Orange County NC Website
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> • All non-console administrative access will be encrypted using technologies such as SSH, <br /> VPN, or TLS 1.1 or newer for web-based management and other non-console <br /> administrative access. <br /> 27. What encryption technologies does the cloud provider use in data management? <br /> See answer to question#26 <br /> 28. How are access rights managed by the cloud provider for their employees, contractors <br /> and other persons? <br /> Jende Solutions recognizes that our personnel are the greatest resource in maintaining an effective level <br /> of security. At the same time, internal threats can create the greatest risks to information security. No <br /> security program can be effective without maintaining security awareness for employees, relevant <br /> contractors, and relevant third party users. Relevant contractors and relevant third party users are defined <br /> as those personnel with administrative access and/or access to sensitive data/information based on job <br /> function, or by accessing Jende Solutions information systems without employee oversight. <br /> Every Jende Solutions employee, contractor, third party user, service provider, or vendor is responsible <br /> for systems security to the degree that the function requires the use of information and associated <br /> systems. Fulfillment of security responsibilities is mandatory and violations of security requirements may <br /> be cause for disciplinary action, up to and including dismissal, civil penalties, and criminal penalties. <br /> All positions interacting with Jende Solutions information resources must be required to undergo formal <br /> processes for access granting, change, and termination. Those positions working with especially sensitive <br /> information or powerful privilege must be analyzed to determine any potential vulnerability associated with <br /> work in those positions, prior to assignment of these roles. <br /> Applicability <br /> Jende Solutions Human Resources Department (HR) in conjunction with Management will establish staff <br /> guidelines and all staff, relevant contractors and relevant third party users will comply with those <br /> guidelines. <br /> Standards <br /> The Human Resource Department will support the Chief Information Security Officer(CISO)to implement <br /> the following personnel security safeguards: <br /> • Hiring Practices <br /> • Security awareness education and training <br /> • Termination Practices <br /> Hiring Practices <br /> Each new hire granted access to client information and other classified Jende Solutions data will undergo <br /> a background check. Any past activity that would subject sensitive systems and data to risk due to an <br /> employee's past behavior will be cause to terminate the employment relationship with Jende Solutions. <br /> Prior to granting access to classified systems and data, all new hires will receive orientation and training <br /> that include responsibilities for protecting classified information. As outlined in the Access Control Policy, <br /> a new employees' supervisor must approve access to systems on a "business need-to-know" basis and <br /> submit the Systems Access Request Form to both IT and HR for processing. <br />