Browse
Search
2024-054-E-AMS-TMA Systems -MobileTMA Go Upgrade
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2024
>
2024-054-E-AMS-TMA Systems -MobileTMA Go Upgrade
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/13/2024 9:18:09 AM
Creation date
2/13/2024 9:16:33 AM
Metadata
Fields
Template:
Contract
Date
1/8/2024
Contract Starting Date
1/8/2024
Contract Ending Date
1/29/2024
Contract Document Type
Contract
Amount
$4,194.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
165
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
protected using the HTTPS protocol (TLS 1.0). <br /> <br />28. How are access rights managed by the cloud provider for their employees, contractors <br />and other persons? <br />TMA Response: Proper privileges at TMA are based on the “principle of least <br />privilege”. The principle limits access for users to the minimal level that allows a user <br />normal functioning. This principle of least privilege translates into giving people the <br />lowest level of user rights that they can have and still do their job. This limits the <br />potential damage from a security breach, whether accidental or malicious. Addition <br />details are available within TMA’s Network Administrative Security Policy, which is <br />available upon request. <br /> <br />29. What methods does the cloud provider use to destroy information, when so authorized? <br />TMA Response: Client data is removed from our infrastructure on request at the <br />cessation of the contract or 90 days following the cessation if not specifically requested. <br />Media is not destroyed, as the data is stored entirely on our SAN infrastructure. Client <br />data is never transferred to any type of removable media. <br /> <br /> <br />30. What is the cloud provider’s patch management policy/methods? <br />TMA Response: Patch management is managed by the database team once provided by <br />the development team. The development team creates the patches which are tested and <br />approved by the QA team. Once approved, the patches are packaged by the development <br />team and provided to the database team for deployment into the SaaS infrastructure. <br />Only the database team is authorized to make changes to the SaaS deployment. <br /> <br />31. How does the cloud provider defend against malware, including but not limited to <br />viruses, bots, spyware, spam, phishing and pharming? <br />TMA Response: Vipre is used for virus protection. The entire WebTMA solution is <br />protected using the HTTPS protocol (TLS 1.0). Firewalls are in place to prevent <br />disruption to the application or database from external networks. <br /> <br />32. What system hardening strategies are employed by the cloud provider? <br />TMA Response: Hardening strategies include but are not limited to the following: <br /> Management of user privileges <br /> Removal of unused user accounts <br /> Close unused network ports <br /> Password complexity and policies <br /> Remove unneeded services <br /> Patch all known vulnerabilities <br /> Least privileged administration model <br /> <br />33. How does the cloud provider perform security testing, including logging, correlation, <br />intrusion detection, intrusion prevention, file integrity monitoring, time synchronization, <br />security assessments, penetration testing? <br />TMA Response: TMA utilizes a combination of independent 3rd party testing and a <br />DocuSign Envelope ID: D1041CA6-DBD4-42BE-8B32-7C592BF2BA15DocuSign Envelope ID: 3E613CA5-0A37-4CD3-890F-47CC5E2F38B1
The URL can be used to link to this page
Your browser does not support the video tag.