Laserfiche WebLink
SOLICITATION # CH16012 <br />zone. Virtustream does not process, store, or disseminate customer data within the Virtustream- <br />controlled management zone. <br />Virtustream invokes a defense -in-depth model for monitoring the management zone with tools <br />such as Splunk, Trend Micro, Fortinet, and Tenable. These tools are available for customers to <br />select as a managed service. <br />8.6.4 Offeror must describe its data confidentiality standards and practices that are in place to ensure data <br />confidentiality. This must include not only prevention of exposure to unauthorized personnel, but also <br />managing and reviewing access that administrators have to stored data. Include information on your <br />hardware policies (laptops, mobile etc). <br />CA <br />APM <br />All personnel with access to client data undergo annual, mandatory security training <br />and are covered under the CA Technologies NDA. Violations of security policies are <br />grounds for termination. All access to data and other resources used to deliver the <br />service are granted under the least principle. <br />MAA <br />Customer accounts are password protected, and users can only access their data in <br />their accounts. System administrators have access to MAA servers, and database <br />administrators have access to database servers. Account access is reviewed <br />periodically. <br />CA Agile <br />All customer data is treated as confidental and as a policy we do not access customer <br />data without explicit written consent. Access to systems containing customer data is <br />restricted to our Operations Team according to our Elevated Permissions Policy. <br />ASM <br />Customer accounts are password protected, and users can only access their data in <br />their accounts. System administrators have access to ASM servers, and database <br />administrators have access to database servers. Account access is reviewed <br />periodically. All data on CA laptops are encrypted and a PIN is required to boot. <br />AODocs <br />The data stored in Google AppEngine are backed up every day. <br />The application is hosted on Google Cloud Platform infrastructure and benefits from the network <br />security. <br />Virtru <br />See'Virtru Security Policies and Procedures' and'Virtru Privacy Policies and Procedures' <br />Salesforce <br />Logical Access Control <br />Salesforce provides contractual assurance to its customers that the data hosted in the Salesforce <br />Services will be kept confidential and not accessed except under narrow circumstances (such as a <br />support issue) and only for a set amount of time chosen by customer. In such circumstances, we <br />will access your org only with prior approval and subject to a Non -Disclosure Agreement (NDA). <br />To protect against access through the application, Salesforce employees don't have access at the <br />application level for any customers, unless the customer grants access through the "login as" <br />feature. <br />Access to the production environment infrastructure is restricted to a very limited number of full- <br />time Salesforce employees required to manage the service. Salesforce's Technical Operations <br />team and Release Managers have logical access to servers. These employees must authenticate <br />to the production environment via a secure server (Secure Global Desktop) using 2 points of RSA <br />two -factor authentication. This tool provides pixel data only to these administrators. Systems <br />access is role -based and controlled and logged. DBAs do not have login access to customer's <br />instances (org) and do not see customer data in an assembled manner. They manage the system <br />in aggregate -performance tuning, allocating space, building indices, etc. The Oracle tables and <br />rows in our infrastructure do not reflect the view of a single customer instance (org) since we are <br />multi -tenant and the data is spread across multiple disk arrays. <br />carahsoft 65 carahsoft <br />