My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />VMWare supports regular internal and external audits to ensure compliance with its certifications <br />as required. <br />The AirWatch Information Security Program is built on the security framework laid out in NIST 800- <br />53. <br />Although AirWatch is not required to register with any regulatory agencies, we provide a suite of <br />tools for our customer's to maintain industry -relevant compliance guidelines within their mobile <br />device fleets. AirWatch has recently been awarded the HP-IAPP Privacy Innovation Award for <br />Most Innovative Privacy Technology by the International Association of Privacy Professionals <br />(IAPP) for our commitment to delivering an EMM platform focused on end -user privacy. To help <br />ensure the confidentiality, integrity, and availability of our cloud offering, we comply with the <br />European Data Protection Directive (95/46/EC) and our top -tier data center partners have <br />undergone SSAE16 SOC2 Type II audits and have ISO 27001 certifications. <br />FireEye <br />FireEye has mature and well documented security and privacy programs. The programs include <br />third party certifications for SSAE 16 SOC 2, FedRAMP certifications, Model clauses, Privacy and <br />security standards among others. The data that FireEye receives is only in conjunction with the <br />malware analysis. <br />VirtueStream <br />The Virtustream Federal Cloud (IaaS) has met the requirements for a FedRAMP moderate P-ATO. <br />The IAAS is assessed annually by a FedRAMP certified 3rd Party Assessment Organization <br />(3PAO). The annual assessment will review a subset of the NIST 800-53 Revision 4 controls as <br />designated by FedRAMP. Virtustream's 3PAO shall demonstrate impartiality throughout the <br />assessment to accurately assess the status of all security controls in place. <br />8.6.2 Offeror must list all government or standards organization security certifications it currently holds that <br />apply specifically to the Offeror's proposal, as well as those in process at time of response. Specifically <br />include HIPAA, FERPA, CJIS Security Policy, PCI Data Security Standards (DSS), IRS Publication 1075, <br />FISMA, NIST 800-53, NIST SP 800-171, and FIPS 200 if they apply. <br />CA <br />APM <br />AWS EC2 datacenters annually undergo SOC 3 audits. <br />The application currently does not hold a Soc 2 attestation. <br />MAA <br />CA MAA is certified for SOC 2 Type 1 Security Audit. <br />CA Agile <br />Our data center provider has a SOC 2 audit report that can be provided upon request. <br />Our application does not currently have such certifications. <br />ASM <br />Rackspace datacenters annually undergo various certification including SOC 3 audits. <br />The application currently does not hold a Soc 2 attestation. <br />Google <br />Google has a FedRAMP ATO at the Moderate impact baseline. FedRAMP incorporates many NIST <br />SPs and FIPS including 800-53, FIPS 199, FIPS 200), and has a specific offering. Google Apps for <br />Education that is FERPA and COPPA compliant. Other compliance standards such as HIPAA and <br />CJIS don't offer certification per se, but are commonly accommodated (i.e. Google will sign a BAA to <br />meet HiTECH/HIPAA requirements, and has numerous customers who bear responsibility for meeting <br />CJI processing requirements). PCI DSS is generally not applicable to SaaS systems (though we can <br />do email hygiene processing to protect against incidental usage), but Google IaaS/PaaS does meet <br />PCI DSS v3 standards. Google also holds and is committed to maintaining SOC2 and IS027001 <br />certifications. <br />AODocs <br />AODocs doens't hold an HIPAA certifications per se, but are commonly accommodated to meet <br />HIPAA requirements signing a BAA. <br />Virtru <br />HIPAA, FERPA, CJIS, NIST 800-53, NIST SP-800 <br />Salesforce <br />Salesforce and the Salesforce Force platform is ISO 27001 certified and PCI-DSS compliant. SOC1, <br />SOC2 and SOC3 audits are performed by third party auditor annually at a minimum. Additional audits <br />and certifications include: <br />carahsoft 53 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.