Laserfiche WebLink
SOLICITATION # CH16012 <br />Information Security Management System (IISMS) Framework. The IISMS <br />Framework is based on SAP's corporate quality and security policy as well as <br />the corporate security standards and guidelines relating to information security <br />and business continuity. This IISMS Framework was adapted to SAP Cloud <br />Security Services as SAP Cloud Security Framework (Cloud SFW). <br />SAP's security, process and compliance team conducts technical security <br />audits to validate that security concepts have been implemented successfully <br />and to safeguard the usage of newly developed tools. <br />Compliance Audits <br />Cloud solutions from SAP have passed ISAE3402/SSAE16-SOC 1 Type II <br />and/or SOC 2 Type II audits (in the following referred to as SOC audits) and <br />can provide the related audit reports on request. <br />Certification Audits <br />The SAP HANA Enterprise Cloud has attained certifications according to the <br />following ISO standards are available (related audits are in the following <br />referred to as ISO audits): <br />• ISO 27001:2013 <br />• ISO 22301:2012 <br />• ISO 9001:2008 <br />SuccessFactors <br />Our IT architecture is aligned with ISO 27002. We are Safe Harbor certified <br />and in alignment with BS10012 and ISO 20000 for Service Delivery. We <br />demonstrate an on -going commitment to protecting the confidentiality, integrity <br />and availability ("CIA") of data from internal and external threats, making us a <br />reliable and secure system provider. <br />Our secure multi -tenant Software as a Service (SaaS) platform is designed for <br />availability, security, scalability, and performance. Industry best practices and <br />standards are adopted and incorporated. <br />Our Network also complies with the Authority to Operate as a Moderate Risk <br />Federal Information System by the Office of Personnel Management and <br />Department of Homeland Security; NIST SP800-53 Security Controls; EU <br />Privacy Directive 95/46/EC for EU and non-EU customer data; Payment Card <br />Industry (PCI) Data Security Standard (DSS) v 2.0; Safe Harbor. <br />We provide privacy compliant data center facilities not only in the United <br />States but also as a Member State of the European Union (EU) or a state of <br />the European Economic Area (EEA). Currently, such data centers are certified <br />for ISO27001, IS09001 and PCI-DSS compliance. <br />Our security services provide complete and thorough monitoring of all traffic <br />on the network on a 24x7x365 basis, and include security technology, alert <br />services and incident management support. We are audited twice annually to <br />SSAE16 US or ISAE 3402 international accounting standards. <br />VMware <br />VMware is fully committed to complying with NIST and all other relevant industry standards <br />including FedRAMP, FISMA, PCI, CSA CAIQ, etc. This is demonstrated by VMware's track record <br />of pursuing and obtaining certifications such as those listed above. <br />vCloud Government Service has been certified to store and secure Low Risk Level and Moderate <br />Risk Level data as defined by FIPS PUB 199. In addition, VMware is capable of enhancing the <br />vCloud Government Service to meet participating State's requirements to be able to store data <br />that is defined by FIPS Pub 199 as High Risk Data. <br />VMware is committed to maintaining compliance with all of our existing and future compliance <br />certifications. Our ability to remain competitive as a software and services provider in the public <br />sector depends upon it. Thus we have established a comprehensive security and compliance <br />team to ensure that we maintain compliance as well as a strong security posture. <br />carahsoft <br />carahsoft <br />