Laserfiche WebLink
InfoSend Response -12/2912006 <br />GR -50, <br />The vendor shall have and maintain a disaster <br />recovery plan to protect COSA receivables <br />and the confidentiality of the information <br />contained therein. Vendor shall provide COSA <br />with a copy of the plan. Detail the proposed <br />offsite storage location and plan for backing up <br />data daily. Include the processing steps from <br />transmission racelpt to paper bill delivery. The <br />successful vendor shall show evidence of a <br />X <br />functional contingency plan to guarantee the <br />complete and tlmaly processing of City of <br />Santa Ana's work, <br />Describe your contingency planning, <br />documentation and testing processes on <br />Attachment E using scenarios indicated. <br />II,A. GENERAL REQUIREMENTS—CONTINUED <br />GR�14: "Describe the processes and/or technologies in place to ensure the security and privacy <br />of data transmissions" <br />InfoSend follows the Payment Card Industry (PCI) rules set for companies that originate less than <br />6 million credit card transactions per year, All security procedures and policies are based around <br />PCL All information Is confidential and protected, User passwords are stored using a <br />one-way hash and cannot be read by anybody. The application Is hosted by physical <br />three-tier layer architecture. The presentation server, the application server, and the <br />database server are separated onto different physical networks Users can only connect <br />to the presentation server over 128 -bit SSL In order to ensure that all information passed <br />from the customer to the application is encrypted. Anti -fraud features such as Address <br />Verification Service (AVS) and Credit Card Security Coding (CSC) are used when <br />payment transactions are processed. External security monitoring by ScanAlert informs <br />InfoSend if there Is a perceived problem from the outside of the network. <br />Unauthorized users cannot access utility account date, bank account or credit card <br />numbers, or other payment information. The data that InfoSend transmits to its payment <br />processors is encrypted. Industry standard security methods safeguard data and <br />external site monitoring scans for open ports or other security issues. Proper access <br />control methods insure that internal users can only access the data relates to their job <br />functions. While InfoSend uses the Windows operating system for internal processing <br />the EBPP application itself is hosted on Red Hat Enterprise servers. InfoSend elected to <br />use this operating system for its web hosting because independent studies have shown <br />it to have less critical security flaws than Windows has had over the years. <br />Physical facility security measures are in place to prevent unauthorized access to data. <br />Security cards/tokens are required to enter the building, Visitors must be signed in <br />before entering, All servers are centrally located and only authorized staff members can <br />access them. <br />GR -19: "Vendor must be able to accommodate multiple bill formats. Bills and notices may be <br />redesigned as part of this Agreement. Pricing should include the cost of Initial bill format set up <br />for each format required and for subsequent required changes and redesigns. Vendor must <br />specify the type of bill or change that might constitute a "new" format. For example, when a <br />25H-28 16 <br />