Data Sharing Agreement

ADA-Accessible Web Version: Cev multimedia, LLC Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  January 23, 2026
Vendor: CEV Multimedia, LLC.
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2027

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  CEV Multimedia, LLC (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2027.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

ADA-Accessible Web Version: Clever, Inc. Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  July 7th, 2024
Vendor: Clever, Inc.
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2030

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  Clever Inc. (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2027.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

ADA-Accessible Web Version: ellevation Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  September 1st, 2023
Vendor: Curriculum Associates
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until July 31st, 2027

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  Curriculum Associates (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until July
31, 2027.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board

aDA-Accessible Web Version: SPECIAL NEEDS ware, Inc. Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  October 30th, 2023
Vendor: SpecialNeeds Ware, Inc.
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2027

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  SpecialNeeds Ware, Inc. (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June 30, 2027.

 During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governing the collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).

At Home Articulation

CommonLit Incs Student PII Agreement(Signed Version On File)

ADA-Accessible Web Version: CommonLit, Inc. Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  January 23, 2026
Vendor: CommonLit, Inc.
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2030

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  CommonLit Inc. (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2030.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

ADA-Accessible Web Version: Cashguard, Inc. Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  March 19, 2026
Vendor: CashGuard
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2028

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and CashGuard (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2028.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

LA_Ascension_Signed_StudentPIIAgreeementCaseGuardSoftware2028.pdf

ADA-Accessible Web Version: Sunbucks, Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  March 13, 2026
Vendor: SUNBucks
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2028

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and SUNBucks(hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2028.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

ADA-Accessible Web Version: imagine learning Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  March 11, 2026
Vendor: Imagine Learning LLC
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until August 1, 2030

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and Imagine Learning LCC (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until August
1, 2030.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.

aDA-Accessible Web Version: magic school Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  October 30th, 2023
Vendor: Magic School
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2027

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and  Magic School (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June 30, 2027.

 During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governing the collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).

ADA-Accessible Web Version: EDIA, Inc. Student PII Agreement

Document Information

Title:  Addendum to Contract: Personally Identifiable Information (PII), NDAA, Cybersecurity Training, and ADA Requirements

Effective Date:  March 10, 2026
Vendor: EDIA Learning, Inc.
School District: Ascension Parish School Board
Agreement Duration: Up to 4 renewal terms or until June 30, 2030

ADDENDUM/ADDITION TO CONTRACT
Addressing Personally Identifiable Information (PII), NDAA, LA Act 155 (Cyber Security Training) and the Americans with Disabilities Act Requirements (ADA)

This Addendum to Contract (“Addendum”) is entered into by and between the Ascension Parish School Board (hereinafter “School Board”) and Edia Learning, Inc. (hereinafter “Vendor”).  The Addendum is effective as of the Date and remains in effect for renewal terms until a new agreement is signed. This agreement may stand for up to a maximum of 4 renewals or until June
30, 2030.

1.  The School Board, as a public entity, is subject to Title II of the Americans with Disabilities Act(ADA). The Vendor agrees to assure the School Board that it will operate in a manner that will enable the School Board to meet its Title II obligations to its staff and students. If the School Board is made aware of a shortcoming by the vendor in meeting this standard, the vendor agrees to makeall reasonable efforts to meet the needs of the individual requiring the accommodation. (This assumes that the individual has the appropriate software and/or hardware that is required to takeadvantage of the accommodations offered.)
2.  During the 2014 Louisiana Legislative Session, the State of Louisiana enacted new laws governingthe collection, disclosure and use of students’ personally identifiable information. The new laws require that any contracts between a Louisiana school system and a third-party, who is entrusted with personally identifiable information of any student of such school system, contain the statutorily prescribed minimum requirements as to the use of student personally identifiable information. In order to comply with the requirements of the new laws, this Addendum and the terms contained herein are hereby incorporated into any agreement previously entered into or currently being entered into between Vendor and the School Board, Contract Number and Date (the “Contract”).
3. Act 155, enacting La. Rev. Stat. Ann. §42:1267, requires cybersecurity training for officials (vendor employees) who have access to the agency’s information technology assets. Online training was developed by the Department of State Civil Service. Online vendors must offer
   training to their employees for CyberSecurity prevention and awareness or have the individuals complete the state’s training in cooperation with the School Board.
4. In accordance with La. R.S. 17:3913(F), Vendor agrees to protect any personally identifiable
   information of students of School Board provided to Vendor under the Contract (“Student PII”) in
   a manner that allows only those individuals and entities, who are authorized by Vendor to access
   the information, the ability to do so. Student PII should be protected by appropriate security
   measures, including, but not limited to, the use of user names, secure passwords, encryption,
   security questions, etc. Vendor’s network must maintain a high level of electronic protection to
   maintain the integrity of, and to prevent unauthorized access to, Student PII. The Vendor agrees
   to perform regular reviews of its protection methods and perform system auditing to maintain
   protection of its systems. For systems intended to process or store Student PII, Vendor will
   maintain secure systems that are patched, up to date, and have all appropriate security updates
   installed.
5. To ensure that the only individuals and entities who can access Student PII are those that have been specifically authorized by Vendor to access Student PII, Vendor shall implement appropriate forms of authentication to identify the specific individual or entity who is accessing the information and maintain encryption in all storage, backup and transmission. Vendor must individually determine the appropriate level of security that will provide the necessary level of protection for the Student PII it maintains. Vendor shall not allow any individual or entity unauthenticated access to confidential Student PII at any time
6. Vendor shall implement appropriate measures to ensure the confidentiality and security of Student PII, protect against any unauthorized access or disclosure of information, and prevent any other unauthorized action within Vendor’s control regarding the access, disclosure or use of Student PII that could result in substantial harm to the School Board or any individual identified by the data.
7. Vendor agrees that any and all Student PII will be stored, processed, and maintained in a secure location and solely on servers and systems owned by Vendor or operated by Vendor through use of third-party services (collectively, “Vendor Systems”). No Student PII, at any time, will be
   processed on or transferred to any portable computing device or any portable storage medium, unless that storage medium is in use as part of Vendor’s designated backup and recovery processes. All servers, storage, backups, and network paths utilized in the delivery of the product(s) and/or service(s) called for under the Contract shall be contained within the United States unless specifically agreed to in writing by the School Board.
8. Vendor agrees that any and all Student PII shall be used expressly and solely for the purposes enumerated in the original Contract, as supplemented hereby. Student PII shall not be distributed, used, or shared for any other purpose. As required by Federal and State law, Vendor further agrees that no Student PII of any kind shall be revealed, transmitted, exchanged or otherwise passed outside the Vendor Systems to other vendors or interested parties unless specifically requested or authorized in writing by the School Board. Vendor shall not sell, transfer, share or process any student data for any purposes other than those listed in the Contract, including commercial advertising, marketing, or any other commercial purpose. The foregoing does not, however, preclude Vendor from using de-identified data derived from the operations of Vendor Systems to improve Vendor’s own products and services.
9. Vendor shall establish and implement a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach. Vendor’s response plan shall require prompt response for minimizing the risk of any further data loss and any negative consequences
   of the breach, including potential harm to affected individuals. A data breach is any instance in which there is an unauthorized release or access of personally identifiable information or other legally or contractually protected information not suitable for public release. This definition
   applies regardless of whether Vendor stores and manages the data directly or through a contractor, such as a cloud service provider.
10. Vendor shall develop a policy for the protection and storage of audit logs. The policy shall require the storing of audit logs and records on a server separate from the system that generates the audit trail. Vendor must restrict access to audit logs to prevent tampering or altering of audit data.
    Retention of audit trails shall be based on a schedule determined after consultation with operational, technical, risk management, and legal staff.
11. Vendor is permitted to disclose Student PII to its employees, authorized subcontractors, agents, consultants, service providers and auditors on a need to know basis only, provided that all such subcontractors, agents, consultants, service providers and auditors have written confidentiality obligations to Vendor consistent with, and at least as protective as, the terms of the Contract, as supplemented hereby. The confidentiality obligations shall survive termination of any agreement with Vendor for so long as the information remains confidential. Vendor shall be responsible to the School Board for any prohibited or unauthorized disclosure or use of Student PII by any of its employees, subcontractors, agents, consultants, service providers, and auditors.
12. Vendor acknowledges and agrees that unauthorized disclosure or use of Student PII may damage
    The School Board in such a way that adequate compensation could not be obtained solely in monetary damages. Accordingly, the School Board shall have the right to seek injunctive relief restraining the actual or threatened unauthorized disclosure or use of any Student PII, in addition to any other remedy otherwise available (including reasonable attorney fees). Vendor agrees to comply with the requirements of La. R.S. 51:3071 et seq. (Louisiana Database Breach Notification Law) as well as any other applicable laws that require the notification of individuals in the event of unauthorized release of personally identifiable information or other event requiring notification. In the event of a breach of any of the Vendor’s security obligations or other event requiring notification by Vendor under applicable law, Vendor agrees to notify the School Board promptly
    and assume responsibility for informing all such individuals in accordance with applicable law.
13. In accordance with applicable state and federal law, Vendor agrees that security auditors from any state, federal, or other agency, as well as security auditors so designated by the School Board, shall have the option to audit those portions of Vendor Systems that enable the product(s) and/or service(s) called for under the Contract. Associated records shall be made available to such auditors when requested.
14. Upon expiration or termination of the Contract, Vendor will furnish the School Board an export file with School Board’s data in the applicable product(s) or service(s) as of the expiration or termination of the Contract. Vendor will retain School Board’s data for the duration of the Contract and any renewals and, unless otherwise directed by School Board in writing, for up to an additional 12 months thereafter in order to allow School Board to restart its use of the ordered product(s) or service(s) following an earlier subscription lapse or termination. Upon expiration of the 12-month period, or earlier if requested in writing by the School Board, Vendor will erase, destroy, and render unreadable, all Student PII in its entirety in a manner that prevents its physical reconstruction through the use of commonly available file restoration utilities. Vendor shall certify in writing that these actions have been completed within 30 days of the expiration of the 12-month post-termination period or within seven (7) days from receipt of any request by the School Board, whichever comes first. Notwithstanding the foregoing, but subject to all confidentiality, security, and other applicable requirements of this Addendum, Vendor may retain School Board data in its backups and disaster recovery systems until such data are deleted in the ordinary course.
15. If Vendor has published an Acceptable Use Policy (AUP) and a Platform and Service Privacy Policy, (“Platform Privacy Policy”), on its website, these policies apply with respect to the applicable product(s) or service(s) provided to School Board under the Contract, but Vendor acknowledges that if any provision of either of those policies is deemed to conflict with a provision of this Addendum, the applicable provision of this Addendum will control relative to School Board.
16. The obligations of Vendor under this Addendum apply to the Vendor Systems and the actions of Vendor (and, if applicable, its subcontractors, agents, consultants, service providers, and auditors). School Board is and shall remain responsible for: (a) only authorizing those school officials andparents (each as defined in the Platform Privacy Policy) who have a legitimate need to access Student PII, (ii) limiting a school official’s access to only that information necessary for her to perform her duties (e.g., restricting a teacher’s access to information about only her current students) and (iii) limiting a parent’s access to only information about that parent’s minor student. In addition, the School Board retains responsibility and control over the operation, maintenance, and management of, and all access to and use of, the School Board’s information technology infrastructure, whether owned by the School Board or operated by the School Board through use of third-party systems and services.
17. The terms of this Addendum shall supplement and supersede any conflicting terms or conditions of the original Contract between the Parties. Subject to the foregoing, the terms of the original Contract shall remain in full force and effect.
18. Vendor must incorporate the provisions of this agreement in their contract, or sign the Affidavit below and submit to the Ascension Parish School Board.