Orange County NC Website
Browse       Search
DocuSign Envelope ID: D1041CA6-DBD4-42BE-8B32-7C592BF2BA15 <br /> 23. What are the cloud provider's incident management and reporting policies? <br /> TMA Response: TMA has an extensive incident management policy in place. Please let <br /> the following service as an overview for the contents of this policy. <br /> TMA Systems possesses information corporately, for their clients, and for their <br /> business associates that is sensitive and valuable. Because the Company takes <br /> information security very seriously, prompt action must be taken in the event of any <br /> actual or suspected breaches of information security or confidentiality. Prompt action <br /> will avoid, or minimize the risk of harm to the Company, clients, partners, or their <br /> respective employees. In addition, prompt action will minimize: damage to <br /> operations, financial losses, legal exposure and damage to the organizations <br /> reputation. The Company requires all employees to diligently protect information as <br /> appropriate for its sensitivity level and report suspected information breaches <br /> promptly so appropriate action can be taken and harm can be minimized. Failure to <br /> comply with this policy may subject you to disciplinary measures up to and including <br /> termination and other legal remedies. <br /> The following sections comprise this policy: <br /> • Purpose of Policy <br /> • What is an Information Security Incident? <br /> • What and Who the Policy Applies to <br /> • Where the Policy Applies <br /> • Lines of Responsibility <br /> • Responsibility for Creating a Culture of Information Security <br /> 24. What is the process by which the cloud provider updates policies and informs customers? <br /> TMA Response: Unless changes are made to the "Terms of Use" or"Privacy Policy", <br /> which are accessible from the login page, TMA does not automatically provide updates to <br /> customers related to this information. This information is available upon request. <br /> 25. What is the basic architecture of the cloud provider's network security? (overall design, <br /> zones, filters, firewalls, VLANs,protocols, standards) <br /> TMA Response: Please see the WebTMA Service Provider Security and Operations <br /> Controls document within the Attachment section of our response. <br /> 26. What security measures does the cloud provider use in data storage, transit and use? <br /> TMA Response: Please see the WebTMA Service Provider Security and Operations <br /> Controls document within the Attachment section of our response. <br /> 27. What encryption technologies does the cloud provider use in data management? <br /> TMA Response: For the protection of our clients all client data is stored in separate <br /> databases. WebTMA salts and hashes passwords rather than storing clear text. WebTMA <br /> uses the MD5 Hash algorithm. Using a hash algorithm is more secure than encryption <br /> since it is impossible to reverse the encryption and expose the password. MD5 is the most <br /> commonly used hash algorithm for storing passwords. The entire WebTMA solution is <br />