Orange County NC Website
Browse       Search
<br />Submittable Customer Terms of Service <br />v1.4 <br /> Page 21 of 28 <br />5.1. All databases can only be accessed by Submittable’s private subnet. <br />5.2. Customers and End Users access Submittable accounts over HTTPS. <br />6. DATA BACKUPS <br />6.1. All production databases are housed in Amazon Web Services RDS (Relational Database Services) and <br />Azure Database. <br />6.2. Automated daily backups are enabled on all database instances. <br />6.3. Encryption is enabled on all databases. <br />6.4. Retention time for database backups is set to the maximum allowable. <br />6.5. Only database administrators have access to initiate backups or restores. <br />6.6. Only database administrators may modify backup or restoration configurations. <br />6.7. Submittable retains its security documents pursuant to its retention requirements after they are no longer <br />in effect. <br />7. DATA SEGREGATION <br />7.1. All data is stored in a multi-tenant relational database with logical separations. <br />7.2. Tenant data is separated using foreign keys and application logic. <br />8. ADDITIONAL GENERAL SAFEGUARDS <br />8.1. Submittable does not store any Personal Information on removable devices or removable media. <br />8.2. All Personal Information is encrypted while being transmitted between networks (including e-mail), whether <br />public or private. <br />8.3. All backups of Personal Information is encrypted. <br />8.4. Software firewalls are installed on all laptops and other devices containing Personal Information if <br />connected to public networks or unsecure private networks. <br />8.5. Background checks are performed on all newly hired personnel and Subcontractors with access to Personal <br />Information. <br />8.6. Prior to loading any Personal Information onto any application that is Internet facing, application vulnerability <br />testing is performed and any findings are appropriately remediated. <br />8.7. Security tools required by this DPA, such as encryption tools, are monitored to determine whether they are <br />installed, updated, and active. <br />8.8. Security-related patches are applied in a timely manner in relation to the criticality of the patch, but not later <br />than 10 days after the date such patches become available to Licensor for critical patches and 30 days for <br />other patches. <br />9. ADDITIONAL SAFEGUARDS THAT APPLY TO LAPTOPS ACCESSING PERSONAL INFORMATION. <br />9.1. Anti-virus and anti-spyware software are installed and are updated in a timely manner (but not less than <br />weekly). <br />9.2. All data stored on a laptop are securely erased prior to disposal, reuse, resale or return to a vendor at end <br />of a lease. <br />9.3. Laptops are physically secured when unattended. <br />9.4. All laptops use a standard configuration that requires the screensaver to activate after not more than 10 <br />minutes of inactivity and requires entry of the user’s password to unlock the laptop. <br />9.5. Laptops use log-in passwords that are at least 8 characters in length. <br />9.6. Laptops lock out after not more than 10 invalid login attempts. <br />9.7. Users do not share passwords required to log in to laptops with unauthorized users of the laptops. <br />10. ADDITIONAL SAFEGUARDS THAT APPLY TO ALL OTHER DEVICES. <br />DocuSign Envelope ID: 367666E5-0A49-40C9-BFB5-74D495BAB8F1