FISMA Sample Clauses

FISMA. ● Employees are fingerprinted, criminal background checked annually and random polygraphs ● Employee access to client accounts is limited to a “support” log in role, with restricted access privileges. No download, email or printing ability available in the “support” log in role. ● Employee access requires 2 factor authentication “one-time password” generator which is locked in company safes after-hours. No employees will ever be able to log in a client account outside of office ● Data is encrypted at point of creation, sent through a VPN (Virtual Private Network) to our data center. All servers, databases etc. are encrypted at rest and when functioning using FIPS 140-2 certified cryptography. ● Server environment is housed in a Virtual Private Cloud (VPC) utilizing VPN’s to communicate between servers ● Database is never facing the internet, only the web application is internet facing. Database is in a separate server from Web Application without internet access. ● Web application utilizes SSL encryption ● Malware and virus scanning in real time, with automatic server shutdown in the event of a breach, failover to backup copies of FleetTrac housed in geographically isolated datacenters. ● Data is backed up hourly to geographically isolated (1000 miles away from primary) datacenter, all within US boarders. ● No sub-contractors are utilized in our server management or code writing. Only vetted employees are allowed access to our servers, and under supervision of the firms Information Security Officer (ISO) ● Annual 3rd party (3-PAO) onsite surprise audits of our SSP ● This is small sampling of the 253 security controls in LB Technology’s System Security Plan (SSP). There is not enough space here to describe all of our security controls. Just know LB Technology take system security very seriously, we expend great amount of time and resources keeping our clients data secure. We urge government purchasing officers to fully investigate a vendor’s security controls. Our industry is growing extremely fast right now, with many new entrants who do not have the expertise or resources to adequately implement a full system wide information security plan. With real time and historical travel/location of vehicles, data breaches can create politically and in some cases employee security issues that must be accounted for by the purchasing manager’s evaluation of competing telematics vendors. ● FedRAMP is a security certification that deals with a data centers physical secu...