My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />Google <br />In this DPA the obligations of Google to hold all customer data as confidential and wholly owned <br />by the customer is detailed. <br />Google's internal data access processes and policies are designed to prevent unauthorized <br />persons and/or systems from gaining access to systems used to process personal data. Google <br />aims to design its systems to: (i) only allow authorized persons to access data they are authorized <br />to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without <br />authorization during processing, use and after recording. The systems are designed to detect any <br />inappropriate access. Google employs a centralized access management system to control <br />personnel access to production servers, and only provides access to a limited number of <br />authorized personnel. LDAP, Kerberos and a proprietary system utilizing RSA keys are designed <br />to provide Google with secure and flexible access mechanisms. These mechanisms are designed <br />to grant only approved access rights to site hosts, logs, data and configuration information. Google <br />requires the use of unique user IDs, strong passwords; two factor authentication and carefully <br />monitored access lists to minimize the potential for unauthorized account use. The granting or <br />modification of access rights is based on: the authorized personnel's job responsibilities; job duty <br />requirements necessary to perform authorized tasks; a need to know basis; and must be in <br />accordance with Google's internal data access policies and training. Approvals are managed by <br />workflow tools that maintain audit records of all changes. Access to systems is logged to create an <br />audit trail for accountability. Where passwords are employed for authentication (e.g., login to <br />workstations), password policies that follow at least industry standard practices are implemented. <br />These standards include password expiry, restrictions on password reuse and sufficient password <br />strength. For access to extremely sensitive information (e.g., credit card data), Google uses <br />hardware tokens. <br />AODocs <br />AODocs being built in Google AppEn ine and Google Drive. <br />Virtru <br />Please see the Virtru Security Policies and Procedures and the Virtru Privacy Policies and <br />Procedures provided in the Supplemental Information section of this response. <br />Salesforce <br />Government Trusted Security and Infrastructure <br />Salesforce understands that the confidentiality, integrity, and availability of our customers' <br />information are vital to their business operations and our own success. We use a multi -layered <br />approach to protect that key information, constantly monitoring and improving our application, <br />systems, and processes to meet the growing demands and challenges of security. <br />Independent audits confirm that our security goes far beyond what most companies have been <br />able to achieve on their own. Using the latest firewall protection, intrusion detection systems, and <br />TLS encryption, Salesforce Force.com gives you the peace of mind only a world -class security <br />infrastructure can provide. <br />Third -party validation <br />Security is a multidimensional business imperative that demands consideration at multiple levels, <br />from security for applications to physical facilities and network security. In addition to the latest <br />technologies, world -class security requires ongoing adherence to best -practice policies. To ensure <br />this adherence, we continually seek relevant third -party certification, including ISO 27001, the <br />SysTrust audit (the recognized standard for system security), and SSAE 16 SOC 1 audit (an <br />examination and assessment of internal corporate controls, previously known as SAS 70 Type II). <br />SOC1, SOC2 and SOC3 audits are performed by third party auditor annually at a minimum. <br />Additional audits and certifications include: CSA `Consensus Assessments Initiative', JIPDC <br />(Japan Privacy Seal), Tuv (Germany Privacy Mark), and TRUSTe. <br />Protection at the application level <br />carahsoft <br />carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.