My WebLink
|
Help
|
About
|
Sign Out
Home
WorkDay_-_MSA_-_ERP_453086
CityHall
>
City Clerk
>
City Council
>
Agreements
>
2024
>
WorkDay_-_MSA_-_ERP_453086
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/15/2025 8:56:56 PM
Creation date
8/7/2024 9:14:27 AM
Metadata
Fields
Template:
CM City Clerk-City Council
CM City Clerk-City Council - Document Type
Agreement
Document Date (6)
7/22/2024
Retention
PERM
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
43
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
00453086.0 -Confidential <br />UNIVERSAL SECURITY EXHIBIT <br />©2019 Workday 19.5 Page 2 of 2 <br />9. Secure Disposal. Policies and procedures regarding the secure disposal of tangible property containing Covered Data, <br />taking into account available technology so that such data cannot be practicably read or reconstructed. <br />10. Assigned Security Responsibility. Assigning responsibility for the development, implementation, and maintenance of <br />its information security program, including: <br />a) Designating a security official with overall responsibility; and <br />b) Defining security roles and responsibilities for individuals with security responsibilities. <br />11. Testing. Regularly testing the key controls, systems and procedures of its information security program to validate that <br />they are properly implemented and effective in addressing the threats and risks identified. <br />12. Monitoring. Network and systems monitoring, including error logs on servers, disks and security events for any <br />potential problems. Such monitoring includes: <br />a) Reviewing changes affecting systems handling authentication, authorization, and auditing; <br />b) Reviewing privileged access to Workday production systems processing Covered Data; and <br />c) Engaging third parties to perform network vulnerability assessments and penetration testing on a regular basis. <br />13. Change and Configuration Management. Maintaining policies and procedures for managing changes Workday makes <br />to production systems, applications, and databases processing Covered Data. Such policies and procedures include: <br />a) A process for documenting, testing and approving the patching and maintenance of the Covered Service; <br />b) A security patching process that requires patching systems in a timely manner based on a risk analysis; and <br />c) A process for Workday to utilize a third party to conduct web application level security assessments. These <br />assessments generally include testing, where applicable, for: <br />i) Cross-site request forgery <br />ii) Services scanning <br />iii) Improper input handling (e.g. cross-site scripting, SQL injection, XML injection, cross-site flashing) <br />iv) XML and SOAP attacks <br />v) Weak session management <br />vi) Data validation flaws and data model constraint inconsistencies <br />vii) Insufficient authentication <br />viii)Insufficient authorization <br />14. Program Adjustments. Workday monitors, evaluates, and adjusts, as appropriate, the security program in light of: <br />a) Any relevant changes in technology and any internal or external threats to Workday or the Covered Data; <br />b) Security and data privacy regulations applicable to Workday; and <br />c) <br />outsourcing arrangements, and changes to information systems. <br />Docusign Envelope ID: B7B2CF4A-C414-47B2-BF08-2BCDA4573B8E
The URL can be used to link to this page
Your browser does not support the video tag.