My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt23 Dropcountr, Inc
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2023
>
Under $104K
>
Agmt23 Dropcountr, Inc
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
4/27/2023 11:24:09 AM
Creation date
4/27/2023 11:23:22 AM
Metadata
Fields
Template:
Agreement
Contractor Name
Dropcountr, Inc.
PROJECT NAME
Software and Professional services agreement
RMP File Number
304.5
Date
4/6/2023
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
32
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV 03-17-23 MI <br />and kept only at its U.S. data centers. Provider shall permit its personnel and <br />contractors to access City Data remotely only as required to provide the Services <br />or to provide technical support. <br />c. Provider shall inform the City of any Security Incident or Data Breach in <br />accordance with the following protocols: <br />(i) Provider may need to communicate with outside parties regarding a <br />Security Incident, which may include contacting law enforcement, fielding <br />media inquiries and seeking external expertise as mutually agreed upon, <br />defined by law or contained in this Agreement. Discussing Security <br />Incidents with the City should be handled on an urgent as-needed basis, as <br />part of Provider communication and mitigation processes as mutually <br />agreed upon, defined by law or contained in this Agreement. <br />(ii) Provider shall promptly report a Security Incident to the appropriate City <br />Identified Contact. <br />(iii) If Provider has actual knowledge of a confirmed Data Breach that affects <br />the security of any City Data, Provider shall (1) promptly notify the <br />appropriate City Identified Contact within 24 hours or sooner, unless shorter <br />time is required by applicable law, and (2) take commercially reasonable <br />measures to address the Data Breach in a timely manner. <br />(iv) Provider shall (1) cooperate with the City as reasonably requested by the <br />City to investigate and resolve the Data Breach, (2) promptly implement <br />necessary remedial measures, if necessary, and (3) document responsive <br />actions taken related to the Data Breach, including any post- incident review <br />of events and actions taken to make changes in business practices in <br />providing the Services, if necessary. <br />(v) Unless otherwise stipulated, if a Data Breach is a direct result of <br />Provider’s breach of its contractual obligation to secure City Data in <br />accordance with this Agreement and the Security Policy or otherwise <br />prevent its release, Provider shall bear the costs associated with (1) the <br />investigation and resolution of the Data Breach; (2) notifications to <br />individuals, regulators or others required by state law; (3) a credit monitoring <br />service required by state (or federal) law; (4) a website or a toll-free number <br />and call center for affected individuals required by state law — all not to <br />exceed the average per record per person cost calculated for data breaches <br />in the United States (currently $225 per record/person) in the most recent <br />Cost of Data Breach Study: Global Analysis published by the Ponemon <br />Institute at the time of the Data Breach; and (5) complete all corrective <br />actions as reasonably determined by Provider based on root cause. <br />ATTY/AGR.2023.056/Dropcountr, Inc. (Water Utility Customer Portal) (Page 6 of 32)
The URL can be used to link to this page
Your browser does not support the video tag.