Information Security Warranty. Supplier represents and warrants that it has a SOC 2 Type 2, ISO 27701 certification or other relevant information security audit performed within the past twelve (12) months. Upon request, where applicable to the Services or Products, Supplier shall provide such certifications or other relevant information to HP. If HP determines that such relevant information is not sufficient, HP may require an audit of Supplier’s cyber security processes to be performed at Supplier’s expense. Supplier shall ensure that Supplier’s subcontractors, agents, and third parties that provide Services and Products under this Agreement have substantially similar security standards and practices as those imposed on Supplier under this Agreement. Such terms, as relevant to their engagement, shall be in an executed contract between Supplier and Supplier’s third parties. Supplier shall ensure that all notifications related to a security breach of HP’s data shall be made to HP Cybersecurity Security Operations Center via (a) email sent with read receipt to: XXX@xx.xxx within seventy-two (72) hours of discovery. In the event of a security breach of HP’s data, Supplier shall provide ongoing and frequent updates of its investigation and remediation activities, with sufficient information for HP to meet its regulatory and contractual obligations pertaining to the data involved. In the event any security breach occurs during the term of the Agreement, Supplier shall execute any mutually agreed remediation plan within a commercially reasonable timeframe.
Appears in 40 contracts
Samples: Purchase Order Terms and Conditions, Purchase Order Terms and Conditions, Purchase Order Terms and Conditions
