My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />corresponding national laws. At SAP intercompany agreements exist, to <br />ensure that these requirements are met in all SAP companies and branch <br />offices throughout the world. Similar data protection agreements were <br />executed with all subprocessors. Personal data must be classified as equally <br />confidential regardless of whether it relates to employees, customers or third <br />parties. <br />Hybris <br />The security infrastructure includes firewall security and hardened security <br />policies on all servers. Log management procedures are in -place for log <br />review for firewall, applications, network devices, including file -integrity <br />management. SAP Hybris utilizes technologies from leading security firms for <br />Log Management and File Integrity Management. SAP Hybris employs two - <br />factor authentication across its network. SAP Hybris undergoes vulnerability <br />and penetration testing. SAP Hybris validates against requirements for PCI <br />DSS 2.0. <br />The infrastructure also includes Web Application Firewalls and DDoS <br />Mitigation Services. <br />In addition, security policies and change management policies are in -place <br />ensuring that all access and changes to customer systems and information is <br />accessible only by SAP Hybris staff with access authorization. <br />Security of the software application which is controlled by the Customer (or its <br />implementation partner) remains the responsibility of the Customer. <br />SuccessFactors <br />We are aligned with ISO 27001 for Information Security, BS 10012 for Data <br />Protection, and ISO 20000 for Service Delivery to create an Integrated <br />Compliance Framework ("ICF"). Where these standards overlap in subject <br />matter, Information Security ISO 27001 takes precedence. Our Network also <br />complies with Authority to Operate as a Moderate Risk Federal Information <br />System by the Office of Personnel Management and Department of Homeland <br />Security; NIST SP800-53 Security Controls; EU Privacy Directive 95/46/EC for <br />EU and non-EU customer data; Payment Card Industry (PCI) Data Security <br />Standard (DSS) v 2.0; Safe Harbor. <br />VMware <br />VMware monitors for security events involving the underlying infrastructure servers, storage, <br />networks, and information systems used in the delivery of vCloud Air over which VMware have <br />sole administrative level control. The goal of this process is to identify security incidents and <br />respond to them proactively. <br />This responsibility stops at any point where customers have control, permission, or access to <br />modify any aspect of the service offering. The customer is responsible for the security of the <br />networks over which they have administrative level control. This includes, but is not limited to, <br />maintaining effective firewall rules, exposing communication ports that are only necessary to <br />conduct business, locking down promiscuous access, and other such capabilities. <br />Proactive Security Monitoring over Internet and Social Media (e.g. searching filesharing sites for <br />customer data, seeding data with honey tokens) VMware security teams perform OSINT <br />monitoring on the Internet for all VMware products and services. This includes harvesting data <br />from search engines, le sharing, and social networking sites. This data is analyzed for keywords <br />and other specific indicators. <br />With regards to potential data leaks, the customer is solely responsible for protecting the security <br />of his or her content, including any access provided to employees, customers or third parties. <br />vCloud Air provides certain software and functionality to help protect content from unauthorized <br />access such as firewalls, load balancers, and IPsec VPNs. Customers are encouraged to deploy <br />additional security mechanisms similar to what exists in their current data center to address other <br />security controls such as data encryption, intrusion detection, le integrity monitoring, and other <br />such concerns relevant to the sector and regulatory requirements that apply to the specific <br />business of a customer. <br />carahsoft 68 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.