My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />Incident and the response must be managed using the 'Virtustream Information Security <br />Procedure — Security Incident Response Plan'. <br />The purpose of this security incident response plan is to provide general guidance to Virtustream <br />staff- both technical and managerial — to enable quick and efficient recovery from security <br />incidents; respond in a systematic manner to incidents and carry out all necessary steps to <br />correctly handle an incident; prevent or minimize disruption of critical computing services; and <br />minimize loss or theft of sensitive or mission critical information including sensitive credit card <br />data. The plan is also a guide to sharing information with other stakeholder organizations who <br />might be impacted by such security incidents such as the credit card associations and law <br />enforcement. <br />The Security Incident Response Plan (SIRP) provides guidance to prepare for, respond to, and <br />recover from potential incidents. Policy statements surrounding the IR-Plan are provided to ensure <br />continued upkeep and standardized use. The SIRP guidance at the procedural level defines the <br />roles, responsibilities, communication methods and flows, contact information, types of potential <br />incidents, and immediate actions that are to be taken upon an incident's identification, and <br />elaborates with subsequent recovery steps. Virtustream's Incident Response Policy requires the <br />implementation and testing of a generalized plan that adheres to the International Standards <br />Organization 27002 guidance for incident management and response, but meets specific <br />requirements for compliance such as PCI-DSS. <br />The Plan covers the corporate environment associated with Virtustream's IT assets, the local IT <br />resources and the IT resources at Virtustream's Data Center. It consists of a series of guidelines <br />(Incident Response Guidelines or "IRG") that should generally be followed as appropriate for the <br />circumstances as when a security incident occurs or as part of the ongoing maintenance of this <br />plan. <br />As the incident progresses and has more impact (i.e. severity level increases), the escalation <br />process will be used to engage appropriate resources. Incidents should be handled at the lowest <br />escalation level that is capable of responding to the incident with as few resources as possible in <br />order to reduce the total impact, and to keep tight control. The Table below defines the escalation <br />levels with the associated team involvement. <br />8.6.9 Offeror must describe and identify whether or not it has any security controls, both physical and virtual <br />Zones of Control Architectures (ZOCA), used to isolate hosted servers. <br />CA <br />APM <br />AWS EC2 datacenters annually undergo SOC 3 audits. <br />MAA <br />Physical access mechanisms (e.g., access cards, biometric devices, mantraps and <br />portals) have been implemented and are administered by local operations staff to help <br />ensure that only authorized individuals have the ability to access the data centers. <br />Portals and mantraps have been installed as anti -tailgating measures in most of data <br />center lobbies. Entry to and exit from the data centers is through either a portal or <br />mantrap where present. In data centers without portals or mantraps, the security <br />officer monitors the entrance to prevent tailgating. Where present, the portal/mantrap <br />bypass doors are only used in the event an individual is unable to use the portal or <br />mantrap in case of emergency. Examples include handicap, phobia, or other <br />restrictions on a case -by -case basis. Tours and emergency data center security <br />operations crews will be permitted to use the portal bypass door, when necessary. <br />CA Agile <br />Physical access mechanisms (e.g., access cards, biometric devices, mantraps and <br />portals) have been implemented and are administered by local operations staff to help <br />ensure that only authorized individuals have the ability to access the data centers. <br />Portals and mantraps have been installed as anti -tailgating measures in most of data <br />center lobbies. Entry to and exit from the data centers is through either a portal or <br />mantrap where present. In data centers without portals or mantraps, the security <br />carahsoft 84 carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.