Laserfiche WebLink
6.E. - Page. 14 of 73 <br />AMement for TruePoint Services QJ1y of Redwood Ci <br />6.2 Data Protection, Protection of personal privacy and data shall be an integral part of the <br />business activities of Consultant to ensure there Is no Inappropriate or unauthorized use of <br />Customer Data at any time. To this end, Consultant shall safeguard the confidentiality, <br />integrity, and availability of Customer Data and comply with the following conditions: <br />6.2.1 Consultant shall implement and maintain appropriate administrative, technical and <br />organizational security measures to safeguard against unauthorized access, disclosure <br />or theft of Customer Data. Such security measures shall be in accordance with <br />recognized industry practice and not less stringent than the measures Consultant <br />applies to its own Customer Data of similar kind, <br />6.2.,2 All data obtained by Consultant In the performance of this Agreement shall become <br />and remain the property of the City, <br />6.2.3 All Customer Data shall be encrypted at rest and in transit: with controlled access. <br />Unless otherwise stipulated, Consultant is responsible for encryption of Customer <br />Data. <br />6.3 <br />6.4 <br />REV: D4-23-19PR <br />6:2.4 For data at rest, Consultant: shall ensure hard drive encryption consistent with <br />validated cryptography standards as referenced in FIPS 140-2, Security Requirements <br />for Cryptographic.Mod'ules for all Customer Data, <br />6.2.5 At no time shall any data or processes — that either belong to or are Intended for the <br />use of the City or Its officers, agents or employees —be copied, disclosed or retained <br />by Consultant or any party related to Consultant for subsequent use In any transaction <br />that does not Include the City, <br />6.2,6 Consultant shall not use any information collected In connection with the Services <br />issued from this Agreement for any purpose other than fulfilling the Services. <br />Data Location, Consultant shall provide its Services to the City and its end users solely from <br />data centers in the U,S. Storage of City Data at rest shall be located solely In data centers in the <br />U.S. Consultant shall not allow its personnel to store City Data on portable devices, including <br />personal .computers, except for devices that are _used and kept only at its US. data: centers,, <br />Security Incid nt or Data Breach Notification. Consultant shall Inform the City of any Security <br />Incident or Data Breach: <br />6,4,1 Incident Response: Consultant may need to communicate with outside parties <br />regarding a Security Incident, which may include contacting law enforcement, fielding <br />media inquiries and seeking external. expertise as mutually agreed upon, defined by <br />law or contained In this Agreement. Discussing Security Incidents with the City should <br />be handled on an urgent as -needed basis, as part of communication and mitigation <br />processes as mutually agreed upon, defined by law or contained in this Agreement, <br />6,4.2 Security Incident Reporting Requirements: Consultant shall report a Security Incident <br />to the Contract Officer immediately. <br />6:4.3 Breach Reporting Requirements: If Consultant has actual knowledge of a confirmed. <br />Data Breach that affects the security of any City content that is subject to applicable <br />Data Breach notification law, Consultant shall (1) promptly notify the Contract Officer <br />within 24 hours or sooner, unless shorter time is required by applicable law, and (2) <br />take commercially reasonable measures to address the Data Breach in a timely <br />manner. <br />Page S of 64 <br />ATTYIAGR.2019,1o61TruePoint TrueSill Utility Billing System <br />112 <br />