DEFAULT STANDARDS. a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit). b. If this DPE does not specifically address a particular data security or privacy standard or obli- gation, Cisco will use appropriate, Generally Accepted Practices to protect the confidentiality, security, privacy, integrity, availability, and accuracy of Personal Data. c. Cisco agrees that, in the event of a breach of this DPE, whether Customer has an adequate remedy in damages, Customer may be entitled to seek injunctive or equitable relief to immedi- ately cease or prevent the use, Processing, or disclosure of Personal Data not contemplated by Xxxxx’s obligations to the Customer and/or this MDPA and to enforce the terms of this DPE or enforce compliance with all mandatory applicable law. d. Any ambiguity in this DPE shall be resolved to permit Customer to comply with all mandatory applicable law. In the event and to the extent that the mandatory applicable law impose stricter obligations on Cisco than under this DPE, the mandatory applicable law shall prevail.
Appears in 1 contract
Samples: Data Protection Agreement
DEFAULT STANDARDS. a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit).
b. In addition to the foregoing, to the extent Cisco receives, processes, transmits or stores any Cardholder Data for or on behalf of Customer, Cisco represents and warrants that information security procedures, processes, and systems will at all times meet or exceed all applicable information security laws, standards, rules, and requirements related to the collection, storage, Processing, and transmission of payment card information, including those established by ap- plicable governmental regulatory agencies, the Payment Card Industry (the “PCI”), all applica- ble networks, and any written standards provided by Customer’s information security group to Cisco from time to time (all the foregoing collectively the “PCI Compliance Standards”).
c. Where Cisco Processes Protected Health Information (as that term is defined by The Health Insurance Portability and Accountability Act, or HIPAA), the Business Associate Agreement will be added as Attachment C and will also apply to the Processing of such data. If any of the Applicable Laws are superseded by new or modified mandatory applicable law (including any decisions or interpretations by a relevant court or governmental authority relating thereto), the new or modified mandatory applicable law shall be deemed to be incorporated into this DPE, and Cisco will promptly begin complying with such mandatory applicable law.
d. If this DPE does not specifically address a particular data security or privacy standard or obli- gation, Cisco will use appropriate, Generally Accepted Practices to protect the confidentiality, security, privacy, integrity, availability, and accuracy of Personal Data.
c. e. Cisco agrees that, in the event of a breach of this DPE, whether Customer has an adequate remedy in damages, Customer may be entitled to seek injunctive or equitable relief to immedi- ately cease or prevent the use, Processing, or disclosure of Personal Data not contemplated by Xxxxx’s obligations to the Customer and/or this MDPA and to enforce the terms of this DPE or enforce compliance with all mandatory applicable law.
d. f. Any ambiguity in this DPE shall be resolved to permit Customer to comply with all mandatory applicable law. In the event and to the extent that the mandatory applicable law impose stricter obligations on Cisco than under this DPE, the mandatory applicable law shall prevail.
Appears in 1 contract
Samples: Data Protection Agreement
DEFAULT STANDARDS. a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit).
b. In addition to the foregoing, to the extent Cisco receives, processes, transmits or stores any Cardholder Data for or on behalf of Customer, Cisco represents and warrants that information security procedures, processes, and systems will at all times meet or exceed all applicable information security laws, standards, rules, and requirements related to the collection, storage, Processing, and transmission of payment card information, including those established by ap- plicable governmental regulatory agencies, the Payment Card Industry (the “PCI”), all applica- ble networks, and any written standards provided by Customer’s information security group to Cisco from time to time (all the foregoing collectively the “PCI Compliance Standards”).
c. Where Cisco Processes Protected Health Information (as that term is defined by The Health Insurance Portability and Accountability Act, or HIPAA), the Business Associate Agreement will be added as Attachment C and will also apply to the Processing of such data. If any of the Applicable Laws are superseded by new or modified mandatory applicable law (including any decisions or interpretations by a relevant court or governmental authority relating thereto), the new or modified mandatory applicable law shall be deemed to be incorporated into this DPE, and Cisco will promptly begin complying with such mandatory applicable law.
d. If this DPE does not specifically address a particular data security or privacy standard or obli- gation, Cisco will use appropriate, Generally Accepted Practices to protect the confidentiality, security, privacy, integrity, availability, and accuracy of Personal Data.
c. e. Cisco agrees that, in the event of a breach of this DPE, whether Customer has an adequate remedy in damages, Customer may be entitled to seek injunctive or equitable relief to immedi- ately cease or prevent the use, Processing, or disclosure of Personal Data not contemplated by XxxxxCisco’s obligations to the Customer and/or this MDPA and to enforce the terms of this DPE or enforce compliance with all mandatory applicable law.
d. f. Any ambiguity in this DPE shall be resolved to permit Customer to comply with all mandatory applicable law. In the event and to the extent that the mandatory applicable law impose stricter obligations on Cisco than under this DPE, the mandatory applicable law shall prevail.
Appears in 1 contract
Samples: Data Protection Agreement
DEFAULT STANDARDS. a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit).
b. If this DPE does not specifically address a particular data security or privacy standard or obli- gation, Cisco will use appropriate, Generally Accepted Practices to protect the confidentiality, security, privacy, integrity, availability, and accuracy of Personal Data.
c. Cisco agrees that, in the event of a breach of this DPE, whether Customer has an adequate remedy in damages, Customer may be entitled to seek injunctive or equitable relief to immedi- ately cease or prevent the use, Processing, or disclosure of Personal Data not contemplated by XxxxxCisco’s obligations to the Customer and/or this MDPA and to enforce the terms of this DPE or enforce compliance with all mandatory applicable law.
d. Any ambiguity in this DPE shall be resolved to permit Customer to comply with all mandatory applicable law. In the event and to the extent that the mandatory applicable law impose stricter obligations on Cisco than under this DPE, the mandatory applicable law shall prevail.
Appears in 1 contract
Samples: Data Protection Agreement