My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
AgdaPkt 2020-11-23 Joint SA PFA
RedwoodCity
>
City Clerk
>
Agenda Packets
>
2020-2029
>
2020
>
AgdaPkt 2020-11-23 Joint SA PFA
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/3/2020 5:27:49 PM
Creation date
11/19/2020 6:20:52 PM
Metadata
Fields
Template:
CC Index
CC Index - Document Type
Agenda Packet
Meeting Type
Joint
Agency Type
City Council and Successor Agency and Public Financing Authority
Date
11/23/2020
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
840
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
6.11). - Page 128 of 179 <br />4.7. Data Location. Vendor shall provide its Services to the City and its end users solely from data <br />centers in the U.S. Storage of City Data at rest shall be located solely in data centers in the <br />U.S. Vendor shall not allow its personnel or contractors to store City Data on portable devices, <br />including personal computers, except for devices that are used and kept only at its U.S. data <br />centers. Vendor shall permit its personnel and contractors to access City Data remotely only <br />as required to provide the Services or to provide technical support. Vendor may provide <br />technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise <br />prohibited in this Purchase Agreement. <br />5. Security Incident or Data Breach Notification. Vendor shall inform the City of any Security Incident <br />or Data Breach: <br />5.1. Incident Response: Vendor may need to communicate with outside parties regarding a <br />Security Incident, which may include contacting law enforcement, fielding media inquiries and <br />seeking external expertise as mutually agreed upon, defined by law or contained in this <br />Purchase Agreement. Discussing Security Incidents with the City should be handled on an <br />urgent as -needed basis, as part of Vendor communication and mitigation processes as <br />mutually agreed upon, defined by law or contained in this Purchase Agreement. <br />5.2. Security Incident Reporting Requirements: Vendor shall report a Security Incident to the <br />appropriate City Identified Contact immediately. <br />5.3. Breach Reporting Requirements: If Vendor has actual knowledge of a confirmed Data Breach <br />that affects the security of any City content that is subject to applicable Data Breach <br />notification law, Vendor shall (1) promptly notify the appropriate City Identified Contact <br />within 24 hours or sooner, unless shorter time is required by applicable law, and (2) take <br />commercially reasonable measures to address the Data Breach in a timely manner. <br />5.4. Breach Responsibilities. This section only applies when a Data Breach occurs with respect to <br />Personal Data or Non -Public Data within the possession or control of Vendor. <br />• Vendor, unless stipulated otherwise, shall immediately notify the appropriate City <br />Identified Contact by telephone in accordance with the agreed upon security plan or <br />security procedures if it reasonably believes there has been a Security Incident. <br />• Vendor, unless stipulated otherwise, shall promptly notify the appropriate City Identified <br />Contact within 24 hours or sooner by telephone, unless shorter time is required by <br />applicable law, if it confirms that there is, or reasonably believes that there has been a <br />Data Breach. Vendor shall (1) cooperate with the City as reasonably requested by the City <br />to investigate and resolve the Data Breach, (2) promptly implement necessary remedial <br />measures, if necessary, and (3) document responsive actions taken related to the Data <br />Breach, including any post -incident review of events and actions taken to make changes <br />in business practices in providing the Services, if necessary. <br />• Unless otherwise stipulated, if a Data Breach is a direct result of Vendor's breach of its <br />contractual obligation to encrypt Personal Data or otherwise prevent its release, Vendor <br />O7P FORM 4000/2 <br />167 <br />
The URL can be used to link to this page
Your browser does not support the video tag.