Browse
Search
OTHER-2022-061 CrowdStrike contract
OrangeCountyNC
>
Board of County Commissioners
>
Various Documents
>
2020 - 2029
>
2022
>
OTHER-2022-061 CrowdStrike contract
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/3/2024 1:21:31 PM
Creation date
3/21/2023 11:24:56 AM
Metadata
Fields
Template:
BOCC
Date
11/15/2022
Meeting Type
Business
Document Type
Others
Agenda Item
8-h
Amount
$112,965.00
Document Relationships
Agenda - 11-15-2022; 12-1 - Information Item - Memorandum - Financial Report- First Quarter FY 2022-23
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 12-2 - Information Item - Longtime Homeowner Assistance Program Prioritization
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 4-a - “The Nature of Orange” Photography Contest 2022
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 4-b - Presentation on 988 Suicide and Crisis Lifeline
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 6-a - Emergency Housing Assistance (EHA) Program Evaluation and Options for Next Steps
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 6-b - Schools Safety Task Force – Proposed Charge, Composition, and Timeline
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 7-a - Orange County Partnership to End Homelessness – 2022 Data Update
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-a - Minutes
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-b - Refund for Overpayment of Excise Tax
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-c - Fiscal Year 2022-23 Budget Amendment #3
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-d - North Carolina Governor’s Highway Safety Program - Orange County Sheriff’s Office Traffic Safety Project and Approval of Budget Amendment #3-A
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-e - Proposed Amendments - Commission for the Environment Board-Specific Policy and Procedures
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-f - Amendment to the Persimmon Hill Farm (Bennett-Pelissier) Conservation Easement
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-h - End Point Protection – Managed Detection Response CrowdStrike Contract
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda - 11-15-2022; 8-i - Approval of the Assistance Policy and the Procurement and Disbursement Policy for the 2022 North Carolina Housing Finance Agency (NCHFA) Urgent Repair Program (URP22)
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
Agenda for November 15, 2022 BOCC Meeting
(Attachment)
Path:
\Board of County Commissioners\BOCC Agendas\2020's\2022\Agenda - 11-15-2022 Business Meeting
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
29
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
DocuSign Envelope ID:8CCC378C-D84F-4D9F-BAF3-FB77653C088A <br /> b. Suspicious/Unknown File Analysis. While using certain CrowdStrike Offerings Customer may have the <br /> option to upload (by submission, configuration, and/or, in the case of Services, by CrowdStrike personnel <br /> retrieval) files and other information related to the files for security analysis and response or, when <br /> submitting crash reports, to make the product more reliable and/or improve CrowdStrike's products and <br /> services or enhance cyber-security. These potentially suspicious or unknown files may be transmitted and <br /> analyzed to determine functionality and their potential to cause instability or damage to Customer's <br /> endpoints and systems. In some instances, these files could contain Personal Data for which Customer <br /> is responsible. <br /> 4. Compliance with Privacy and Information Security Requirements <br /> a. Compliance with Laws. CrowdStrike shall comply with all Privacy and Security Laws, the EU-US Privacy <br /> Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of <br /> Commerce regarding the collection, use,and retention of Personal Data from the European Economic Area, <br /> Switzerland, and the United Kingdom, as applicable. CrowdStrike's privacy notice may be found at <br /> http://www.crowdstrike.com/privacy-notice/. To the extent necessary to comply with Privacy and Security <br /> Laws, including but not limited to when Customer is a controller of Personal Data processed by CrowdStrike <br /> originating in the European Union, Switzerland, or the United Kingdom, the Data Protection Addendum set <br /> forth here https://www.crowdstrike.com/data-protection-agreement/ shall apply to CrowdStrike's <br /> processing of such Customer Personal Data. <br /> b. Safeguards. CrowdStrike shall maintain appropriate technical and organizational safeguards <br /> commensurate with the sensitivity of the Customer Data and Personal Data processed by it on Customer's <br /> behalf, which are designed to protect the security, confidentiality, and integrity of such Customer Data and <br /> Personal Data and protect such Customer Data and Personal Data against accidental or unlawful <br /> destruction or accidental loss, alteration, unauthorized disclosure or access, including the safeguards set <br /> forth on Appendix 1 which substantially conform to the ISO/IEC 27002 control framework. ("Information <br /> Security Controls for CrowdStrike Systems"). <br /> c. Access; Contacts. With respect to employees, agents, and subcontractors, CrowdStrike shall limit access <br /> to Customer Data and Personal Data to only those employees, agents, and subcontractors who have a <br /> need to access the Customer Data and/or Personal Data in order to carry out their roles as contemplated <br /> in the terms of this Agreement. CrowdStrike shall assign and train personnel who shall: (i) liaise with <br /> customers regarding any issues concerning the security of Customer Data and/or Personal Data; (ii) <br /> receive notice of any Security Breach discovered by CrowdStrike and provide notice of any such Security <br /> Breach to Customer; and (iii) coordinate CrowdStrike's Security Breach response and remedial action. <br /> 5. Security Breach Response <br /> In the event CrowdStrike discovers a Security Breach, CrowdStrike shall: <br /> a. Without undue delay but no later than 72 hours of becoming aware, notify Customer of the discovery of the <br /> Security Breach. Such notice shall summarize the known circumstances of the Security Breach and the <br /> corrective action taken or to be taken by CrowdStrike. <br /> b. Conduct an investigation of the circumstances of the Security Breach. <br /> c. Use commercially reasonable efforts to remediate the Security Breach. <br /> d. Use commercially reasonable efforts to communicate and cooperate with Customer concerning its <br /> response to the Security Breach. <br /> 6. Security Assessment and Provision of Audited Security Controls. Promptly after written (including email) <br /> request from Customer, CrowdStrike shall provide Customer with: (i) its most recent SOC II, Type 2 report <br /> regarding the CrowdStrike Systems; and (ii) provide its completed Standardized Information Gathering (SIG) <br /> questionnaire (or similar document) for the CrowdStrike Systems (the "Security Documentation"). Upon the <br /> provision of reasonable notice to CrowdStrike, once every twelve months during the term of the Agreement and <br /> during normal business hours unless otherwise decided by CrowdStrike in its sole discretion, CrowdStrike shall <br /> make appropriate CrowdStrike personnel reasonably available to Customer to discuss CrowdStrike's manner of <br /> compliance with applicable security obligations under this Agreement. In advance of such discussion, <br /> CrowdStrike may, in addition to the Security Documentation, provide Customer with access to additional <br /> requested information or documentation concerning CrowdStrike's information security practices as they relate <br /> to this Agreement, including without limitation, access to any security assessment reports designed to be shared <br /> with third parties. Any information or documentation provided pursuant to this assessment process or otherwise <br /> pursuant to this Schedule shall be considered CrowdStrike's Confidential Information and subject to the <br /> Confidentiality section of the Agreement. <br /> CrowdStrike Form May 27 2019 14 of 17 <br />
The URL can be used to link to this page
Your browser does not support the video tag.