DEFAULT STANDARDS. a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit).
Appears in 4 contracts
Samples: Master Data Protection Agreement, Master Data Protection Agreement, Master Data Protection Agreement
