Independent Assessments. On an annual basis, Box has an independent, suitably qualified third-party organization conduct an independent assessment consisting of a Report on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and/or Privacy (SOC2 Type II) or such other comparable assessment at its sole discretion (e.g. ISO 27001, Certification) and Box will provide a copy of such assessment to Customer upon Customer’s written request to Box. Box also undergoes at least an annual penetration test from independent, suitably qualified third parties, and Box will provide Customer with an executive summary of the most recent penetration test results upon Customer’s written request to Box.
Independent Assessments. On an annual basis, Sumo Logic has an independent third-party organization conduct an independent assessment consisting of a Report on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and/or Privacy (SOC2 Type II) or such other assessment at its sole discretion (e.g. ISO 27001 Certificate). Additionally, Sumo Logic undergoes regular penetration testing from independent third parties at least on an annual basis.
Independent Assessments. On an annual basis, iManage has an independent third-party organization conduct an independent assessment of the standards set forth in paragraph (3) of this Exhibit B. Additionally, iManage undergoes penetration testing, conducted by an independent third-party organization, on an annual basis. Upon Customer’s request (not more than one time per calendar year), and subject to the confidentiality and non-disclosure obligations set forth in this Agreement, iManage shall make available to Customer information regarding iManage’s compliance with the obligations set forth in this Agreement in the form of iManage’s ISO 27001 certification and/or SOC 2 or SOC 3 reports.
Independent Assessments. On an annual basis and associated with Customer Data are patched and otherwise secured to mitigate the likelihood and impact of security vulnerabilities in accordance with CiteRight patch management processes and within a reasonable time after CiteRight has actual or constructive knowledge of any critical or high- risk security vulnerabilities. further subject to the Data Protection Addendum, CiteRight has an independent third-party organization conduct an independent assessment of the standards set forth in paragraph 3 of this Exhibit B. Additionally, CiteRight undergoes penetration testing, conducted by an independent third-party organization, on an annual basis.
Independent Assessments. CiteRight undergoes penetration testing, conducted by an independent third-party organization, on an annual basis.
Independent Assessments. On an annual basis, iManage has an independent third-party organization conduct an independent assessment of the standards set forth in paragraph (3) of this Exhibit B. Additionally, iManage undergoes penetration testing, conducted by an independent third-party organization, on an annual basis. Upon Customer’s request (not more than one time per calendar year), and subject to the confidentiality and non-disclosure obligations set forth in this Agreement, iManage shall make available to Customer information regarding iManage’s compliance with the obligations set forth in this Agreement in the form of iManage’s ISO 27001 certification and/or SOC 2 or SOC 3 reports. Notwithstanding the foregoing, the Cloud Service known as Closing Folders maintains a SOC 2 Type 1 certification and will be included in iManage’s ISO 27001 and SOC 2 audit periods (beginning in 2021).
Independent Assessments. On an annual basis, the Security Program shall be audited by an independent third-party to validate compliance with industry standards including the AICPA SOC2 Type 2 trust service principles, ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2014 . Upon written request, LogicMonitor shall provide evidence of these audit activities in the form of third-party assessment reports and/or certificates. If LogicMonitor’s existing third-party audit processes or a security incident demonstrate a material breach of our obligations to uphold the commitments made in this Exhibit, LogicMonitor will respond to the customer’s reasonable written requests for more detailed information relevant to its security and privacy program. LogicMonitor may charge its then-current professional services rates for such responses. If it is demonstrated that LogicMonitor is failing to comply with any of its security and privacy obligations under this Agreement, then, LogicMonitor will take the necessary steps to comply at no additional cost to the Customer.
Independent Assessments. On an annual basis, iManage has an independent third-party organization conduct an independent assessment of security standards. A business continuity plan is maintained that is compliant with ISO 22301. Data Minimization / Data Quality Data Minimization. iManage shall make reasonable efforts to use the minimum necessary Customer Data and Personal Data to provide the Services. Data Quality. At all times during the applicable Order Term, Customer shall have the ability to amend and delete Customer Data to assist the Customer with its data minimization and data quality obligations. Data Retention Data Retention. iManage will retain Customer Data stored in the Cloud Services for ninety (90) days after expiration or termination of Customer’s subscription so that Customer may extract Customer Data. After said 90-day period ends, iManage will disable Customer’s account and delete all Customer Data and Personal Data (within thirty (30) days) and, where required by Law, shall certify to Customer that it has done so, save to the extent that iManage is required by any applicable Law to retain some or all of such Customer Data. Accountability Accountability. iManage defines accountability as holding individuals accountable for their internal control responsibilities. Control Activities. Specific control activities that iManage has implemented in this area are described below. • An employee sanction procedure is in place and documented to communicate that an employee may be terminated for noncompliance with a policy and/or procedure; and • A performance review of employees is conducted on an annual basis to evaluate the performance of employees against expected levels of performance and conduct and hold them accountable for their internal control responsibilities. Portability and Erasure Portability. At all times during the applicable Order Term, Customer shall have the ability to access, extract, and delete Customer Data. Erasure. iManage destroys, deletes, or otherwise makes irrecoverable Customer Data upon the disposal or removal of storage media. Customer Data for each Customer is logically separated from data of other iManage customers. If Customer is a Covered Entity or a Business Associate and includes Protected Health Information in Customer Data, the terms of this HIPAA Business Associate Agreement (“BAA”) shall be incorporated into the Agreement. If there is any conflict between a provision in this BAA and a provision in the Agreement, this BAA will control.
Independent Assessments. Eltropy will engage a reputable independent third party organization to conduct each year, at Xxxxxxx’s cost and expense, an independent assessment of the security of the Services. Remediation of significant vulnerabilities must be performed and then confirmed by an independent third party.
Independent Assessments. For its RingCentral Office and Glip services, RingCentral will conduct an independent assessment consisting of a Report on Controls at a Service Organization relevant to Security and Availability (“SOC2” Type II) at least annually by a reputable independent third party organization.