My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt26 Concourse Tech, Inc.
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2026
>
Under $110K
>
Agmt26 Concourse Tech, Inc.
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
4/13/2026 11:47:37 AM
Creation date
4/13/2026 11:47:27 AM
Metadata
Fields
Template:
Agreement
PROJECT NAME
SaaS Agreement with City of Redwood City
RMP File Number
304.5
Date
4/9/2026
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
33
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
REV: 04-07-24 LF <br />EXHIBIT H <br />SECURITY POLICY <br />1.Data Encryption <br />Data at Rest: All City Data is encrypted using AES-256 encryption standard. <br />Data in Transit: All data transmitted between users and the platform is encrypted using TLS <br />1.3. <br />Encryption Key Management: Encryption keys are managed using industry-standard key <br />management practices with regular key rotation. <br />2. Access Controls <br />Role-Based Access Control (RBAC): Access to data and functionality is restricted based on <br />assigned user <br />roles (City Staff, Landlord, Tenant, Administrator). <br />Multi-Factor Authentication (MFA): MFA is available and recommended for all user accounts. <br />MFA will be required by City administrators for staff accounts. <br />Session Management: Automatic session timeout after a configurable period of inactivity. <br />Concurrent session limits enforced. <br />Password Policy: Minimum complexity requirements enforced, including length, character <br />diversity, and expiration intervals configurable by City administrators. <br />3. Infrastructure Security <br />Hosting Environment: Platform hosted on US-based cloud infrastructure with SOC 2 Type II <br />certified data centers. <br />Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS <br />mitigation in place. <br />Vulnerability Management: Regular vulnerability scanning (at least monthly) and timely <br />patching of identified vulnerabilities. Critical vulnerabilities patched within 72 hours of <br />identification. <br />Penetration Testing: Annual third-party penetration testing. Summary results available to City <br />upon request. <br />Security Reviews: Review of infrastructure security 6 months after Agreement execution and on <br />an annual basis thereafter. <br />4. Data Backup & Disaster Recovery <br />Backups: Automated daily backups with 90-day retention. <br />Recovery: Point-in-time recovery capability. Recovery Time Objective (RTO): 4 hours. Recovery <br />Point Objective (RPO): 24 hours. <br />Backup Testing: Quarterly restoration testing to verify backup integrity. <br />Geographic Redundancy: Backups stored in a geographically separate US-based facility. <br />5.Incident Response <br />Incident Response Plan: Provider maintains a documented incident response plan covering <br />detection, containment, eradication, recovery, and post-incident review. <br />Breach Notification: In the event of a confirmed data breach involving City Data, Provider will <br />notify the City within 24 hours of confirmation. <br />Cooperation: Provider will cooperate fully with the City and any regulatory authorities in <br />investigating and remediating security incidents. <br />6.Employee Security <br />Background Checks: All Provider employees and contractors with access to City Data are subject <br />to background checks. <br />Security Training: All Provider personnel receive annual security awareness training. <br />Least Privilege: Provider personnel are granted access to City Data only to the extent necessary to <br />perform their job functions. <br />ATTY/AGR.2026.096/TBD (Relocation Assistance Software) (Page 30 of 33)
The URL can be used to link to this page
Your browser does not support the video tag.