My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt22 Granicus
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2022
>
Under $ 100K
>
Agmt22 Granicus
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/14/2024 3:03:56 PM
Creation date
2/14/2024 3:03:15 PM
Metadata
Fields
Template:
Agreement
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
32
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV: 06-24-22 RL <br />EXHIBIT H <br />SECURITY POLICY <br />Technical and Organizational Measures for Granicus Cloud Services (TOMs) <br />The following sections define Granicus current technical and organizational measures and are <br />incorporated into Schedule 2 of the DPA. Granicus may change these at any time without notice <br />so long as it maintains a comparable or better level of security. Individual measures may be <br />replaced by new measures that serve the same purpose without diminishing the security level <br />protecting Personal Data. <br />1. GENERAL <br />1.1 Granicus will: <br />1.1.2 maintain an information security program to protect information processing <br />systems and media that contain sensitive information, from internal and external security <br />threats and from unauthorized disclosure. <br />1.1.3 maintain an information security policy that is approved and communicated to all <br />employees, contractors, and subcontractors. The information security policy will comply <br />with all applicable laws, regulations, and/or mandatory industry standards. <br />1.1.4 maintain a process to review newly acquired tools/software and manage existing <br />vendors. <br />1.1.5 maintain a risk management program to identify vulnerabilities and risks, and to <br />remediate vulnerabilities in a timely manner. <br />1.1.6 perform periodic reviews of its information security program and its capabilities <br />through independent third-party audits, internal and external penetration tests, and self- <br />assessments. <br />1.1.7 maintain a software development program to ensure that code is properly <br />reviewed and deployed, and changes go through a standard process. <br />1.1.8 maintain an effective process to maintain and track all physical computing and <br />software assets in use and/or containing sensitive information. <br />1.1.9 ensure the network boundary will be protected using technologies such as <br />firewalls, and monitoring tools. <br />1.1.10 maintain an up–to-date antivirus software at access points to the company <br />network (for e-mail accounts), as well as on all file servers and all workstations. <br />1.1.12 maintain contingency plans to protect against accidental and/or unauthorized <br />destruction or loss. All plans will be tested, at minimum, on an annual basis. <br />1.1.13 perform regular backup processes to provide restoration of business-critical <br />systems as and when necessary. <br />1.1.14 maintain a data retention and data deletion process. <br />1.1.15 maintain a risk management program to identify vulnerabilities and risks, and <br />ensure vulnerabilities are remediated in a timely manner. <br />1.1.16 maintain adequate system and application-level logging. <br />1.1.17 ensure that access to products, services and Client Personal Data by Granicus <br />personnel is restricted on a strictly need to know basis and that all Granicus’ personnel <br />who are granted such access have completed appropriate security training in line with the <br />Granicus Data Privacy policy. <br />ATTY/AGR.2022.156/Granicus (Online agenda and meeting hosting and indexing) (Page 29 of 32)
The URL can be used to link to this page
Your browser does not support the video tag.