MICRO-ENTERPRISE CREDENTIAL TRACKING AGREEMENT

SECTION 1: INTRODUCTION

The following is an agreement between Baton Rouge Area Chamber (henceforth referred to as BRAC) and your district and/or school (henceforth referred to as District / School) that pertains only to the District / School use of the Micro-Enterprise Credential Tracking System (Tracking System).

The Micro-Enterprise Credential Tracking System enables districts / schools to track the Micro-Enterprise Credential modules their students have completed, and to request the appropriate Micro-Enterprise Credential for students who have completed the required modules.

Appendix I provides a Micro-Enterprise Credential Overview. Appendix II indicates the step-by-step process for issuing student credentials.

SECTION 2: DISTRICT / SCHOOL RESPONSIBILITIES

2.1) The District / School must execute this agreement prior to receiving access to the Tracking System.

2.2) The District / School is responsible for uploading and maintaining accurate information in the Tracking System, including student module completion and requested student credentials.

2.4) When BRAC indicates that a Credential Report is available, the District / School must review and confirm that the report is accurate, i.e., that the students listed have completed the requirements for the Micro-Enterprise Credential they are seeking.

2.5) The District / School must maintain the student records indicated in Appendix III.

2.6) The District / School herein agrees to pay BRAC according to the price list posted on https://brac.org/public-policy-research/shop/ for each per credential earned by each student for the services rendered herein within thirty (30) days of receipt of an invoice for the delivery of that service.

SECTION 3: BRAC RESPONSIBILITIES

3.1) Maintain a secure Micro-Enterprise Credential Tracking System.

3.2) Provide District / School with system tracking information.

3.3) Check uploaded information for certification requests.

3.4) Towards the end of each semester provide District / School with a report of student credentials earned.

3.5) Provide BRAC with a report of credentials earned by district/school.

3.6) Upon receiving confirmation that District/School has paid for the costs of all credentials, email to the designated District / School contact the student certificates.

3.7) Maintain Privacy of Student’s Personally Identifiable Information.

3.8) BRAC may subcontract any and all of these responsibilities.

SECTION 4: STUDENT CONFIDENTIALITY

Executing this agreement indicates that the District / School authorizes BRAC to receive personally-identifying student information in accordance with La.RS.17:3914(F)

In accordance with La.RS.17:3914(F), BRAC agrees to protect student information including personally identifiable information, in a manner that allows only those individuals who are authorized by BRAC to access the information. Personally identifiable information, as defined by statute, will be protected by reasonably appropriate security measures, including but not limited to, the use of user names, secure passwords, encryption, and security questions. BRAC will maintain a high level of electronic protection to ensure the integrity of sensitive information and to prevent unauthorized access to such information. BRAC agrees to perform regular reviews of its security measures and perform system auditing to maintain protection of its systems. BRAC agrees to maintain these systems with all available security updates and patches installed.

Reasonable efforts will be made to ensure that any software or web-based provider’s terms of use and data privacy policies, practices and procedures are compatible with BRAC’S obligations, including the obligation to maintain confidentiality of personally identifiable student information. To ensure that the only individuals and entities that can access student data are those that have been specifically authorized, BRAC shall implement industry-recognized forms of authentication to identify the specific individual who is accessing the information. BRAC will determine the appropriate level of security that will provide the necessary level of protection for the student data it maintains. BRAC shall not allow any individual or entity unauthenticated access to confidential personally identifiable student records or data at any time.

BRAC agrees that any and all personally identifiable student data will be stored, processed, and maintained in a secure location and solely on designated servers. All servers, storage, backups, and network paths utilized in the delivery of the service shall be contained within the United States unless specifically agreed to in writing by the District / School. BRAC agrees that any and all data obtained from the District / School shall be used expressly and solely for the purposes enumerated in this Agreement. Student information shall not be distributed, used, or shared, sold, transferred or processed for any other purpose, including commercial advertising, marketing, or any other commercial purpose. BRAC shall not sell, transfer, share or process any student data for any purposes other than those listed in the Agreement, including commercial advertising, marketing, or any other commercial purpose.

BRAC shall implement appropriate measures to ensure the confidentiality and security of personally identifiable information, protect against any unanticipated access or disclosure of information, and prevent any other action that could result in the release of protected information. BRAC is permitted to disclose confidential student information to its employees, authorized subcontractors, agents, consultants and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, and auditors have written confidentiality obligations to BRAC and the District / School. The confidentiality obligations shall survive termination of this Agreement for a period of fifteen (15) years or for so long as the information remains confidential, whichever is longer, and will inure to the benefit of the District / School.

BRAC shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach, including notification and remediation procedures. BRAC’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other information not suitable for public release. This definition applies regardless of whether BRAC stores and manages the data directly or through a contractor, such as a cloud service provider.

BRAC agrees to comply with the notification requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of BRAC’s obligations or other event requiring notification under applicable law, BRAC shall notify the District / School immediately and assume responsibility for informing all such individuals in accordance with applicable law and to indemnify, hold harmless and defend the District / School and its employees from and against any and all claims, damages, or causes of action related to the unauthorized release.

In accordance with applicable state and federal law, BRAC agrees that auditors from any state, federal, or other agency, as well as auditors so designated by the District / School, shall have the option to audit those activities of BRAC directly related to its service herein. Records pertaining to the service shall be made available to auditors and the District / School when requested in writing, provided that ten (10) days’ notice is given.

BRAC shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. BRAC shall restrict access to audit logs to prevent tampering or altering of audit data. Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff, with notice given to District / School.

Upon termination or expiration of this contract, BRAC agrees to remain bound by the privacy provisions set forth in this contract and pursuant to La. R.S 17:3914 F(3)f for a period of five (5) years, at which time all personally identifiable student information shall be erased, destroyed, and rendered unreadable, in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. BRAC shall certify in writing that these actions have been completed upon written request of the District / School.

This agreement will be effective from the date you transfer any student data information to BRAC or its subcontractors, and is renewable based on the written consent of the signatory parties. This agreement can be terminated within ninety (90) days written notice by either party. However, the District / School agrees to pay BRAC all fees due it through the effective date of termination. The date of termination will be the day after the end of the semester during which the 90-day period expires.