Browse
Search
2017-119-E IT - TMA Systems, LLC for facility maintenance software and annual software support
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2010's
>
2017
>
2017-119-E IT - TMA Systems, LLC for facility maintenance software and annual software support
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/23/2019 12:34:35 PM
Creation date
3/29/2017 8:39:30 AM
Metadata
Fields
Template:
Contract
Date
3/27/2017
Contract Starting Date
3/27/2017
Contract Ending Date
3/26/2024
Contract Document Type
Agreement - Services
Agenda Item
3/21/17
Amount
$137,622.00
Document Relationships
2018-038-E IT - TMA Systems change order 1
(Message)
Path:
\Board of County Commissioners\Contracts and Agreements\General Contracts and Agreements\2010's\2018
Agenda - 03-21-2017 - 8-e - Enterprise Asset Management Facilities Software Purchase and Support Agreement
(Linked To)
Path:
\Board of County Commissioners\BOCC Agendas\2010's\2017\Agenda - 03-21-2017 - Regular Mtg.
R 2017-119-E IT - TMA Systems, LLC for facility maintenance software and annual software support
(Linked To)
Path:
\Board of County Commissioners\Contracts and Agreements\Contract Routing Sheets\Routing Sheets\2017
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
154
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID: D1041CA6-DBD4-42BE-8B32-7C592BF2BA15 <br /> protected using the HTTPS protocol(TLS 1.0). <br /> 28. How are access rights managed by the cloud provider for their employees, contractors <br /> and other persons? <br /> TMA Response: Proper privileges at TMA are based on the "principle of least <br /> privilege". The principle limits access for users to the minimal level that allows a user <br /> normal functioning. This principle of least privilege translates into giving people the <br /> lowest level of user rights that they can have and still do their job. This limits the <br /> potential damage from a security breach, whether accidental or malicious. Addition <br /> details are available within TMA's Network Administrative Security Policy, which is <br /> available upon request. <br /> 29. What methods does the cloud provider use to destroy information, when so authorized? <br /> TMA Response: Client data is removed from our infrastructure on request at the <br /> cessation of the contract or 90 days following the cessation if not specifically requested. <br /> Media is not destroyed, as the data is stored entirely on our SAN infrastructure. Client <br /> data is never transferred to any type of removable media. <br /> 30. What is the cloud provider's patch management policy/methods? <br /> TMA Response: Patch management is managed by the database team once provided by <br /> the development team. The development team creates the patches which are tested and <br /> approved by the QA team. Once approved, the patches are packaged by the development <br /> team and provided to the database team for deployment into the SaaS infrastructure. <br /> Only the database team is authorized to make changes to the SaaS deployment. <br /> 31. How does the cloud provider defend against malware, including but not limited to <br /> viruses, bots, spyware, spam,phishing and pharming? <br /> TMA Response: Vipre is used for virus protection. The entire WebTMA solution is <br /> protected using the HTTPS protocol(TLS 1.0). Firewalls are in place to prevent <br /> disruption to the application or database from external networks. <br /> 32. What system hardening strategies are employed by the cloud provider? <br /> TMA Response: Hardening strategies include but are not limited to the following: <br /> • Management of user privileges <br /> • Removal of unused user accounts <br /> • Close unused network ports <br /> • Password complexity and policies <br /> • Remove unneeded services <br /> • Patch all known vulnerabilities <br /> • Least privileged administration model <br /> 33. How does the cloud provider perform security testing, including logging, correlation, <br /> intrusion detection, intrusion prevention, file integrity monitoring, time synchronization, <br /> security assessments,penetration testing? <br /> TMA Response: TMA utilizes a combination of independent 3rd party testing and a <br />
The URL can be used to link to this page
Your browser does not support the video tag.