Common use of Information Security Requirements Clause in Contracts

Information Security Requirements. (a) Buildscale shall have implemented and documented appropriate administrative, technical and physical measures set forth in the Agreement, as applicable, to protect Personal Information against accidental or unlawful destruction, alteration, unauthorized disclosure or access. Buildscale will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Buildscale will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Information, and ensure that these risks are addressed. (b) Buildscale shall have implemented and documented appropriate business continuity and disaster recovery plans to enable it continue or resume providing Services (including restoring access to the Personal Information) in a timely manner after a disruptive event. Buildscale will regularly test and monitor the effectiveness of its business continuity and disaster recovered plans. At appropriate intervals or as otherwise requested by Customer, Buildscale will provide a copy of its written business continuity and disaster recovery plans to Customer. (c) If the Processing involves the transmission of Personal Information over a network, Buildscale shall have implemented appropriate supplementary measures to protect the Personal Information against the specific risks presented by the Processing. Personal Information may not be transmitted over any insecure network unless it has been appropriately encrypted. (d) Upon request, and subject to the confidentiality obligations set forth in the Agreement, Buildscale shall provide Customer (or Customer’s independent, third-party auditor that is not a competitor of Buildscale) information regarding Buildscale’s compliance with the obligations set forth in this DPA in the form of the Buildscale’s SOC 2 report. Customer may contact Buildscale in accordance with the “Notices” Section of the Agreement to request an on-site audit of the architecture, systems and procedures relevant to the protection of Customer Personal Information. Customer shall reimburse Buildscale for any time expended by Buildscale or its third-party sub-processors for any such on-site audit at Buildscale’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Buildscale shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by the Buildscale, or its third-party sub-processors. Customer shall promptly notify Buildscale with information regarding any non-compliance discovered during the course of an audit. In the event that any such audit reveals material gaps or weaknesses in Buildscale’s security program, Customer shall be entitled to terminate Buildscale’s Processing of Personal Information until such issues are resolved. Such audits will be limited to once per year; provided however, that Customer may audit at any time in the event of a security breach or suspected material violation by Buildscale of its obligations under this DPA. Buildscale shall also cooperate with any audits conducted by any regulatory agency that has authority over Customer as needed to comply with Applicable Law. In the case of Buildscale's Subprocessor Amazon Web Services, Inc., Customer acknowledges that no on-site audit is available and that Buildscale relies on publicly available third party security reports. (e) Buildscale will promptly and thoroughly investigate all allegations of unauthorized access to, use or disclosure of Customer Personal Information. Buildscale will notify Customer within forty-eight (48) hours upon discovery of any Security Breach. Notifications should be sent in accordance with the “Notices” Section of the Agreement. Buildscale shall provide Customer with all information about the Security Breach reasonably needed by Customer to assess its incident response obligations. Such notification shall as a minimum (i) describe the nature of the Security Breach, the categories and numbers of data subjects concerned, and the categories and numbers of personal data records concerned; (ii) communicate the name and contact details of Buildscale's data protection officer or other relevant contact from whom more information may be obtained; (iii) describe the likely consequences of the Security Breach; and (iv) describe the measures taken or proposed to be taken to address the Security Breach. (f) Buildscale shall bear all costs associated with resolving a Security Breach, including (without limitation), conducting an investigation, engaging appropriate forensic analysis, notifying individuals, regulators and others as required to by Applicable Law and responding to individual, regulator and media inquiries. (g) When the Buildscale ceases to perform Services for Customer (and at any other time, upon request), Buildscale will either, at Customer’s option (i) return the Personal Information (and all media containing copies of the Personal Information) to Customer, or (ii) with Customer’s prior written consent, purge, delete and destroy the Customer Personal Information. Electronic media containing CustomerPersonal Information will be disposed of in a manner that renders the Personal Information unrecoverable. Buildscale will provide Customer with an Officer’s Certificate to certify its compliance with this provision. If Buildscale is required by Applicable Law to retain any Personal Information, Buildscale warrants that it shall (i) ensure the continued confidentiality and security of the Personal Information, (ii) securely delete or destroy the Personal Information when the legal retention period has expired, and (iii) not actively Process the Personal Information other than as needed for to comply with Applicable Law.

Information Security Requirements. (a) Buildscale Vidyard shall have implemented and documented appropriate administrative, technical and physical measures set forth in the Agreement, as applicable, to protect Personal Information against accidental or unlawful destruction, alteration, unauthorized disclosure or access. Buildscale Vidyard will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Buildscale Vidyard will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Information, and ensure that these risks are addressed. (b) Buildscale Vidyard shall have implemented and documented appropriate business continuity and disaster recovery plans to enable it to continue or resume providing Services (including restoring access to the Personal Information) in a timely manner after a disruptive event. Buildscale Vidyard will regularly test and monitor the effectiveness of its business continuity and disaster recovered plans. At appropriate intervals or as otherwise requested by Customer, Buildscale Vidyard will provide a copy of its written business continuity and disaster recovery plans to Customer. (c) If the Processing involves the transmission of Personal Information over a network, Buildscale Vidyard shall have implemented appropriate supplementary measures to protect the Personal Information against the specific risks presented by the Processing. Personal Information may not be transmitted over any insecure network unless it has been appropriately encrypted. (d) Upon request, and subject to the confidentiality obligations set forth in the Agreement, Buildscale Vidyard shall provide Customer (or Customer’s independent, third-party auditor that is not a competitor of BuildscaleVidyard) information regarding BuildscaleVidyard’s compliance with the obligations set forth in this DPA in the form of the BuildscaleVidyard’s SOC 2 reportInternal Audit Report. Customer may contact Buildscale Vidyard in accordance with the “Notices” Section of the Agreement to request an on-site audit of the architecture, systems and procedures relevant to the protection of Customer Personal Information. Customer shall reimburse Buildscale Vidyard for any time expended by Buildscale Vidyard or its third-party sub-sub- processors for any such on-site audit at BuildscaleVidyard’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Buildscale Vidyard shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by the BuildscaleVidyard, or its third-party sub-processors. Customer shall promptly notify Buildscale Vidyard with information regarding any non-compliance discovered during the course of an audit. In the event that any such audit reveals material gaps or weaknesses in BuildscaleVidyard’s security program, Customer shall be entitled to terminate BuildscaleVidyard’s Processing of Personal Information until such issues are resolved. Such audits will be limited to once per year; provided however, that Customer may audit at any time in the event of a security breach or suspected material violation by Buildscale Vidyard of its obligations under this DPA. Buildscale Vidyard shall also cooperate with any audits conducted by any regulatory agency that has authority over Customer as needed to comply with Applicable Law. In the case of BuildscaleVidyard's Subprocessor Subprocessor, Amazon Web Services, Inc., Customer acknowledges that no on-site audit is available and that Buildscale Vidyard relies on publicly available third party security reports. (e) Buildscale Vidyard will promptly and thoroughly investigate all allegations of unauthorized access to, use or disclosure of Customer Personal Information. Buildscale Vidyard will notify Customer within forty-eight (48) hours upon discovery of any Security Breach. Notifications should be sent in accordance with the “Notices” Section of the Agreement. Buildscale Vidyard shall provide Customer with all information about the Security Breach reasonably needed by Customer to assess its incident response obligations. Such notification shall as a minimum (i) describe the nature of the Security Breach, the categories and numbers of data subjects concerned, and the categories and numbers of personal data records concerned; (ii) communicate the name and contact details of BuildscaleVidyard's data protection officer or other relevant contact from whom more information may be obtained; (iii) describe the likely consequences of the Security Breach; and (iv) describe the measures taken or proposed to be taken to address the Security Breach. (f) Buildscale shall bear all costs associated with resolving a Security Breach, including (without limitation), conducting an investigation, engaging appropriate forensic analysis, notifying individuals, regulators and others as required to by Applicable Law and responding to individual, regulator and media inquiries. (g) When the Buildscale ceases to perform Services for Customer (and at any other time, upon request), Buildscale will either, at Customer’s option (i) return the Personal Information (and all media containing copies of the Personal Information) to Customer, or (ii) with Customer’s prior written consent, purge, delete and destroy the Customer Personal Information. Electronic media containing CustomerPersonal Information will be disposed of in a manner that renders the Personal Information unrecoverable. Buildscale will provide Customer with an Officer’s Certificate to certify its compliance with this provision. If Buildscale is required by Applicable Law to retain any Personal Information, Buildscale warrants that it shall (i) ensure the continued confidentiality and security of the Personal Information, (ii) securely delete or destroy the Personal Information when the legal retention period has expired, and (iii) not actively Process the Personal Information other than as needed for to comply with Applicable Law.and

Information Security Requirements. (a) Buildscale Vidyard shall have implemented and documented appropriate administrative, technical and physical measures set forth in the Agreement, as applicable, to protect Personal Information against accidental or unlawful destruction, alteration, unauthorized disclosure or access. Buildscale Vidyard will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Buildscale Vidyard will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Information, and ensure that these risks are addressed. (b) Buildscale Vidyard shall have implemented and documented appropriate business continuity and disaster recovery plans to enable it to continue or resume providing Services (including restoring access to the Personal Information) in a timely manner after a disruptive event. Buildscale Vidyard will regularly test and monitor the effectiveness of its business continuity and disaster recovered plans. At appropriate intervals or as otherwise requested by Customer, Buildscale Vidyard will provide a copy of its written business continuity and disaster recovery plans to Customer. (c) If the Processing involves the transmission of Personal Information over a network, Buildscale Vidyard shall have implemented appropriate supplementary measures to protect the Personal Information against the specific risks presented by the Processing. Personal Information may not be transmitted over any insecure network unless it has been appropriately encrypted.appropriately (d) Upon request, and subject to the confidentiality obligations set forth in the Agreement, Buildscale Vidyard shall provide Customer (or Customer’s independent, third-party auditor that is not a competitor of BuildscaleVidyard) information regarding BuildscaleVidyard’s compliance with the obligations set forth in this DPA in the form of the BuildscaleVidyard’s SOC 2 reportInternal Audit Report. Customer may contact Buildscale Vidyard in accordance with the “Notices” Section of the Agreement to request an on-site audit of the architecture, systems and procedures relevant to the protection of Customer Personal Information. Customer shall reimburse Buildscale Vidyard for any time expended by Buildscale Vidyard or its third-party sub-processors for any such on-site audit at BuildscaleVidyard’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Buildscale Vidyard shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by the BuildscaleVidyard, or its third-party sub-processors. Customer shall promptly notify Buildscale Vidyard with information regarding any non-compliance discovered during the course of an audit. In the event that any such audit reveals material gaps or weaknesses in BuildscaleVidyard’s security program, Customer shall be entitled to terminate BuildscaleVidyard’s Processing of Personal Information until such issues are resolved. Such audits will be limited to once per year; provided however, that Customer may audit at any time in the event of a security breach or suspected material violation by Buildscale Vidyard of its obligations under this DPA. Buildscale Vidyard shall also cooperate with any audits conducted by any regulatory agency that has authority over Customer as needed to comply with Applicable LawLaws. In the case of BuildscaleVidyard's Subprocessor Subprocessor, Amazon Web Services, Inc., Customer acknowledges that no on-on- site audit is available and that Buildscale Vidyard relies on publicly available third party security reports. (e) Buildscale Vidyard will promptly and thoroughly investigate all allegations of unauthorized access to, use or disclosure of Customer Personal Information. Buildscale Vidyard will notify Customer within forty-eight (48) hours upon discovery of any Security Breach. Notifications should be sent in accordance with the “Notices” Section of the Agreement. Buildscale Vidyard shall provide Customer with all information about the Security Breach reasonably needed by Customer to assess its incident response obligations. Such notification shall as a minimum (i) describe the nature of the Security Breach, the categories and numbers of data subjects concerned, and the categories and numbers of personal data records concerned; (ii) communicate the name and contact details of BuildscaleXxxxxxx's data protection officer or other relevant contact from whom more information may be obtained; (iii) describe the likely consequences of the Security Breach; and (iv) describe the measures taken or proposed to be taken to address the Security Breach. (f) Buildscale Vidyard shall bear all costs associated with resolving a Security Breach, including (without limitation), conducting an investigation, engaging appropriate forensic analysis, notifying individuals, regulators and others as required to by Applicable Law Laws and responding to individual, regulator and media inquiries. (g) When the Buildscale Vidyard ceases to perform Services for Customer (and at any other time, upon request), Buildscale Vidyard will either, at Customer’s option (i) return the Personal Information (and all media containing copies of the Personal Information) to Customer, or (ii) with Customer’s prior written consent, purge, delete and destroy the Customer Personal Information. Electronic media containing CustomerPersonal Customer Personal Information will be disposed of in a manner that renders the Personal Information unrecoverable. Buildscale Vidyard will provide Customer with an Officer’s Certificate to certify its compliance with this provisionprovision upon request. If Buildscale Vidyard is required by Applicable Law Laws to retain any Personal Information, Buildscale Vidyard warrants that it shall shall (i) ensure the continued confidentiality and security of the Personal Information, (ii) securely delete or destroy the Personal Information when the legal retention period has expired, and and (iii) not actively Process the Personal Information other than as needed for to comply with Applicable LawLaws.

Information Security Requirements. (a) Buildscale Vidyard shall have implemented and documented appropriate administrative, technical and physical measures set forth in the Agreement, as applicable, to protect Personal Information against accidental or unlawful destruction, alteration, unauthorized disclosure or access. Buildscale Vidyard will regularly test and monitor the effectiveness of its safeguards, controls, systems and procedures. Buildscale Vidyard will periodically identify reasonably foreseeable internal and external risks to the security, confidentiality and integrity of the Personal Information, and ensure that these risks are addressed. (b) Buildscale Vidyard shall have implemented and documented appropriate business continuity and disaster recovery plans to enable it to continue or resume providing Services (including restoring access to the Personal Information) in a timely manner after a disruptive event. Buildscale Vidyard will regularly test and monitor the effectiveness of its business continuity and disaster recovered plans. At appropriate intervals or as otherwise requested by Customer, Buildscale Vidyard will provide a copy of its written business continuity and disaster recovery plans to Customer. (c) If the Processing involves the transmission of Personal Information over a network, Buildscale Vidyard shall have implemented appropriate supplementary measures to protect the Personal Information against the specific risks presented by the Processing. Personal Information may not be transmitted over any insecure network unless it has been appropriately encrypted. (d) Upon request, and subject to the confidentiality obligations set forth in the Agreement, Buildscale Vidyard shall provide Customer (or Customer’s independent, third-party auditor that is not a competitor of BuildscaleVidyard) information regarding BuildscaleVidyard’s compliance with the obligations set forth in this DPA in the form of the BuildscaleVidyard’s SOC 2 reportInternal Audit Report. Customer may contact Buildscale Vidyard in accordance with the “Notices” Section of the Agreement to request an on-site audit of the architecture, systems and procedures relevant to the protection of Customer Personal Information. Customer shall reimburse Buildscale Vidyard for any time expended by Buildscale Vidyard or its third-party sub-processors for any such on-site audit at BuildscaleVidyard’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Buildscale Vidyard shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by the BuildscaleVidyard, or its third-party sub-processors. Customer shall promptly notify Buildscale Vidyard with information regarding any non-compliance discovered during the course of an audit. In the event that any such audit reveals material gaps or weaknesses in BuildscaleVidyard’s security program, Customer shall be entitled to terminate BuildscaleVidyard’s Processing of Personal Information until such issues are resolved. Such audits will be limited to once per year; provided however, that Customer may audit at any time in the event of a security breach or suspected material violation by Buildscale Vidyard of its obligations under this DPA. Buildscale Vidyard shall also cooperate with any audits conducted by any regulatory agency that has authority over Customer as needed to comply with Applicable Law. In the case of BuildscaleVidyard's Subprocessor Subprocessor, Amazon Web Services, Inc., Customer acknowledges that no on-on- site audit is available and that Buildscale Vidyard relies on publicly available third party security reports. (e) Buildscale Vidyard will promptly and thoroughly investigate all allegations of unauthorized access to, use or disclosure of Customer Personal Information. Buildscale Vidyard will notify Customer within forty-eight (48) hours upon discovery of any Security Breach. Notifications should be sent in accordance with the “Notices” Section of the Agreement. Buildscale Vidyard shall provide Customer with all information about the Security Breach reasonably needed by Customer to assess its incident response obligations. Such notification shall as a minimum (i) describe the nature of the Security Breach, the categories and numbers of data subjects concerned, and the categories and numbers of personal data records concerned; (ii) communicate the name and contact details of BuildscaleVidyard's data protection officer or other relevant contact from whom more information may be obtained; ; (iii) describe the likely consequences of the Security Breach; and (iv) describe the measures taken or proposed to be taken to address the Security Breach. (f) Buildscale Vidyard shall bear all costs associated with resolving a Security Breach, including (without limitation), conducting an investigation, engaging appropriate forensic analysis, notifying individuals, regulators and others as required to by Applicable Law and responding to individual, regulator and media inquiries. (g) When the Buildscale ceases to perform Services for Customer (and at any other time, upon request), Buildscale will either, at Customer’s option (i) return the Personal Information (and all media containing copies of the Personal Information) to Customer, or (ii) with Customer’s prior written consent, purge, delete and destroy the Customer Personal Information. Electronic media containing CustomerPersonal Information will be disposed of in a manner that renders the Personal Information unrecoverable. Buildscale will provide Customer with an Officer’s Certificate to certify its compliance with this provision. If Buildscale is required by Applicable Law to retain any Personal Information, Buildscale warrants that it shall (i) ensure the continued confidentiality and security of the Personal Information, (ii) securely delete or destroy the Personal Information when the legal retention period has expired, and (iii) not actively Process the Personal Information other than as needed for to comply with Applicable Law.