To: Service Provider name
Service Provider Address
VENDOR LETTER OF UNDERSTANDING
This letter states the understanding Carnegie Mellon University ("CMU") and [Service Provider Name] have reached concerning information about individuals, whether actual customers of CMU or not, provided by CMU to [Service Provider Name] or to which [Service Provider Name] has access in the course of providing services to CMU, including but not limited to names, addresses, social security numbers, personal data, demographic data, financial and transaction information ("customer information").
[Service Provider Name] agrees to implement appropriate measures including the establishment and maintenance of policies, procedures, and technical, physical, and administrative safeguards, designed to ensure the security and confidentiality of the customer information, protect against reasonably foreseeable threats or hazards to the security or integrity of such information and protect against unauthorized access to or use of such information. [Service Provider Name] will notify CMU promptly upon discovery of any possible loss, unauthorized disclosure or unauthorized use of any customer information.
Please indicate your agreement to these terms by signing and dating below and returning this Letter to ____________________________________________________________.
[Service Provider Name]
[Service Provider Address]