Common use of Information Security Clause in Contracts

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and Xxxxx’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx Buyer shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx Buyer of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by XxxxxBuyer, Xxxxxx Seller agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and Xxxxx’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx Buyer shall have the right to review Seller’s policies, processes, ,controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred incidentincurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its ofits impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to entitledto perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Sellercollectively,“Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to completetocomplete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx Buyer shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-twenty- four (24) hours inform Xxxxx Buyer of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by XxxxxBuyer, Xxxxxx Seller agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx Buyer shall have the right to review Seller’s policies, processes, ,controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred incidentincurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx Buyer of the incident and the nature of its ofits impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to entitledto perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by XxxxxBuyer, Xxxxxx Seller agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and Xxxxx’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by Xxxxx, Xxxxxx agrees to complete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.

Information Security. Without limiting Seller’s obligations elsewhere in this Order, Seller shall implement baseline security safeguards and controls that are no less rigorous than accepted industry practices, specifically those set forth in the latest published version of (i) National Institute of Standards and Technology Special Publication 800-53, or (ii) ISO/IEC 27001, in order to protect Buyer’s Confidential Information, any other data of Buyer or its personnel, and XxxxxBuyer’s systems (all the foregoing referred to collectively as “Buyer’s Data and Systems”). Upon reasonable notice to Seller, Xxxxx Buyer shall have the right to review Seller’s policies, processes, controls, and results of internal and/or external reviews of processes and controls associated with Buyer’s Data and Systems (collectively, “Sellercollectively,“Seller’s Processes and Controls”) prior to and during the performance of this Order, including immediately at any time after any security incident incurred by Seller that may impact Buyer’s Data and Systems. Upon discovery of any such security incident, Seller shall within twenty-four (24) hours inform Xxxxx Buyer of the incident and the nature of its impact on Buyer’s Data and Systems. Additionally, Buyer at its own expense shall be entitled to perform, or to have performed by an independent third-party, an on-site audit of Seller’s Processes and Controls. In lieu of an on-site audit, upon request by XxxxxBuyer, Xxxxxx Seller agrees to completetocomplete, within twenty (20) days of receipt, an audit questionnaire provided by Buyer regarding Seller’s information security program. Seller shall implement any required safeguards as identified by Buyer or information security program audits.