My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
01/21/2025
>
Item 26 - Agreement with Allied Network Solutions, Inc. for Adobe Software and Subscription
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/27/2025 5:03:20 PM
Creation date
1/21/2025 2:16:24 PM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Agency
Information Technology
Item #
26
Date
1/21/2025
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
762
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
SOLICITATION # CH16012 <br />becoming aware of the incident, measures are promptly taken by the team to <br />resolve the situation. All affected customers should be informed within at most <br />36 hours of confirming a potential breach in the privacy of their data. Following <br />incident resolution, follow-up is required to ensure that the incident has been <br />resolved effectively and that the threat is no longer present. We are aligned <br />with ISO 27k standards for event and incident management and have formal <br />incident management policies and processes in place. These policies and <br />procedures are tested in the ISO 27k and SOC 2 audits. <br />FireEye <br />FireEye has a documented policy for incident management that has been approved by <br />management and communicated to appropriate constituents and owners. It is continuously <br />maintain and reviewed annually. The plan has a reporting structure and escalation path. An <br />incident response team with defined roles and response related qualifications are available <br />24x7x365. The team maintains chain of custody for evidence during the incident investigation. <br />There is a process for reporting client notification for regulatory, legal and contractual issues after <br />a breach if a breach were to be confirmed. If a confirmed breach were to occur a management <br />team would review all the factors and develop a remediation plan to mitigate. <br />VirtueStream <br />There are two primary Incident types; Security Incidents, where there is a possible breach in <br />systems or data integrity, and Services, where there is in impacted or affected service. Although <br />there is some overlap, generally any security -related incident should be classified as a Security <br />Incident and the response must be managed using the 'Virtustream Information Security <br />Procedure — Security Incident Response Plan'. <br />The purpose of this security incident response plan is to provide general guidance to Virtustream <br />staff- both technical and managerial — to enable quick and efficient recovery from security <br />incidents; respond in a systematic manner to incidents and carry out all necessary steps to <br />correctly handle an incident; prevent or minimize disruption of critical computing services; and <br />minimize loss or theft of sensitive or mission critical information including sensitive credit card <br />data. The plan is also a guide to sharing information with other stakeholder organizations who <br />might be impacted by such security incidents such as the credit card associations and law <br />enforcement. <br />The Security Incident Response Plan (SIRP) provides guidance to prepare for, respond to, and <br />recover from potential incidents. Policy statements surrounding the IR-Plan are provided to ensure <br />continued upkeep and standardized use. The SIRP guidance at the procedural level defines the <br />roles, responsibilities, communication methods and flows, contact information, types of potential <br />incidents, and immediate actions that are to be taken upon an incident's identification, and <br />elaborates with subsequent recovery steps. Virtustream's Incident Response Policy requires the <br />implementation and testing of a generalized plan that adheres to the International Standards <br />Organization 27002 guidance for incident management and response, but meets specific <br />requirements for compliance such as PCI-DSS. <br />The Plan covers the corporate environment associated with Virtustream's IT assets, the local IT <br />resources and the IT resources at Virtustream's Data Center. It consists of a series of guidelines <br />(Incident Response Guidelines or "IRG") that should generally be followed as appropriate for the <br />circumstances as when a security incident occurs or as part of the ongoing maintenance of this <br />plan. <br />As the incident progresses and has more impact (i.e. severity level increases), the escalation <br />process will be used to engage appropriate resources. Incidents should be handled at the lowest <br />escalation level that is capable of responding to the incident with as few resources as possible in <br />order to reduce the total impact, and to keep tight control. The Table below defines the escalation <br />levels with the associated team involvement. <br />8.7 Migration and Redeployment Plan <br />carahsoft <br />carahsoft <br />
The URL can be used to link to this page
Your browser does not support the video tag.