SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information. 6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers. 6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld. 6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored. 6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer. 6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request. 6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data. 6.8 We provide secure Data transmission paths between each of your workstations and our servers. 6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access. 6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 6 contracts
Samples: Software as a Service Agreement, Software as a Service Agreement, Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 4 contracts
Samples: Software as a Service Agreement, Software as a Service Agreement, Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE-16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Datadata. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 4 contracts
Samples: Software as a Service Agreement, Software as a Service Agreement, Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 2 contracts
Samples: Software as a Service Agreement, Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 2 contracts
Samples: Software as a Service Agreement, Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE‐16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule.
6.7 We will be responsible for importing back‐up and verifying that you can log‐in. You will be responsible for running reports and testing critical processes to verify the returned data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 . Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- usxxxxx://xxx.xxxxxxxxx.xxx/about-
6. 10us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Executime Contract Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers. All Client data shall remain in the United States.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster, such declaration shall be made, in accordance with applicable law, upon learning of lost/damaged data. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 5.1. Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 5.2. You will be hosted on shared hardware in a Tyler data center or in a third-party third‐party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 5.3. Our Tyler data centers have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 5.4. In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 5.5. We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 5.6. We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 5.7. We will be responsible for importing back-up back‐up and verifying that you can log-inlog‐in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 5.8. We provide secure Data transmission paths between each of your workstations and our servers.
6.9 5.9. Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 5.10. Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- xxxxx://xxx.xxxxxxxxx.xxx/about‐ us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE‐16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule.
6.7 We will be responsible for importing back‐up and verifying that you can log‐in. You will be responsible for running reports and testing critical processes to verify the returned data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information. If our SaaS Services are provided using a 3rd party data center, we will provide available compliance reports for that data center.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four one (241) hours hour from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
6.11 As of the Effective Date of the Agreement, our Data backup retention policy with respect to the backup of storage systems used by Tyler in the event of a disaster impacting a client using Tyler’s SaaS Services is as follows: daily backups are retained for seven (7) days, weekly backups are retained for five (5) weeks, and monthly backups are retained for twelve (12) months. Tyler reserves the right to change this policy and will endeavor to communicate such changes to you using our then-current standard client communication channels.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE‐16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule.
6.7 We will be responsible for importing back‐up and verifying that you can log‐in. You will be responsible for running reports and testing critical processes to verify the returned data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers. Client will also be granted read-only access to the database(s) with the ability to use SQL Server Management Studio to run stored procedures, SQL queries and scripts.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE-16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Datadata. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We agree to comply with all laws, including data security and privacy laws, applicable to our performance under this Agreement. We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Datadata.
6.8 We provide secure Data transmission paths between each of your workstations and to our servers.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect Defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. Full server snapshots are performed daily and retained based on Tyler’s established application-specific retention policies. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Piggyback Rider Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE-18 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Datadata. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up back‐up and verifying that you can log-inlog‐in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler For at least the past twelve (12) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- xxxxx://xxx.xxxxxxxxx.xxx/about‐ us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
SaaS Services. 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 1816, Type 2. We have attained, and will maintain, SOC 1 and SOC 2 Type II SSAE compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Non‐Disclosure Agreement (“NDA”), we will provide you with a summary of our SSAE‐16 compliance report(s) report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or center, but in a third-party data center. In either event, databases containing your Data will be database dedicated to you and you, which is inaccessible to our other customers.
6.3 Our Tyler data centers We have fully-redundant fully‐redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler Xxxxx or its subcontractors or due to a defect in Tyler’s Xxxxx’x software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four twenty‐four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four twenty‐four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specificclient‐specific. Should you request a client-specific client‐specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule.
6.7 We will be responsible for importing back‐up and verifying that you can log‐in. You will be responsible for running reports and testing critical processes to verify the returned data. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data data transmission paths between from each of your workstations and to our servers.
6.9 Tyler For at least the past ten (10) years, all of our employees have undergone criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. Our data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Appears in 1 contract
Samples: Software as a Service Agreement
