| Worksheet ID: |
440 |
| Record Location: |
Vehicle and Asset Management
6500 Centennial Blvd., Nashville, TN 37243 |
| File Arrangement: |
Alphabetical |
| Media Format Generated: |
Both |
| Media Format Stored: |
Paper/Electronic |
| Date Range: |
2012 to current |
| Annual Accumulation: |
Paper: 1 cu.ft.
Electronic: approx. 3.4 GB |
| Current Volume: |
Paper: 10 cu.ft.
Electronic: approx. 17 GB |
| Record Value: |
Administrative, Fiscal |
| Audit Requirements: |
Both |
| Reference Frequency: |
| Current Year per Month: |
300 |
| Past Year: |
3600 |
| 2 - 5 Years: |
1500 |
| Over 5 Years:
|
0 |
|
| Data Update Frequency: |
Daily |
| Information Shared Outside of State: |
Yes |
| If Shared, List Agencies: |
Federal General Services Administration |
| Essential Record: |
Yes - Original |
| Essential Record Stored: |
Vehicle and Asset Management
6500 Centennial Blvd., Nashville, TN 37243 |
| Essential Record Media Type: |
Paper |
| Confidential: |
Yes |
| Confidential Legal Citation: |
HIPPA-State, Human Resources |
| Media Recommendation: |
Current Format |
| Media Recommendation Other: |
|
| Agency Retention: |
5 years |
| Agency Retention - Years Active: |
|
| Agency Retention - Years Inactive: |
|
| Records Center Retention Period: |
None |
| Final Disposition after Retention Expires: |
Destroy |
| Legal Citation: |
T.C.A. 10-7-504 |
| Record Sample: |
No Sample |
| Legal Documentation: |
No Legal Documentation |
| Electronic Records Plan Inventory |
| System Name: |
In-Circuit is the application provided by AssetWorks and the application is hosted at Amazon Web Services (AWS) |
| IT-ABC Number: |
No IT-ABC Number available |
| Hardware Description: |
The Wayne, Pennsylvania datacenter operation is presently responsible for servers supporting the inscope technology solutions. The in-scope managed services are hosted on virtual servers. Firewalls ‐ AssetWorks deploys firewalls monitored by out‐sourced entities (Arraya Solutions, Cisco SourceFire Security). All critical infrastructure firewalls are high redundant pairs running on a Secure Platform. These units protect local assets as well as provide a secure VPN back to the corporate office. Remote users accessing critical systems inside the AssetWorks firewalls are required to authenticate through a VPN connection using IPSEC to the firewall. The authentication is currently done through strong local username/password combinations on the firewall itself. Network and computer systems are monitored using several software packages and methods. Network traffic is monitored through the use of automated alerts in firewall logs as well as content filtering packages such as Cisco IronPort. Network devices are scanned monthly for vulnerabilities. AssetWorks utilizes IBM-centric Technology within its data center with all major platforms supported, including Windows, UNIX and Linux, with database support from Oracle, MS SQL Server and DB2. The data center operates 24/7 and provides diverse and fully redundant ISPs and UPS with dedicated generator and firewall protection of all system |
| Software Description: |
Software used by AssetWorks to manage and support the System includes: Monitoring tools – network, server, application, security and device: • SolarWinds • Nagios • Webmetrics • Arraya Manager 365 (monitors network 24x7) • Service Wise (Incident/Problem tracking) • Argent Change management and help desk: • Confluence System management: • VCenter Operations Manager Vulnerability management, remediation management, risk analysis reporting, change control, security information and event management (SEIM), investigation and log management: • Tenable Nessus • IBM Security Appscan Enterprise Network protection – firewall, network intrusion prevention, and authentication: • FishNet (disc 2/7/16) • Cisco ASA 5585-X Email and Web – gateways and filtering: • Cisco IronPort (site filtering) • ProofPoint • Cisco ACS Desktop Protection – virus protection, desktop firewall, host IPS, web filtering, mobility management, application control, and virtualization: • Trend Micro Office Scan/Malware Bytes Data Protection – disk and data encryption, device control, and network data loss prevention (DLP): • Trend Micro Datacenter Protection – host intrusion prevention, change control, and database security: • Trend Micro/Firewalls Network Protection – Firewall, network intrusion prevention and authentication: • Cisco SourceFire IDS/IPS • UltraDNS- DNS Management |
| System Location: |
The Wayne, Pennsylvania datacenter operation is presently responsible for servers supporting the inscope technology solutions. The in-scope managed services are hosted on virtual servers |
| Backup Procedures: |
For data stored in the entity's server room, backups are conducted daily to local disk storage and then replicated into the cloud. |
| Disaster Recovery: |
The Disaster Recovery plans are tested annually in accordance with AssetWorks' system availability policies |
| Data Migration Description: |
System and development changes are reviewed and approved by the Manager of Development prior to implementation in production. Separate environments are used for development, testing, staging and production. Developers do not have access to promote code into production. The QA Manager performs post implementation procedures on development changes to ensure the operation of system changes after implementation in production. |
| Metadata Description: |
Data The service organization manages datacenter and data communications operations within the IT infrastructure environment. Access to data is limited to authorized personnel in accordance with AssetWorks security policies. The service organization is also responsible for the overall availability of data, including system backups, monitoring of data processing and file transmissions as well as identifying and resolving problems. |
