Orange County NC Website
Browse       Search
15 <br /> information. If our SaaS Services are provided using a 3rd party data center, we will provide <br /> available compliance reports for that data center. <br /> 6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In <br /> either event, databases containing your Data will be dedicated to you and inaccessible to our <br /> other customers. <br /> 6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and <br /> the required hardware to provide access to the Tyler Software in the event of a disaster or <br /> component failure. In the event of a data center failure, we reserve the right to employ our <br /> disaster recovery plan for resumption of the SaaS Services. In that event, we commit to a <br /> Recovery Point Objective ("RPO") of 24 hours and a Recovery Time Objective ("RTO") of 24 <br /> hours. RPO represents the maximum duration of time between the most recent recoverable <br /> copy of your hosted Data and subsequent data center failure. RTO represents the maximum <br /> duration of time following data center failure within which your access to the Tyler Software <br /> must be restored. <br /> 6.4 We conduct annual penetration testing of either the production network and/or web <br /> application to be performed. We will maintain industry standard intrusion detection and <br /> prevention systems to monitor malicious activity in the network and to log and block any such <br /> activity. We will provide you with a written or electronic record of the actions taken by us in the <br /> event that any unauthorized access to your database(s) is detected as a result of our security <br /> protocols. We will undertake an additional security audit, on terms and timing to be mutually <br /> agreed to by the parties, at your written request. You may not attempt to bypass or subvert <br /> security restrictions in the SaaS Services or environments related to the Tyler Software. <br /> Unauthorized attempts to access files, passwords or other confidential information, and <br /> unauthorized vulnerability and penetration test scanning of our network and systems (hosted or <br /> otherwise) is prohibited without the prior written approval of our IT Security Officer. <br /> 6.5 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. <br /> Should you request a client-specific disaster recovery test,we will work with you to schedule <br /> and execute such a test on a mutually agreeable schedule. At your written request, we will <br /> provide test results to you within a commercially reasonable timeframe after receipt of the <br /> request. <br /> 6.6 We will be responsible for importing back-up and verifying that you can log-in. You will be <br /> responsible for running reports and testing critical processes to verify the returned Data. <br /> 6.7 We provide secure Data transmission paths between each of your workstations and our servers. <br /> 6.8 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other <br /> visitors to Tyler data centers must be signed in and accompanied by authorized personnel. <br /> Entry attempts to the data center are regularly audited by internal staff and external auditors to <br /> ensure no unauthorized access. <br /> 6.9 Where applicable with respect to our applications that take or process card payment data, we <br /> are responsible for the security of cardholder data that we possess, including functions relating <br /> to storing, processing, and transmitting of the cardholder data and affirm that, as of the <br /> •00•• tyler <br /> .,.. <br /> 4 <br />