My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />Penetration testing at least annually <br />Security teams monitoring the infrastructure 24x7x365 <br />Any security issues discovered are reported in real time to information security <br />staff and IT management, entered into our ticketing system for follow-up <br />investigation, and tracked to resolution. All actions taken to resolve the <br />problem are documented, allowing all problems to be tracked to completion. <br />We provide application level memory separation between each client instance <br />as well as data level segmentation and separation with each customer's data <br />residing in its own schema and table space at the database tier. The database <br />tier provides isolation and security of data, and the use of application <br />clustering provides availability, reliability and scalability. <br />Each customer's data is maintained in a separate database schema with its <br />own discrete set of tables, facilitating a high degree of data isolation thus <br />preventing potential for data segmentation breaches <br />Flexibility to backup individual customer table spaces without affecting <br />adjacent customers <br />Each schema has separate authentication credentials and assigned resource <br />profile to restrict access rights and resource consumption <br />VMware <br />The VMWare Approach to Compliance <br />Many organizations have initiatives to virtualize their Information Technology (IT) infrastructure, or <br />to move to a Cloud Computing model. However, these initiatives are often complicated by the <br />increasing number of regulatory compliance requirements, which require protection of data such <br />as PCI, HIPAA, FISMA, DIACAP, FedRAMP, GLBA, and other State and Federal requirements. <br />Organizations are increasingly concerned with the complexity, risk, and impact that a new <br />technology can bring to their existing environments. <br />VMware addresses these challenges by establishing a Compliance Reference Architecture <br />Framework (RAF) that provides a consistent method for VMware, its partners, and customers to <br />assess and evaluate the impact of regulations on virtual and cloud environments. The intent of the <br />RAF is to provide a single framework for VMware, its partners, and organizations to address a <br />variety of compliance requirements across an IT infrastructure. <br />We designed our security architecture using a defense -in-depth approach to implement multiple <br />layers of security throughout the SaaS environment and to mitigate any potential attacks through <br />multiple safeguards, including: <br />• Access control mechanisms, firewalls, anti-virus/malware software, auditing mechanisms, <br />network controls, maintaining defined configuration settings, etc. <br />We perform regular internal scans to assess the vulnerability of our internal network. <br />FireEye <br />All data is stored within locked and monitored cages in secure data centers. Customer data is <br />restricted to a need to know basis. Data is logically tagged and virtually segregated in our cloud <br />services. Access is managed and only given to those with need to know including internal <br />employees and customers. <br />VirtueStream <br />All data for this environment will remain in the United States. Customers can elect Intel's TxT <br />technology to demonstrate geo-fencing of data to specific data centers. <br />Virtustream data centers are physically accessible by designated employees and approved <br />employees only. Virtustream employees who are assigned to the data center are issued a <br />proximity card which is required to access the data center. Once inside, physical access to the <br />data processing areas is further restricted to specific employees. Physical access to the data <br />processing areas is protected by biometric locks on the doors. Data center personnel maintain a <br />list of all approved personnel who have access to the data center offices and who have access to <br />the data processing areas. <br />Virtustream offers security solutions which customers can select to protect their data while in <br />transit and at rest. Customers are responsible for the protection of their data within their customer <br />carahsoft <br />carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.