Laserfiche WebLink
including but not limited to criminal fraud, or otherwise convicted of any felony or <br />misdemeanor offense for which incarceration for up to 1 year is an authorized penalty. The <br />Contractor shall promote and maintain an awareness of the importance of securing the <br />Purchasing Entity's information among the Contractor's employees and agents. <br />b. The Contractor and the Purchasing Entity recognize that security responsibilities are <br />shared. The Contractor is responsible for providing a secure infrastructure. The Purchasing <br />Entity is responsible for its secure guest operating system, firewalls and other logs captured <br />within the guest operating system. Specific shared responsibilities are identified within the <br />SLA. <br />c. If any of the stated personnel providing services under a Participating Addendum is not <br />acceptable to the Purchasing Entity in its sole opinion as a result of the background or <br />criminal history investigation, the Purchasing Entity, in its' sole option shall have the right <br />to either (1) request immediate replacement of the person, or (2) immediately terminate <br />the Participating Addendum and any related service agreement. <br />9. Access to Security Logs and Reports: <br />a. The Contractor shall provide reports on a schedule specified in the SLA to the Contractor <br />directly related to the infrastructure that the Contractor controls upon which the <br />Purchasing Entity's account resides. Unless otherwise agreed to in the SLA, the Contractor <br />shall provide the public jurisdiction a history or all API calls for the Purchasing Entity <br />account that includes the identity of the API caller, the time of the API call, the source IP <br />address of the API caller, the request parameters and the response elements returned by <br />the Contractor. The report will be sufficient to enable the Purchasing Entity to perform <br />security analysis, resource change tracking and compliance auditing <br />b. The Contractor and the Purchasing Entity recognize that security responsibilities are <br />shared. The Contractor is responsible for providing a secure infrastructure. The Purchasing <br />Entity is responsible for its secure guest operating system, firewalls and other logs captured <br />within the guest operating system. Specific shared responsibilities are identified within the <br />SLA. <br />10. Contract Audit: The Contractor shall allow the Purchasing Entity to audit conformance to the <br />Master Agreement terms. The Purchasing Entity may perform this audit or contract with a third <br />party at its discretion and at the Purchasing Entity's expense. <br />11. Data Center Audit: The Contractor shall perform an independent audit of its data centers at <br />least annually and at its own expense, and provide an unredacted version of the audit report <br />upon request. The Contractor may remove its proprietary information from the unredacted <br />version. For example, a Service Organization Control (SOC) 2 audit report would be sufficient. <br />12. Change Control and Advance Notice: The Contractor shall give a minimum forty eight (48) hour <br />advance notice (or as determined by a Purchasing Entity and included in the SLA) to the <br />Purchasing Entity of any upgrades (e.g., major upgrades, minor upgrades, system changes) that <br />