Laserfiche WebLink
xiv. 1 .3 SECURITY <br /> xv. <br /> A. CMS and all subsystem controllers shall have security protocols and password protection that <br /> prevent unauthorized access or manipulation of data and reports including individual transactions. <br /> IPS complies. Only authorized users with a login and password will have access to the DMS. <br /> B. All databases of transactions, reports, etc. shall be secured by means of password from unauthorized <br /> entry and tampering from either within or outside CMS. <br /> IPS complies. <br /> C. The System must include a minimum of 6 levels of access authorization to all operational, <br /> administrative and reporting functions and provide the following security features: <br /> 1. Define individual user and group based security <br /> 2. Ability to assign a unique user ID for each person authorized to use the system <br /> 3. Ability to assign a unique password and periodically change that password for each authorized user <br /> ID <br /> 4. Ability to establish an expiration period for passwords <br /> 5. Ability to disable a user ID following successive long-on failures exceeding a specific limit <br /> 6. Ability to view and report user and group level security rights <br /> 7. Ability to de-activate codes for former users and internal and external customers <br /> 8. Available user-defined fields <br /> IPS complies. The City can manage the level of access that each authorized user has to ensure that settings are <br /> not manipulated. Each user that securely logs into the DMS is required to provide a usemame and password. <br /> Each user will also be assigned to a defined user profile that defines which reports are visible and which ones <br /> are not accessible. Samples of these profiles include Administrator, Coin Collection, Customer Service, <br /> Manager, Financial Analyst, Utility Manager, and Technician. <br /> D. PCI Data Security Standard <br /> 1. Compliance programs are offered by the individual financial institutions on the PCI council. The <br /> MSM Vendor shall submit proof of PCI DSS compliance and PABP validation. On-going compliance <br /> must be provided at no cost to the City. <br /> IPS complies. IPS was the first single-space credit card-enabled parking meter vendor to become PCI- <br /> certified in 2008. Today we process over 60 million credit card transactions each year, safely and securely. <br /> Please see the Appendix for copies of our PCI and PA-DSS certifications. <br /> a. Acceptable proof of PCI DSS Compliance and PABP Validation is that the vendor/manufacturer is <br /> listed on both Visa and MasterCard web sites as PCI Compliant and having PABP Validation. <br /> IPS complies. IPS is listed as a valid service provider for the Visa Cardholder Information Security Program <br /> (CISP) and the MasterCard Site Data Protection (SDP) programs and is fully compliant with all PCI-DSS and <br /> PA-DSS guidelines. <br /> b. It is not acceptable to merely to state that the credit card processor is PCI DSS Compliant or that it <br /> is in the process of becoming compliant and/or receiving validation. <br /> IPS complies. IPS has been certified since 2008. <br /> 2.1 HOSTED CMS SOFTWARE SYSTEMS <br /> REV: 05-05-16 JS <br /> Page 35 of 177 <br /> ATTY/AGR.2016.094/IPS Group <br />