Laserfiche WebLink
SOLICITATION # CH16012 <br />authorized. Access is time -limited, after which time re -authentication is <br />required. <br />Internally, we have deployed an active monitoring system tied back to Human <br />Resources. Logical access management reports are rolled up monthly and are <br />part of the monthly Privacy & Security board review. All logical access <br />management is subject to review and audit under ISAE 3402 assurance every <br />six months and annually under PCI DSS certification. <br />Wireless technology is not allowed within the production operations <br />infrastructure where customer data is received, processed and stored. <br />All corporate laptops are whole disk encrypted. All approved portable devices <br />are encrypted and have a phone home capability which allows them to be <br />wiped remotely. <br />Fieldglass <br />Fieldglass has the following categories for classifying information: <br />Confidential - This is the information that Fieldglass and end users have a <br />legal, regulatory and/or contractual obligation to protect or information that <br />unauthorized disclosure, compromise, or destruction that results in severe <br />damage, provides significant advantage to a competitor, or incurs serious <br />financial impact to Fieldglass and/or our customers. Fieldglass will not <br />disclose to a third party without signing a nondisclosure agreement requiring <br />the third party to protect such information. <br />Internal Use - This is information that, due to a technical or business <br />sensitivity, requires special precautions to ensure the confidentiality and <br />integrity of data by protecting it from unauthorized access, modification or <br />deletion. This information is intended for use only within the company and <br />must be limited to end users who are employed by Fieldglass or individuals <br />that have a business requirement to access the data and have signed a non- <br />disclosure agreement. <br />Public - This information has been made available for public distribution <br />through authorized company channels. Public information does not require <br />special protection. It is information that can be disclosed to anyone without <br />violating an individual's right of privacy. Knowledge of this information does <br />not expose Fieldglass to financial loss, embarrassment, or jeopardize the <br />security assets. <br />Laptops <br />Every Fieldglass laptop issued to employees and contractors have a DLP <br />agent installed that cannot be modified. This agent detects whether customer <br />data or the Fieldglass source code is being copied externally. Monthly access <br />reviews are conducted by product and file share owners to ensure access is <br />limited to a need -to -know basis. Privileged user account access is also <br />monitored on a weekly basis. <br />Hanna <br />SAP treats all customer data stored in cloud solutions from SAP as <br />"Confidential" according to SAP's data classification standard. <br />Personal Data is subject to strict security and legal requirements in the <br />legislation of several countries, for example handling of Personal Data is <br />regulated in the European Union EU Data Protection Directive and <br />carahsoft 67 carahsoft <br />