Each Business Process Owner or System Owner must undertake reasonable steps to verify that third-party service providers with access to PIRN have the capacity and the commitment to protect such information in accordance with Massachusetts law and regulations.

Service providers should be aware of MIT’s responsibilities to protect PIRN. Contracts must include appropriate clauses that require service providers to implement and maintain appropriate security measures to protect PIRN as well as language that ensures the design of secure systems and data handling processes. MIT’s Procurement Office can provide assistance with contract language