Laserfiche WebLink
SOLICITATION # CH16012 <br />of supporting several thousand customers in a secure and efficient manner. Services are grouped <br />within each Instance; with app, search, and database elements contained. There are appropriate <br />controls in place to ensure that any given customer's org (application) is not compromised. The <br />service has been designed to accomplish this and is robustly tested on an ongoing basis by both <br />Salesforce and its customers. <br />ServiceNow <br />ServiceNow includes built in Role Based Access Control (RBAC) that is based on users, groups <br />and roles. The entitlements granted to users are built from fine grained Access Control Lists <br />(ACLs). <br />ACLs can be built from individual entitlements that include read, write, create, execute and delete <br />as well as a number of other individual attributes. The attributes that are available also vary, <br />depending on the type of object being secured. <br />Customers have full control of the entitlements granted to each of their users and integration with <br />customer side directory service is possible through the use of users, groups and group <br />memberships. <br />SAP <br />Ariba <br />Within our solution, specific logging takes place that is viewable by the <br />customer administrator or their designee. Audit logs produced through use of <br />the solution are considered customer data and are maintained within the <br />customer's instance of the database. These logs are retained so long as the <br />customer has an active contract with us. <br />As a user control consideration, customers are responsible for monitoring the <br />proper entry of data to the solution and reviewing reports generated by the <br />system. <br />Fieldglass <br />The Fieldglass Audit Trail tracks a date/time stamp for each user as they log <br />in and out of the application. Likewise, Fieldglass tracks a date/time stamp <br />and owner of every transaction that is created, submitted and approved <br />through the application. Similarly, actions that occur within the reporting tool <br />are also tracked, including when reports are created and run and by whom. <br />The audit trail log is visible by the State of Utah program office. Audit trail <br />reports can be created with Fieldglass' ad hoc reporting. <br />Hanna <br />SAP has Security Information and Event Management systems (SIEM) for <br />analysis, reporting and alerting. All critical systems and infrastructure <br />components within the SAP Cloud need to log relevant data, which is stored <br />for a minimum of six (6) months. This is ensured via the security configuration <br />compliance checks and event monitoring. General security monitoring is <br />performed 247 for all activities. Resulting warnings and alerts are processed <br />via ticketing system and critical events are handled according to the Incident <br />Management Process. <br />Hybris <br />Log management procedures are in -place for log review for firewall, <br />applications, network devices, including file -integrity management. hybris <br />utilizes technologies from leading security firms for Log Management and File <br />Integrity Management. <br />SuccessFactors <br />The application logs the following for every transaction: Event/transaction <br />Time, Transaction ID, Event/transaction Type, Event/transaction Status <br />(Result of the event; if failure, includes reason), Object Attributes (Describes <br />the object affected by the event), Originator User ID (ID of the user who <br />initiated the event or action), Subject ID, Process User ID, Account Number, <br />Transaction Specific Elements. <br />The application audits changes to the major components. Examples of this are <br />goal auditing and document auditing. The audit trail includes who made the <br />carahsoft <br />77 <br />carahsoft <br />