Orange County NC Website
Browse       Search
DocuSign Envelope ID: 576DD5DB-E4A9-406B-8F7C-CC4EF3C2484F <br /> <br /> <br />18. What are the contractually required notification period for the County or the cloud vendor <br />for termination of the cloud services? <br />a. 30 Days written notice from term date. <br /> <br />19. Describe how the County’s data will be stored, managed and archived. <br />a. PhotoShelter employs the best-of-breed technology platforms at every security <br />layer— from firewalls and access-management to intrusion detection, and is <br />working with industry leaders like Norse Corp on next-generation security <br />platforms. In over 12 years of managing our own proprietary cloud-based <br />platform, our system has proven its reliability with a track record of greater than <br />99.9% uptime with several petabytes of data being managed which includes <br />multiple replicas of over 285 million images and more than 5 million new <br />professional grade images monthly. We have 100% durability and have not lost a <br />single bit of data in 10 years. Regarding the security of the system, we employ <br />two separate outside scanning vendors called Comodo and Nessus. These two <br />services scan our system both daily and monthly for vulnerabilities at the OS, <br />Network, and Application levels as well as across our two data centers and <br />corporate environment. We have two primary data centers — one with Tel’x in <br />the Google Building in New York and one on the West Coast with Layer42 in <br />Santa Clara. Both facilities have state-of-the-art security including 24x7 guards, <br />video surveillance, biometric entry systems and servers housed in cages under <br />lock and key. The system has built-in redundancy such that replicas of all <br />data/media assets exist on both the East and West Coast, enabling complete fail <br />over to the opposite coast in the event of an emergency. We have passed rigorous <br />security audits from highly scrutinizing clients, including government entities like <br />the New York City Mayor’s Office. Our Chief Scientist is also the founder of a <br />recognized computer security firm, while our VP of Network Operations was the <br />former “Chief Network Paranoid” at Yahoo. <br /> <br />20. Will the County’s data be stored and managed on a storage system with other data? <br />a. Yes <br /> <br />If Yes, Explain: The County will not get its own dedicated server, but the data of every 1,100 <br />PhotoShelter clients is partitioned completely separate from each other. Every file <br />uploaded will be duplicated across our data centers for a total of 4 redundant copies. <br /> <br />21. At what architectural point in the provider’s cloud facility will the County’s data be <br />physically connected to networking equipment with non-County data? <br />a. None. <br /> <br />22. What are the cloud provider’s information security policies? <br />a. As a private company, we do not disclose this level of detail for security purposes <br />as this would expose proprietary information and open us to unwarranted risk. <br />Please refer to our Security Overview for additional information (see attached). <br />23. What are the cloud provider’s incident management and reporting policies? <br />a. PhotoShelter follows the SANS incident response program, and clients notified as <br />soon as a breach would be discovered. In 15+ years, PhotoShelter has never seen <br />a successful DDOS attack or loss of a single bit of data. <br /> <br />DocuSign Envelope ID: A0C7375C-1E9C-4913-9D61-A5E31E833876