Laserfiche WebLink
City of Everett <br /> Cloud and/or Offsite Hosting Terms and Conditions <br /> ONLINE REGISTRATION AND SERVICING AGREEMENT between CITY OF EVERETT and <br /> CIVICPLUS, INC. dba CIVICPLUS (Service Provider) <br /> Exhibit B <br /> This document is part of the Agreement and this document supersedes any inconsistent <br /> provisions in the Agreement. <br /> Terms and Conditions Clauses 1-13 are mandatory for every engagement. <br /> 1. Data Ownership: The City of Everett shall own all right, title and interest in its data that is related <br /> to the services provided by this contract. The Service Provider shall not access City of Everett <br /> User accounts, or City of Everett Data, except(i) in the course of data center operations, (ii) <br /> response to service or technical issues, (iii) as required by the express terms of this contract, or <br /> (iv)at City of Everett's written request. <br /> 2. Data Protection: Protection of personal privacy and sensitive data shall be an integral part of the <br /> business activities of the Service Provider to ensure that there is no inappropriate or unauthorized <br /> use of City of Everett information at any time. To this end, the Service Provider shall safeguard <br /> the confidentiality, integrity, and availability of City information and comply with the following <br /> conditions: <br /> a) All information obtained by the Service Provider under this contract shall become and remain <br /> property of the City of Everett. <br /> b) At no time shall any data or processes which either belongs to or are intended for the use of <br /> City of Everett or its officers, agents, or employees, be copied, disclosed, or retained by the <br /> Service Provider or any party related to the Service Provider for subsequent use in any <br /> transaction that does not include the City of Everett. <br /> 3. Data Location: The Service Provider shall not store or transfer non-public City of Everett data <br /> outside of the United States. This includes backup data and Disaster Recovery locations. The <br /> Service Provider will permit its personnel and contractors to access City of Everett data remotely <br /> only as required to provide technical support. <br /> 4. Encryption: <br /> a) The Service Provider shall encrypt all non-public data in transit regardless of the transit <br /> mechanism. <br /> b) For engagements where the Service Provider stores sensitive personally identifiable or <br /> otherwise confidential information (examples are social security number, date of birth, driver's <br /> license number, financial data, federal/state tax information, and hashed passwords) and the <br /> Service Provider cannot offer encryption at rest, they must maintain, for the duration of the <br /> contract, cyber security liability insurance coverage for any loss resulting from a data breach <br /> in accordance with the section Insurance Coverage. Additionally,where encryption of data at <br /> rest is not possible, vendor must describe existing security measures they have in place to <br /> protect the data at rest. These existing security measures must at least include: encrypted <br /> passwords for database access; dual factor authentication for all Service Provider users; <br /> complicated passwords on all Servers, systems and DBs(and require such passwords be <br /> changed every 90 days); and Service Provider must have system access auditing tools, <br /> intrusion protection and detection on all Service Provider endpoint devices. <br /> 1IPage <br />