My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt25 Granicus, LLC
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2025
>
Agmt25 Granicus, LLC
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/17/2025 3:41:40 PM
Creation date
1/17/2025 3:41:29 PM
Metadata
Fields
Template:
Agreement
Contractor Name
Granicus
RMP File Number
304.5
Date
1/16/2025
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
35
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV: 12-16-24 MI <br />2.3All access will be assigned using a unique identifier (User ID) and will be required to meet the <br />password complexity requirements in accordance with NIST 800-53. <br />2.4Granicus will ensure that a password has a minimum of eight characters and contains at least <br />two of the following parameters: (i) alphanumeric characters; (ii) uppercase and lowercase <br />characters, and; (iii) special characters. <br />2.5Multiple authorization levels will be used when granting access to sensitive information <br />resources, including those storing and processing personal information in accordance with the <br />Granicus Information Security policies. <br />2.6All privileged access to production will be controlled by adequate security controls. <br />2.7User access will be documented and reviewed on a periodic basis, based on risk. <br />Granicus will ensure that unauthorized persons are prevented from gaining physical access to <br />premises, buildings, or rooms where data processing systems that process or use Personal Data <br />are located: <br />2.8 Granicus protects its information resources and physical facilities using the adequate physical <br />and logical controls in accordance with the Granicus Information Security Policies. <br />2.9In general, buildings are secured through access control systems (e.g., smart card access <br />system). <br />2.10 As a minimum requirement, the outermost entrance points of the building must be fitted <br />with a certified key system including modern, active key management <br />2.11 Depending on the security classification, buildings, individual areas and surrounding <br />premises may be further protected by additional measures. These include specific access <br />profiles, video surveillance, intruder alarm systems and biometric access control systems. <br />2.12 Access rights are granted to authorized persons on an individual basis according to the <br />System and Data Access Control measures (see below). This also applies to visitor access. <br />Guests and visitors to Granicus buildings must register their names at reception and must be <br />accompanied by authorized Granicus personnel. <br />2.13 Granicus employees and external personnel must wear their ID cards at all Granicus <br />locations. <br />2.14 All data centers adhere to strict security procedures enforced by guards, surveillance <br />cameras, motion detectors, access control mechanisms and other measures to prevent <br />equipment and data center facilities from being compromised. Only authorized <br />representatives have access to systems and infrastructure within the data center facilities. <br />To protect proper functionality, physical security equipment (e.g., motion sensors, cameras, <br />etc.) undergo maintenance on a regular basis. <br />2.15 Granicus and all third-party data center providers log the names and times of authorized <br />personnel entering Granicus’s private areas within the data centers. <br />3 DATA TRANSMISSION CONTROL <br />Except as necessary for the provision of the Cloud Services in accordance with the Services <br />Agreement, Granicus will ensure that Personal Data will not be read, copied, modified, or removed <br />without authorization during transfer. Where data carriers are physically transported, adequate measures <br />will be implemented at Granicus to provide the agreed-upon service levels (for example, <br />encryption and lead-lined containers): <br />3.1 Personal Data in transfer over Granicus internal networks will be protected according to the <br />Granicus Information Security Policies. <br />3.2 When data is transferred between Granicus and its Customers, the protection measures for <br />the transferred Personal Data will be mutually agreed upon and made part of the relevant <br />agreement. This applies to both physical and network-based data transfer. In any case, the <br />Customer assumes responsibility for any data transfer once it is outside of Granicus-controlled <br />systems (e.g., data being transmitted outside the firewall of the Granicus data center). <br />4 JOB CONTROL <br />Granicus will ensure that Personal Data being processed on commission (i.e., Personal Data <br />processed on a customer’s behalf) is processed solely in accordance with the Master Subscription <br />ATTY/AGR.2024.237/Granicus (Agenda Management System) (Page 33 of 35)
The URL can be used to link to this page
Your browser does not support the video tag.