My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />FedRAMP Authority to Operate from Department of Health and Human Services <br />CSA `Consensus Assessments Initiative' <br />JIPDC (Japan Privacy Seal) <br />Tuv (Germany Privacy Mark) <br />TRUSTe <br />H I PAA <br />In provisioning and operating the services, Salesforce complies with the provisions of HIPAA's Privacy <br />Rule and Security and the HITECH Act that are applicable to business associates. Salesforce's <br />customers are still responsible for complying with the same in their capacity as a covered entity or <br />business associate using the Salesforce services. The services' features permit customers to <br />customize use as per a compliance program for HIPAA (including the HITECH Act) and many <br />customers store protected health information (PHI) on our service. From a legal standpoint, some of <br />our customers have asked Salesforce to assist them in meeting their compliance obligations; for <br />example, by entering into business associate agreements (BAA) to address formal legal requirements <br />pertaining to use and disclosure of protected health information (PHI). <br />FERPA <br />Salesforce maintains appropriate administrative, physical, and technical safeguards to help protect the <br />security, confidentiality, and integrity of data our customers submit to the Salesforce Services as <br />Customer Data. Salesforce's customers are responsible for ensuring the security of their Customer <br />Data in their use of the service and implementing any necessary customer -controlled settings. To aid, <br />Salesforce offers robust security functionality that provides our customers the flexibility to use the <br />application in a configuration that furthers compliance with local data protection laws and regulations. <br />While Salesforce complies with applicable law in provisioning and operating the Salesforce services, it <br />is the sole responsibility of Salesforce's customers to ensure compliance with applicable laws in their <br />respective uses of the Salesforce services. PCI-DSSSalesforce is PCI Level 1 compliant and has <br />received a signed Attestation of Compliance (AoC) for the Payment Card Industry Data Security <br />Standard (PCI-DSS). Salesforce customers who must adhere to PCI compliance may store personal <br />account numbers ("PAN" or "credit card numbers") in Salesforce, with the following caveats: <br />- PANs may only be stored in a custom field encrypted via Classic Encryption or supported field types <br />via the Platform Encryption functionality. PANs must not be stored in clear text fields, attached files, or <br />any other location. <br />- Customer administrators must configure Salesforce features to support their organization's PCI <br />controls.NIST SP 800-171NIST Special Publication 800-171 is intended for use by federal agencies <br />when agencies are providing CUI to nonfederal organizations (or when CUI is developed by those <br />organizations for federal agencies) for purposes unrelated to information processing. In other words, <br />the nonfederal organizations are not operating their information systems to process agency data, <br />including CUI, on behalf of the agency but rather for other purposes (e.g., when designing or <br />producing an aircraft, performing a study, or conducting background investigations for security <br />clearances). <br />Salesforce recommends that its customers use the classifications as detailed in FIPS 199. <br />FIPS 140-2, FIPS 197, FIPS 199, and FIPS 200 <br />On May 23, 2014 Salesforce achieved a FedRAMP Agency Authority to Operate at the moderate <br />impact level (as described in FIPS 199 and 200) issued by Health and Human Services (HHS) for the <br />Salesforce Government Cloud. Additionally, on May 15, 2015, HHS, as the FedRAMP authorizing <br />agency, approved the Salesforce Government Cloud authorization package that was updated based <br />on annual attestation requirements and updates to the FedRAMP baseline which is FISMA compliant <br />and based on the current release of NIST SP 800-53 Rev. 4. <br />carahsoft 54 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.