Browse
Search
2020-887-E Economic Dev - Submittable Holdings Inc grant management software
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2020
>
2020-887-E Economic Dev - Submittable Holdings Inc grant management software
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/1/2021 4:33:23 PM
Creation date
3/1/2021 4:09:58 PM
Metadata
Fields
Template:
Contract
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
60
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID:90A54439-23B9-40AF-8246-BFCAAEAA529D <br /> AES-256. Customers access Submittable accounts through the browser over HTTPS with <br /> a username and password, or with SSO (if configured). <br /> 28. How are access rights managed by the cloud provider for their employees, contractors <br /> and other persons? <br /> Access control is based on the principle of least privilege. A copy of our access control <br /> policy is available upon request. <br /> 29. What methods does the cloud provider use to destroy information, when so authorized? <br /> Submittable logically destroys information that is subject of a data deletion request. For <br /> more information,please refer to the relevant provisions of the Submittable Customer <br /> Terms of Service. <br /> 30. What is the cloud provider's patch management policy/methods? <br /> We have implemented a patch management process to ensure that infrastructure systems <br /> are patched in accordance with vendor recommended operation system patches. We build <br /> servers from the latest OS images available from Amazon Web Services (AWS), with <br /> patches applied and rotate production servers daily with software releases. Any <br /> long-lived servers have automatic updates applied ASAP. <br /> 31. How does the cloud provider defend against malware, including but not limited to <br /> viruses, bots, spyware, spam,phishing and pharming? <br /> We scan daily using McAfee SECURE, and we also run Amazon GuardDuty and <br /> Amazon Inspector. We also conduct regular security awareness training of our <br /> employees, including best practices to defend against phishing attacks. <br /> 32. What system hardening strategies are employed by the cloud provider? <br /> We scan daily using McAfee SECURE, and we also run Amazon GuardDuty and <br /> Amazon Inspector. We also have MFA employed for production database and VPN <br /> access. <br /> 33. How does the cloud provider perform security testing, including logging, correlation, <br /> intrusion detection, intrusion prevention, file integrity monitoring, time synchronization, <br /> security assessments, penetration testing? <br /> We undergo third party penetration testing of our web application on the OWASP top 10 <br /> on at least an annual basis, as part of our SOC 2 Type 2 compliance controls. <br /> 34. What technologies and methods does the cloud vendor provide for strong authentication? <br /> Windows Administrator account passwords are randomly generated by AWS on server <br /> start and can be recovered with the KMS key if needed. For long-lived servers, the <br /> administrator password is stored in a 1Paswword vault with limited access. <br /> 35. Provide any other comments and explanations: <br /> Click here to enter text. <br />
The URL can be used to link to this page
Your browser does not support the video tag.