My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />ServiceNow's customer support portal. ServiceNow shall take reasonable measures to promptly <br />mitigate the cause of the Breach and shall take reasonable corrective measures to prevent future <br />Breaches. As information is collected or otherwise becomes available to ServiceNow and unless <br />prohibited by law, ServiceNow shall provide information regarding the nature and consequences of <br />the Breach that are reasonably requested to allow Customer to notify affected individuals, <br />government agencies and/or credit bureaus. Customer is solely responsible for determining <br />whether to notify impacted Data Subjects and for providing such notice, and for determining if <br />regulatory bodies or enforcement commissions applicable to Customer or Customer Data need to <br />be notified of a Breach. <br />See the "Data Security Guide" contained within the "Subscription Service Guide" included with this <br />response for additional information. <br />QTS <br />Security Incident handling capability and process is outlined in the following Incident Response <br />related procedures and plans: <br />-FED _PLN_01_Incident _Response —Plan (v1.2 — 4/09/14) <br />-IT — PRO —29—QTS-FC—Incident—Response—Procedure (v1.0—1/17/14) <br />-IT _ PRO _18_ISSO_IRT_Incident_Response_Guidelines_Procedure (v1.2—12/11/13) <br />•OPS—PRO-77—OSC—New— Incident — Creation _ Procedure (v1.0-1/23/14) <br />•OPS— PRO —62— Best —Practices—for—Incident—Handling—Procedure (0.0—12/10/13) <br />•OPS_PRO _72_BPG_OSC_Working_and_Resolving_Incidents_Procedure (v1.0—1/22/14) <br />•OPS— PRO —84—BPG—OSC—Major— Incident —Management—Procedure (v1.0—1/27/14) <br />As outlined in QTS's IT-FC_Incident_Response_Procedure (0.0-1/17/14) and <br />FED —PLN-01—Incident—Response—Plan (v1.2 — 4/09/14): <br />-Preparation activities, to include: <br />-Ensuring the security of systems, networks, and applications through periodic risk assessments of <br />systems and applications to prevent incidents. <br />-Increasing user awareness of policies and procedures regarding appropriate use of networks, <br />systems, and applications. <br />-Sharing applicable lessons learned from previous incidents (particularly those involving malicious <br />code and violations of acceptable use policies) with users so they can see how their actions could <br />affect the organization. <br />-Training Federal Cloud System Administrators to maintain their networks, systems, and <br />applications in accordance with the organization's security standards. <br />-Detecting activities, to include: <br />-As referenced in QTS's IT—PRO-29—QTS-FC—Incident—Response—Procedure (0.0-1/17/14), <br />review and analysis of continuous monitoring tools and related log file(s). <br />-3rd Party monitoring services (Alert Logic): help detect and alert on changes in certain resources <br />(e.g., Web pages) or publicly accessible services, such as Web, Domain Name System (DNS) and <br />FTP servers. <br />-File Integrity Checking Software: help detect any changes to important files caused by incident <br />-IDS are set up for scanning and detection. Detection is achieved either by log analysis, packet <br />capture review or image acquisition and analysis. <br />-Analysis Activities, to include: <br />-QTS IR Team is activated and incident identification is performed <br />-Continued and targeted review and analysis of continuous monitoring tools, related log file, and <br />corresponding applications would be performed. <br />-If an Incident Response Team is required then at least one member of IT Security along with one <br />or more members of QTS's IT Operations organization responsible for the affected system, as well <br />as any necessary re resentatives from Network <br />SAP <br />Ariba <br />We can provide a general overview but our full documentation is confidential. <br />All of our security processes and procedures are audited by a third party every <br />six months for ISAE 3402 assurance. We also hold PCI DSS certification. The <br />carahsoft 81 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.