Laserfiche WebLink
United States. For customers located in Canada,all Customer Data will be hosted and stored within Canada. <br /> e) Data Encryption. All Customer Data will be encrypted at rest and in transit utilizing government-certified Advanced Encryption <br /> Standard(AES)cipher algorithms with a 256-bit or better encryption key. <br /> f) Disaster Recovery. Trimble will maintain a written Disaster Recovery Plan(DRP)as described in its then current SOC 2 Type II audit <br /> report for the applicable Offering. <br /> 2.2. SOC Compliance. Current versions of the Trimble Offering(s) referenced in the Order Form will be subject to an annual System and <br /> Organization Controls for service organizations("SOC")2 Type II audit based on Security,Availability,and Confidentiality Trust Services <br /> Criteria and will maintain compliance with those standards during the Term of this Agreement. The SOC 2 Type II audit will be conducted <br /> by a licensed Certified Public Accounting firm in accordance with the standards of the American Institute of Certified Public Accountants <br /> ("AICPA")Statement on Standards for Attestation Engagements No.18. At Customer's request,Trimble will provide a copy of the then <br /> current SOC 2 Type II audit report annually. The audit report shall be treated as Confidential Information. <br /> 2.3. System Testing. Trimble will maintain sole responsibility for establishing, maintaining, testing, and executing all plans and procedures <br /> applicable to system backup, disaster recovery, system architecture and security (including without limitation monitoring, audits, <br /> vulnerability scans/remediation, and penetration tests), software development, maintenance release schedules, and update <br /> management. <br /> 2.4. Vulnerability Remediation. Trimble will conduct vulnerability scans of the then current version of each Trimble Offering on a monthly basis. <br /> Trimble will use best efforts to remediate identified vulnerabilities as follows: <br /> a. Critical(30 days) <br /> b. High(60 days) <br /> C. Medium&Low(commercially reasonable timeframe) <br /> Note:vulnerability severity ratings referenced above must follow the NIST scoring system(https://nvd.nist.govlvuln-metrics/cvss). <br /> 2.5. Security Incident Notification. Trimble will provide notification of any security incidents affecting a customer's instance,including a data <br /> breach,within 72 hours of confirmation. <br /> 2.6. Accessibility. During the term of the Agreement,the Trimble Offering(s)referenced in the Order Form maybe subject to accessibility audits <br /> based on WCAG 2.0 AA standards. Trimble's compliance with any accessibility standards will be limited to its then current Accessibility <br /> Conformance Report,which will be provided upon request. <br /> 2.7. On Premises Licensed Software. If the Order Form includes any licensed software Products deployed on-premises or through hosting <br /> services not provided by Trimble,Trimble does not provide regular support or technical assistance for the repair or restoration of lost or <br /> damaged Customer Data as part of support, regardless of the cause. Assistance for restoration may be available subject to Trimble's <br /> availability and payment of applicable fees at Trimble's then-current hourly rates. <br />