Common use of Information Security Policies Clause in Contracts

Information Security Policies. As part of the ISMS, Box will implement, maintain, and adhere to its internal information security and privacy policies that address the roles and responsibilities of Box Personnel, including both technical and non-technical Box Personnel, who have direct or indirect access to Content in connection with providing the Box Service. Box’s information security policies provide for continual assessment and re-assessment of the risks to the security of the Box Service, including: (a) identification of internal and external threats that could result in a Security Breach (as defined below); (b) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of Content; and (c) assessment of the sufficiency of the policies, procedures and information systems of Box, and other arrangements in place, to control risks. Additionally, Box’s information security policies address appropriate protection against such risks. Box’s information security policies shall, at a minimum, include: 5.1 organization of information security 5.2 asset management 5.3 human resources security 5.4 physical and environment security 5.5 communications and operations management 5.6 access control

Information Security Policies. As part of the ISMS, Box will implement, maintain, and adhere to its internal information security and privacy policies that address the roles and responsibilities of Box PersonnelBox’s personnel, including both technical and non-technical Box Personnelpersonnel, who have direct or indirect access to Content in connection with providing the Box Service. Box’s information security policies provide for continual assessment and re-assessment of the risks to the security of the Box Service, including: (a) identification of internal and external threats that could result in a Security Breach (as defined below); (b) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of Content; and (c) assessment of the sufficiency of the policies, procedures and information systems of Box, and other arrangements in place, to control risks. Additionally, Box’s information security policies address appropriate protection against such risks. Box’s information security policies shall, at a minimum, include: 5.1 organization of information security 5.2 asset management 5.3 human resources security 5.4 physical and environment security 5.5 communications and operations management 5.6 access control