Laserfiche WebLink
EXHIBIT C <br /> City of Everett <br /> Cloud and/or Offsite Hosting Terms and Conditions <br /> This document shall become part of the final contract. <br /> Terms and Conditions Clauses 1-13 are mandatory for every engagement. Exceptions will be considered <br /> non-compliant and non-responsive. <br /> 1. Data Ownership: The City of Everett shall own all right, title and interest in its data that is related to the <br /> services provided by this contract. The Service Provider shall not access City of Everett User accounts, or <br /> City of Everett Data,except(i)in the course of data center operations, (ii)response to service or technical <br /> issues, (iii) as required by the express terms of this contract, or(iv) at City of Everett's written request. <br /> 2. Data Protection: Protection of personal privacy and sensitive data shall be an integral part of the business <br /> activities of the Service Provider to ensure that there is no inappropriate or unauthorized use of City of Everett <br /> information at any time. To this end, the Service Provider shall safeguard the confidentiality, integrity, and <br /> availability of City information and comply with the following conditions: <br /> a) All information obtained by the Service Provider under this contract shall become and remain property of <br /> the City of Everett. <br /> b) At no time shall any data or processes which either belongs to or are intended for the use of City of <br /> Everett or its officers, agents, or employees, be copied, disclosed,or retained by the Service Provider or <br /> any party related to the Service Provider for subsequent use in any transaction that does not include the <br /> City of Everett. <br /> 3. Data Location: The Service Provider shall not store or transfer non-public City of Everett data outside of the <br /> United States. This includes backup data and Disaster Recovery locations. The Service Provider will permit <br /> its personnel and contractors to access City of Everett data remotely only as required to provide technical <br /> support. <br /> 4. Encryption: <br /> a) The Service Provider shall encrypt all non-public data in transit regardless of the transit mechanism. <br /> b) For engagements where the Service Provider stores sensitive personally identifiable or otherwise <br /> confidential information,this data shall be encrypted at rest. Examples are social security number, date of <br /> birth, driver's license number, financial data,federal/state tax information, and hashed passwords. The <br /> Service Provider's encryption shall be consistent with validated cryptography standards as specified in <br /> National Institute of Standards and Technology FIPS140-2, Security Requirements. The key location and <br /> other key management details will be discussed and negotiated by both parties. When the Service <br /> Provider cannot offer encryption at rest,they must maintain,for the duration of the contract, cyber security <br /> liability insurance coverage for any loss resulting from a data breach in accordance with the table below. <br /> Additionally, where encryption of data at rest is not possible,vendor must describe existing security <br /> measures that provide a similar level of protection. <br /> Tiered Coverage Schedule <br /> Level Number of PII records Level of cyber liability insurance required(occurrence=data breach) <br /> 1 1-10,000 $2,000,000 per occurrence <br /> City of Everett/Gtechna Software Agreement <br /> Page 16 7/25/2018 <br />