My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt26 Ichi Plan, Inc.
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2026
>
Agmt26 Ichi Plan, Inc.
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/23/2026 11:39:03 AM
Creation date
3/23/2026 11:38:54 AM
Metadata
Fields
Template:
Agreement
PROJECT NAME
SAAS Procurement and Professional Services Agreement - ICHI Plan, Inc.
RMP File Number
304.5
Date
3/6/2026
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
31
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV: 02-25-26 LF <br />EXHIBIT H <br />SECURITY POLICY <br />1. Encryption Standards <br />Ichi encrypts all customer data in transit and at rest using modern, industry-standard protocols: <br />In transit: All communications between users and the Ichi platform occur over TLS 1.3 <br />(HTTPS/WSS/SSL), the most current and secure transport-layer protocol. <br />At rest: All data—including files, documents, images, prompts, responses, metadata, logs, <br />and user information—are encrypted using AES-256 encryption. <br />Storage: User-uploaded files are stored in Amazon Web Services (AWS) S3 with Server- <br />Side Encryption (SSE-S3, AES-256). Files are accessed only through short-lived, pre- <br />signed URLs that require user authentication. <br />Backups: Encrypted using AWS SSE-S3 (AES-256) with all transfers protected by TLS <br />1.3. No unencrypted physical media are used. <br />2. Intrusion Detection and Network Security <br />Ichi’s application and infrastructure are hosted on AWS and Render, which provide: <br />Managed firewalls, DDoS protection, and automatic patching of the underlying <br />infrastructure. <br />Cloudflare Firewall and network-level monitoring for inbound and outbound traffic. <br />Comprehensive audit logs for all server, database, and shell access. These are maintained <br />through Render and provide detailed records of data access and operations. <br />3. Data Protection and Access Controls <br />Ichi applies multiple layers of data and access protection: <br />Tenant Isolation: Each customer operates within a tenant-isolated “walled garden”, <br />ensuring complete logical segregation from other organizations. <br />Access Management: Role-based access control (RBAC) with least-privilege principles. <br />Only authorized personnel (administrators and engineers) can access production systems. <br />Authentication: Integration with Microsoft Single Sign-On (SSO) for all users; Ichi <br />stores no user passwords. Multi-factor authentication (MFA) is required for administrative <br />access. <br />Auditability: Access to production systems, backups, and data is logged and reviewed <br />quarterly. All employees undergo background checks before access is granted. <br />4. Incident Detection and Response <br />Ichi maintains a formal incident response process that includes containment, evaluation, <br />reporting, and prevention steps. <br />ATTY/AGR.2026.050/ICHI Plan, Inc. (AI enabled Software Solution) (Page 28 of 31)
The URL can be used to link to this page
Your browser does not support the video tag.