I nformation Security Clause Samples

I nformation Security. (a) Service Provider represents and warrants that its creation, collection, receipt, access, use, storage, disposal, and disclosure of Personal Information does and will comply with all applicable federal [and], state[, and foreign] privacy and data protection laws, as well as all other applicable regulations and directives. (b) Service Provider shall implement and maintain a written information security program including appropriate policies, procedures, and risk assessments that are reviewed at least annually. (c) Without limiting Service Provider’s obligations under Section 3(a), Service Provider shall implement administrative, physical, and technical safeguards to protect Personal Information from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Personal Information is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. (d) At a minimum, Service Provider’s safeguards for the protection of Personal Information shall include: (i) limiting access of Personal Information to Authorized Persons; (ii) securing business facilities, data centers, paper files, servers, backup systems, and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, application, database, and platform security; (iv) securing information transmission, storage, and disposal; (v) implementing authentication and access controls within media, applications, operating systems, and equipment; (vi) encrypting highly Sensitive Personal Information stored on any mobile media;