number.
Database Requirements i. You agree that You shall, at Your own expense, maintain, operate and if necessary, upon Bank’s written notice to You, upgrade all systems, equipment and software necessary for the secure storage of data pertaining to its Internet Transactions, whether self hosted or third-party hosted, to ensure the privacy and confidentiality of Cardholder and Authorized user information.
ii. The database data should be encrypted.
iii. The database must be in a physically secured (locked) room.
iv. Access must be restricted to staff on a business need only basis.
v. Databases access must be password protected.
vi. The default database, web server and application password must be changed upon system implementation and must be changed thereafter on a monthly basis following industry standard change control procedures.
vii. The default system access privileges must be changed/ tightened upon system implementation to ensure the least access is permitted for authorized individuals only.
viii. The default database product encryption key must be changed upon system implementation and must be changed thereafter on an annual basis.
ix. The database backups must be subject to similar physical safekeeping measures and access must be limited to authorized staff only.
x. Obsolete database backups must be erased to ensure that Internet Transactions data cannot be recovered.
xi. The database used to store Internet Transactions data must not be resident on or accessible by the web server and must not be addressable or accessible from the Internet, or accessible through public telecommunications line.
xii. Unused services on the web server, including but not limited to various other communication protocols, must be disabled or removed.
xiii. A router or firewall must be installed between the web server and the Internet to screen out other communication protocols that are required for Internet commerce.
xiv. The controls as defined above are to be reviewed on a periodic basis to ensure that they are still in effect.
xv. Such other requirements as Bank may reasonably require from time to time. Refer to the PCI Data Security Standards. Information in reference to the PCI Data Security Standards can be accessed via the website ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/pdfs/pci_dss_v1-1.pdf