Laserfiche WebLink
declare, said declaration will not be unreasonably withheld. <br />6.4 In the event we declare a disaster, our Recovery Time Objective ("RTO") is twenty-four (24) <br />hours. For purposes of this subsection, RTO represents the amount of time, after we declare a <br />disaster, within which your access to the Tyler Software must be restored. <br />6.5 We conduct annual penetration testing of either the production network and/or web <br />application to be performed. We will maintain industry standard intrusion detection and <br />prevention systems to monitor malicious activity in the network and to log and block any such <br />activity. We will provide you with a written or electronic record of the actions taken by us in the <br />event that any unauthorized access to your database(s) is detected as a result of our security <br />protocols. We will undertake an additional security audit, on terms and timing to be mutually <br />agreed to by the parties, at your written request. You may not attempt to bypass or subvert <br />security restrictions in the SaaS Services or environments related to the Tyler Software. <br />Unauthorized attempts to access files, passwords or other confidential information, and <br />unauthorized vulnerability and penetration test scanning of our network and systems (hosted or <br />otherwise) is prohibited without the prior written approval of our IT Security Officer. <br />6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client -specific. <br />Should you request a client -specific disaster recovery test, we will work with you to schedule <br />and execute such a test on a mutually agreeable schedule. At your written request, we will <br />provide test results to you within a commercially reasonable timeframe after receipt of the <br />request. <br />6.7 We will be responsible for importing back-up and verifying that you can log -in. You will be <br />responsible for running reports and testing critical processes to verify the returned Data. <br />6.8 We provide secure Data transmission paths between each of your workstations and our servers. <br />6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other <br />visitors to Tyler data centers must be signed in and accompanied by authorized personnel. <br />Entry attempts to the data center are regularly audited by internal staff and external auditors to <br />ensure no unauthorized access. <br />6.10 Where applicable with respect to our applications that take or process card payment data, we <br />are responsible for the security of cardholder data that we possess, including functions relating <br />to storing, processing, and transmitting of the cardholder data and affirm that, as of the <br />Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and <br />have performed the necessary steps to validate compliance with the PCI DSS. We agree to <br />supply the current status of our PCI DSS compliance program in the form of an official <br />Attestation of Compliance, which can be found at https://www.tylertech.com/about- <br />us/compliance, and in the event of any change in our status, will comply with applicable notice <br />requirements. <br />SECTION C —PROFESSIONAL SERVICES <br />1. Professional Services. We will provide you the various implementation -related services itemized in <br />the Investment Summary and described in our industry standard implementation plan. We will <br />finalize that documentation with you upon execution of this Agreement. <br />•• j.•. tyler <br />