Laserfiche WebLink
SOLICITATION # CH16012 <br />Salesforce protects customer data by ensuring that only authorized users can access it. Administrators <br />assign data security rules that determine which data users can access. Sharing models define company- <br />wide defaults and data access based on a role hierarchy. All data is encrypted in transfer. All access is <br />governed by strict password security policies. All passwords are stored in SHA 256 one-way hash format. <br />Applications are continually monitored for security violation attempts. <br />Protection at the facilities level <br />Salesforce security standards are stringent and designed with demanding customers in mind, including the <br />world's most security -conscious financial institutions. Authorized personnel must pass through five levels of <br />biometric scanning to reach the Salesforce system cages. All buildings are completely anonymous, with <br />bullet -resistant exterior walls and embassy -grade concrete posts and planters around the perimeter. All <br />exterior entrances feature silent alarm systems that notify law enforcement in the event of suspicion or <br />intrusion. Data is backed up to disk or tape. These backups provide a second level of physical protection. <br />Neither disks nor tapes ever leave the data center. <br />Protection at the network level <br />Multilevel security products from leading security vendors and proven security practices ensure network <br />security. To prevent malicious attacks through unmonitored ports, external firewalls allow only http and <br />https traffic on ports 80 and 443, along with ICMP traffic. Switches ensure that the network complies with <br />the RFC 1918 standard, and address translation technologies further enhance network security. IDS <br />sensors protect all network segments. Internal software systems are protected by two -factor authentication, <br />along with the extensive use of technology that controls points of entry. All networks are certified through <br />third -party vulnerability assessment programs. <br />Trust.salesforce.com is the Salesforce community's home for real-time information on system performance <br />and security. On this site you'll find: <br />• Live and historical data on system performance <br />• Up -to -the minute information on planned maintenance <br />• Phishing, malicious software, and social engineering threats <br />• Best security practices for your organization <br />• Information on how we safeguard your data <br />8.5.2 Offeror must describe how it intends to comply with all applicable laws and related to data privacy and <br />security. <br />Carahsoft is happy to support and comply with any regulations or sensitive data compliance needs that the <br />customer identifies. Carahsoft has the ability to limit customer information to a secure and isolated <br />database if needed. Under no circumstances will Carahsoft ever publish or release secure customer data. <br />Carahsoft's cloud vendors are all FIPS certified or have equivalent security standards in place to ensure no <br />customer data is released outside of the secure cloud. <br />8.5.3 Offeror must describe how it will not access a Purchasing Entity's user accounts or data, except in the <br />course of data center operations, response to service or technical issues, as required by the express terms I <br />of the Master Agreement, the applicable Participating Addendum, and/or the applicable Service Level <br />Agreement. <br />carahsoft <br />carahsoft <br />