Common use of Customer Responsibility for Data and Security Clause in Contracts

Customer Responsibility for Data and Security. Customer and its Authorised Users shall have access to the Customer Data and shall be responsible for any and all: (a) changes to and/or deletions of Customer Data, maintaining the security and confidentiality of all User IDs and other Access Protocols required in order to use and access the InSight Services; (b) activities that occur in connection with such use and access. Iron Mountain and its suppliers are not responsible or liable for (i) the deletion of or failure to store any Customer Data by Customer or its Authorised Users; (ii) determining whether the security of the environment provided by Iron Mountain is commensurate with its needs, and (iii) long term backup copies of Customer Data. Notwithstanding the foregoing Iron Mountain will maintain resiliency and redundancy processes associated with the InSight Services to meet industry standards for storage of Customer Data. Customer is responsible for any long term backup or archival of the Customer Data that is provided to Iron Mountain. Iron Mountain shall maintain service accounts and encryption keys on behalf of the Customer necessary to perform the Services. Iron Mountain shall not be liable to Customer for a failure to maintain relevant service accounts and encryption keys if such failure isdue to Customer’s lack of cooperation or failure to assist in the provision of access to Customer Data. To the extent Customer or Customer’s third party provides Customer Data for the purposes herein, Customer shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data, and for ensuringthat it complies with the AUP, and Iron Mountain and its suppliers reserve the right to review the Customer Data for compliance with the AUP. In no event will Iron Mountain be liable for any loss of Customer Data, or other claims arising out of or in connection with theunauthorised acquisition or use of Access Protocols.

Customer Responsibility for Data and Security. Customer and its Authorised Users shall have access to the Customer Data and shall be responsible for any and all: (a) changes to and/or deletions of Customer Data, maintaining the security and confidentiality of all User IDs and other Access Protocols required in order to use and access the InSight Services; and (b) activities that occur in connection with such use and access. Iron Mountain and its suppliers are not responsible or liable for (i) the deletion of or failure to store any Customer Data by Customer or its Authorised UsersData; (ii) determining whether the security of the environment provided by Iron Mountain is commensurate with its needs, and (iii) long term backup copies of Customer Data. Notwithstanding the foregoing Iron Mountain will maintain resiliency and redundancy processes associated with the InSight Services to meet industry standards for storage of Customer Data. Customer is responsible for any long term backup or archival of securing and backing up the Customer Data that is provided to Iron Mountain. Iron Mountain shall maintain service accounts and encryption keys on behalf of the Customer necessary to perform the Services. Iron Mountain shall not be liable to Customer for a failure to maintain relevant service accounts and encryption keys if such failure isdue is due to Customer’s lack of cooperation or failure to assist in the provision of access to Customer Data. To the extent Customer or Customer’s third party provides Customer Data for the purposes herein, Customer shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data, and for ensuringthat ensuring that it complies with the AUP, and . Iron Mountain and its suppliers reserve the right to review the Customer Data for compliance with the AUP. In no event will Iron Mountain be liable for any loss of Customer Data, Data or other claims arising out of or in connection with theunauthorised the unauthorised acquisition or use of Access Protocols.