Laserfiche WebLink
SOLICITATION # CH16012 <br />change, the date of the change and the ability to see the data as it existed at <br />that point in time. The data in the audit log can be viewed with appropriate <br />permissions. <br />We also provide an optional Audit Framework for additional audit logging <br />capabilities. All audit logs within the application are accessible only by <br />customers. Therefore, the review of application audit logs as well as retention <br />periods for the application audit logs are the customer's responsibility, and can <br />be determined as per requirements. <br />To detect unauthorized information processing activities, systems are <br />monitored and all information security events are recorded. Operator logs and <br />fault logging are used to information system problems are identified. We <br />comply with all relevant legal requirements applicable to its monitoring and <br />logging activities. All system logs are created with "write -once" technology so <br />that they cannot be altered or overwritten. All system logs are maintained for a <br />minimum of 90 days on-line and a minimum of 13 months near -line. <br />Inter host communications are secured by multiple layers of defense including <br />segmented separate VLANS, restricted protocol sharing, multiple levels of <br />stateful firewalls, HOST and NETWORK IDS/IPS and constant vigilant <br />monitoring and testing. <br />In addition, our Operations Team maintains detailed system logs. Our internal <br />system logs successful and unsuccessful requests for access, and our team <br />monitors all system logs for any errors or unusual activity. Activities are logged <br />and reviewed by various mechanisms such as: RSA, SysLog, NIDS, HIDS, <br />OSSIM and database logging. <br />The system logs are not made available to customers but are used to monitor <br />the health of the application and facilitate a high level of performance. Alerts <br />are responded to immediately and logs are analyzed daily for any issues or <br />anomalies. The system level logs are written to servers in the data center then <br />copied to our operations team on an as needed basis. <br />Various logging mechanisms are used to monitor database administration <br />activities. Logging mechanisms include: syslog, alert log and database <br />auditing for the privileged role SYSDBA. <br />All activities are logged under the SYSDBA role which including: start-up and <br />shutdown of the data base, configuration changes to init.ora and also any <br />queries/data extraction. We would be able to identify dba activities by manual <br />review of the logs and database auditing to detect if client data querying has <br />occurred. <br />All audit logs are created with "write -once" technology so that they cannot be <br />altered or overwritten. <br />Controls aim to protect against unauthorized changes and operational <br />problems with the logging facility including: <br />Alterations to the message types that are recorded. <br />Log files being edited or deleted. <br />Storage capacity of the log file media being exceeded, resulting in either the <br />failure to record events or over -writing of past recorded events. <br />VMware <br />The vCloud Air Terms of Service and Data Privacy Addendum's establish the line of demarcation <br />between the responsibility of VMware and the customer as it pertains to data protection. In <br />addition, security whitepapers are made available to customers to further illustrate these points or <br />to establish transparency regarding the separation of responsibility between VMware and the <br />customer for compliance programs such as HIPAA or PCI. <br />Subscribers are able to use a VPN connection at multiple layers to maintain data security. For <br />traffic in motion, VPNs can be created fora particular application and also for an entire virtual data <br />carahsoft 78 carahsoft <br />