Sielox Access Control and Security System

The Vendor is required to provide for sielox access control and security system.
- Contractor’s Information Security Program shall include the creation and maintenance of Information Security Policies, standards, and procedures. Information Security Policies, standards, and procedures will be communicated to all Contractor employees in a relevant, accessible, and understandable form and will be regularly reviewed and evaluated to ensure operational effectiveness, compliance with all applicable laws and regulations, and addresses new and emerging Threats and Risks.
- The Contractor shall exercise the same degree of care in safeguarding and protecting County Information that the Contractor exercises with respect to its own Information and Data, but in no event less than a reasonable degree of care.
- Security Program shall:
•    Protect the confidentiality, integrity, and availability of county information in the contractor’s possession or control;
•    Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of county information;
•    Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of county information;
•    Protect against accidental loss or destruction of, or damage to, county information; and
•    Safeguard county information in compliance with any applicable laws and regulations which apply to the contractor.
- These Privacy Policies, guidelines, procedures, and appropriate training will be provided to all Contractor employees, agents, and volunteers.
- Secure Authentication: The importance of utilizing secure authentication, including proper management of authentication credentials (login name and password) and multi-factor authentication.
- Social Engineering Attacks: Identifying different forms of social engineering including, but not limited to, phishing, phone scams, and impersonation calls.
- Handling of County Information: The proper identification, storage, transfer, archiving, and destruction of County Information.
- Causes of Unintentional Information Exposure: Provide awareness of causes of unintentional exposure of Information such as lost mobile devices, emailing Information to inappropriate recipients, etc.
- Identifying and Reporting Incidents: Awareness of the most common indicators of an Incident and how such indicators should be reported within the organization.
- Network access to both internal and external networked services shall be controlled, including, but not limited to, the use of industry standard and properly configured firewalls;
- Operating systems will be used to enforce access controls to computer resources including, but not limited to, multi-factor authentication, use of virtual private networks (VPN), authorization, and event logging;
- Conduct regular, no less often than semi-annually, user access reviews to ensure that unnecessary and/or unused access to County Information is removed in a timely manner;
- Applications will include access control to limit user access to County Information and application system functions;
- All systems will be monitored to detect deviation from access control policies and identify suspicious activity.
- Must have a minimum of eight fully trained and certified Sielox technicians.
- Must provide available on site support for all products under agreement within two (2) hours during regular business hours. (Monday – Friday / 8:00am PST – 5:00pm PST)
- Installation to include: 
•    Setup of card readers, Sielox controllers, Sielox power supplies, door hardware, etc., cable pulling, termination of low voltage cable, programming, configuring, and testing of card access system components and software.
- Software Support to include:
•    24/7 phone tech support, database recovery, in person Sielox software troubleshooting.