Laserfiche WebLink
InfoSend Response — 12/29/2006 <br />GR -50. <br />The vendor shall have and maintain a disaster <br />recovery plan to protect COSA receivables <br />and the confidentiality of the information <br />contained therein. Vendor shall provide COSA <br />with a copy of the plan. Detail the proposed <br />offsite storage location and plan for backing up <br />data daily. Include the processing steps from <br />transmission receipt to paper bill delivery. The <br />successful vendor shall show evidence of a <br />X <br />functional contingency plan to guarantee the <br />complete and timely processing of City of <br />Santa Ana's work. <br />Describe your contingency planning, <br />documentation and testing processes on <br />Attachment E using scenarios indicated. <br />II.A. GENERAL REQUIREMENTS — CONTINUED <br />GR -14: "Describe the processes and /or technologies in place to ensure the security and privacy <br />of data transmissions." <br />InfoSend follows the Payment Card Industry (PCI) rules set for companies that originate less than <br />6 million credit card transactions per year. All security procedures and policies are based around <br />PCI. All information is confidential and protected. User passwords are stored using a <br />one -way hash and cannot be read by anybody. The application is hosted by physical <br />three -tier layer architecture. The presentation server, the application server, and the <br />database server are separated onto different physical networks. Users can only connect <br />to the presentation server over 128 -bit SSL in order to ensure that all information passed <br />from the customer to the application is encrypted. Anti -fraud features such as Address <br />Verification Service (AVS) and Credit Card Security Coding (CSC) are used when <br />payment transactions are processed. External security monitoring by ScanAlert informs <br />InfoSend if there is a perceived problem from the outside of the network. <br />Unauthorized users cannot access utility account data, bank account or credit card <br />numbers, or other payment information. The data that InfoSend transmits to its payment <br />processors is encrypted. Industry standard security methods safeguard data and <br />external site monitoring scans for open ports or other security issues. Proper access <br />control methods insure that internal users can only access the data relates to their job <br />functions. While InfoSend uses the Windows operating system for internal processing <br />the EBPP application itself is hosted on Red Hat Enterprise servers. InfoSend elected to <br />use this operating system for its web hosting because independent studies have shown <br />it to have less critical security flaws than Windows has had over the years. <br />Physical facility security measures are in place to prevent unauthorized access to data. <br />Security cards /tokens are required to enter the building. Visitors must be signed in <br />before entering. All servers are centrally located and only authorized staff members can <br />access them. <br />GR -19: "Vendor must be able to accommodate multiple bill formats. Bills and notices may be <br />redesigned as part of this Agreement. Pricing should include the cost of initial bill format set up <br />for each format required and for subsequent required changes and redesigns. Vendor must <br />specify the type of bill or change that might constitute a "new" format. For example, when a <br />16 <br />