Laserfiche WebLink
SOLICITATION # CH16012 <br />• Locked racks and rooms with key log out/in process. <br />• Data destruction policies and procedures. <br />• Asset in/out policy and procedures. <br />Physical access by authorized staff is controlled by badge systems and biometric access systems. <br />All access of any kind is recorded and logged. Access lists are reviewed every 90 days. Employees <br />that do not have a reason to have physical access are removed from our access management <br />systems. Multiple high resolution and IR enhanced CCTV Cameras monitor our datacenters at all <br />egress and ingress points as well as other sensitive areas. Security video footage is stored in a <br />secure area for 90 days. <br />Approved Visitor Access requires VISITOR Badges and bright lanyards that are specifically different <br />from employee badges. Visitors are required to produce and surrender a state or government issued <br />photo ID during the visit, have a pre -approved reason for the visit, and have the escort witness the <br />sign in and out procedure. Visitors are escorted continuously through approved areas of the facility. <br />Visitors are not allowed access to following areas of the data center under any circumstances: <br />• Cloud hosting areas. <br />• Networking and telecommunication areas. <br />• Guard areas. <br />• Power vaults. <br />8.6.11 Describe security procedures (background checks, foot printing logging, etc.) which are in place <br />regarding Offeror's employees who have access to sensitive data. <br />FireEye <br />Background verification for employment candidates is a mandatory component of FireEye's hiring <br />process. All personnel are required to sign a confidentiality and non -disclosure agreement <br />agreeing not to disclose proprietary or confidential information including client information to <br />unauthorized parties. <br />Security awareness training program is in place to maintain the skill level of personnel regarding <br />security and privacy expectations and best practices. All FireEye personnel at all levels are trained <br />and notified of information security and privacy require ents and personnel responsibilities. <br />VirtueStream <br />Virtustream employees who are assigned to IaaS must pass a Virtustream background <br />investigation. In addition, Virtustream employees assigned to the IaaS must adhere to any <br />requirement by customers to pass federal, state, or local background investigations if they are to <br />provide managed services to the customer zone which includes access to sensitive data. <br />8.6.12 Describe the security measures and standards (i.e. NIST) which the Offeror has in place to secure <br />the confidentiality of data at rest and in transit. <br />CA <br />At CA Technologies, we comply with a multifaceted security standard that includes requirements <br />for security management, policies, procedures, network architecture, software design and other <br />critical protective measures. We ensure the maintenance of vulnerability management programs, <br />implement strong access control measures, regularly monitor and test networks and adhere to the <br />highest industry compliance and security policies. CA offers a variety of SaaS solutions, details <br />for each offering has been provided in Exhibit 1 and 2 of this proposal. <br />Google <br />All connections from customer end point devices to Google's Front End Servers are encrypted with <br />enforced HTTPS sessions using Forward Secrecy. Google websites and properties use robust <br />public key technologies: 2048-bit RSA or P-256 ECDSA SSL certificates issued by a trusted <br />authority (currently the Google Internet Authority G2). <br />carahsoft carahsoft <br />