Laserfiche WebLink
SOLICITATION # CHIrn' -) <br />Application Level Audit Logs. The ServiceNow application writes detailed audit log information that is <br />stored in tables within a customer's instance. Since this is considered customer data and is stored within a <br />customer's instance, ServiceNow does not attempt to monitor or view this data unless specifically <br />requested by a customer. As a result the customer is responsible for monitoring the contents of these logs <br />files and, at the customer's choosing, exporting the logs through the capabilities provided within the <br />platform. <br />Infrastructure Monitoring. All components of the infrastructure supporting the private cloud feed alerts and <br />logs into the SIEM. In addition, ServiceNow has deployed an Intrusion Detection System (IDS), positioned <br />to listen to all inbound network traffic, with all events going to the SIEM as well. The SIEM is configured to <br />automatically send alerts for common attacks. ServiceNow is responsible for managing the SIEM <br />environment and securing the logs. ServiceNow retains all infrastructure logs for at least 90 days. The <br />Security Operations Center (SOC) is also responsible for completing a daily checklist across a range of <br />security domains, including privilege account usage, IDS alerts, file integrity monitoring (FIM), and <br />database access. The daily checklists and captured events are managed through an instance of <br />ServiceNow. Any variances that are discovered are raised as incidents for tracking, notifications, and <br />investigation. <br />CA SaaS environment is compliant with SSAE16 for services where infrastructure and application are <br />managed and maintained by CA. CA Agile Management currently does not hold SSAE16 certification. For <br />SaaS offerings where infrastructure is managed by a third party, provider's SSAE16 reports are available <br />upon request. <br />6.5 — Billing and Pricing Practices <br />6.5.1 Describe your billing and pricing practices, including how your billing practices are transparent and <br />easy to understand for Purchasing Entity's. <br />Carahsoft's Order Management team works to ensure that billing and payment are completed in an efficient <br />and simple manner. Purchase Orders and Invoices are provided to the customer early to ensure that <br />payment can be completed whenever the customer is ready and within the confines of the agreed upon <br />deal. Our OM team is available to answer any questions a Purchasing Entity has in order to assist with the <br />process and confirm that they have everything needed for payment. <br />Carahsoft's pricing is dictated by the manufacturers- Carahsoft ensures that the Purchasing Entity's receive <br />the best possible price by working directly with the manufacturer and ensuring that pricing meets or <br />exceeds the contract being used. In addition, Carahsoft works with the manufacturer to ensure that all <br />pricing changes are accounted for within the contract, as applicable. <br />6.5.2 Identify any typical cost impacts that a Purchasing Entity might need to consider, if any, to implement <br />your cloud solutions. <br />When a purchasing entity determines they need implementation services to their cloud solutions, the <br />Carahsoft offering provides these additional services. For Example: <br />ServiceNow Response: Customers typically engage ServiceNow for the initial implementation and training <br />services and then for any major new future application implementations to get the best -of -breed expertise <br />carahsoft <br />carahsoft <br />