Web Security. (WS) The Web Security (WS) service uses the USS infrastructure, notably two databases - LogDB and CoreDB - for log data and policy/rule/configuration data respectively - described in clause 2.
Web Security a. The ASP will disclose the use of various web architecture and programming languages, including, but not limited to Java, JavaScript, ActiveX, PHP, Python, C, Perl, VBScript, etc.
Web Security. To prepare for our move to Secure Sockets Layer (SSL -- encrypted communication between servers and browsers) support for our websites, we chose xxxxxxxxx.xxx as the source of our SSL certificates. Xxxxxx notices: • Teleforms: Libraries reported that their patrons were not receiving “hold pickup” phone notices. The Teleforms log showed no problems and we could hear calls being made. When we listened closely, though, we could hear that “hold pickup” calls were being answered with the message, “You must dial an area code first.” All patron records in Sierra have area codes in their phone numbers, so we contacted III, who had us reapply a code and restart the server. That fixed the problem. There are other problems with Teleforms, though, that we continue to work with III to resolve. • Email: Some patrons report that they’re not receiving email notices. If not the usual suspect (Spam folder), then It may be that the volume of emails we send is causing ISPs to block us temporarily if they think we’re spammers. We’re trying to get whitelisted with Spectrum, since that’s one of the biggest ISPs and is used by many of the patrons who have reported this problem. • Sierra-cc: To log Sierra emails, we Bcc xxxxxx-xx@xxxx.xxx on every message. When looking at that account to troubleshoot a problem report, we saw that there were 1.2 million messages in the Inbox. We deleted all messages that were more than thirty days old, and installed a script that runs continually to delete old (> 30 days) messages automatically. (We send more than 85,000 hold and overdue emails a month.) Sierra changes: • On the recommendation of the Cataloging Advisory Council we added a new Material Type: Digital Media.
Web Security. Supplier will provide Seagate with the process for doing security- specific quality assurance testing for the application, for example, testing of authentication, authorization, and accounting functions, as well as any other activity designed to validate the security architecture.
Web Security. 1. At University of Louisiana at Lafayette's discretion, the ASP may be required to disclose the specific configuration files for any web servers and associated support functions (such as search engines or databases).
Web Security. Our web layer consists of a passcode encrypted web service with enforced business logic. The business logic restricts user activity based upon permission level such that data access is limited to role within the LEA organization. 3 Address the training received by your employees and any subcontractors engaged in the provision of services under the Contract on the federal and state laws that govern the confidentiality of PII. Our employees undergo annual training related to data handling and privacy/security issues. This includes protocols for sharing PII data, requiring it to be sent via a secure method, such as SFTP, instead of via email. Employees are also trained to avoid printing documents with PII unless required to do so and to refrain from sharing data with any person outside of their designated contact at the school or district or others that are explicitly authorized to receive such data. 4 Outline contracting processes that ensure that your employees and any subcontractors are bound by written agreement to the requirements of the Contract, at a minimum. All employees and subcontractors sign a NDA related to data handling. Any breach of this agreement is grounds for termination and the offending party may also risk criminal prosecution and civil penalties as a result. 5 Specify how you will manage any data security and privacy incidents that implicate PII and describe any specific plans you have in place to identify breaches and/or unauthorized disclosures, and to meet your obligations to report incidents to the EA. Details on the policies and procedures related to PII handling may be found here, but LinkIt! is committed to prompt notification of any breaches within seven (7) days after initial discovery. The company also performs internal scans to detect such breaches (or attempts) as well as regular penetration and vulnerability testing via a third party firm to identify and mitigate potential risks and vulnerabilities. 6 Describe how data will be transitioned to the EA when no longer needed by you to meet your contractual obligations, if applicable. Data will be transitioned to EA within 7 days of receipt of written request for the same, or, in the absence of such notice, within 60 days of termination of contract. A copy of the data set may also be provided to authorized EA staff upon request following the termination of the Agreement. 7 Describe your secure destruction practices and how certification will be provided to the EA. Written certifi...
