Offering Security. Hosted Services meet industry leading cloud security standards appropriate to the nature of service provided, e.g., Splunk Cloud HIPAA Offering certified to HIPAA security requirements. We have commercially reasonable physical, technical and procedural measures in place to protect Customer Content against destruction, loss, alteration, unauthorized disclosure to third parties or unauthorized access by employees or contractors employed by Splunk. Any specific and additional security controls for a Hosted Service are set forth in the applicable Documentation and Specific Hosted Services Terms xxx.xxxxxx.xxx/XxxxxxxxXxxxx. Third-party certificates of compliance issued as part of Splunk’s audited third-party compliance program are located on Splunk Protects. In addition, for On-Premise Products, which are not provided as a service and therefore are not audited for compliance, Splunk follows industry standard security controls for the processing of customer data accessed or received through activities such as maintenance, implementation or configuration services. Those industry standard security controls are set forth in Splunk’s Information Security Addendum (“ISA”) located at xxx.xxxxxx.xxx/xx-xxxx-xxx.
Offering Security. Hosted Services meet industry leading cloud security standards appropriate to the nature of service provided, e.g., Splunk Cloud HIPAA Offering certified to HIPAA security requirements. We have commercially reasonable physical, technical and procedural measures in place to protect Customer Content against destruction, loss, alteration, unauthorized disclosure to third parties or unauthorized access by employees or contractors employed by Splunk. Any specific and additional security controls for a Hosted Service are set forth in the applicable Documentation and Specific Hosted Services Terms xxx.xxxxxx.xxx/XxxxxxxxXxxxx. Third-party certificates of compliance are issued as part of Splunk’s audited third-party compliance program. In addition, for On-Premise Products, which are not provided as a service and therefore are not audited for compliance, Splunk follows industry standard security controls for the processing of customer data accessed or received through activities such as maintenance, implementation or configuration services. Those industry standard security controls are set forth in Splunk’s Information Security Addendum (“ISA”) located at xxx.xxxxxx.xxx/xx-xxxx-xxx.
Offering Security. No third party who is not a contractor of Vendor shall have access to Elevance Health information or web server access log files containing URLs used exclusively by Elevance Health. All user input and data, including URL name-value arguments, will be checked for its appropriateness based on its format, size and validity. All outside data requests (i.e., http/https requests) are allowed in a specified, controlled format which is processed by Vendor according to prescribed procedures and the request results are then sent back to the outside party. The main Vendor servers do not have the ability to remotely execute arbitrary outside requests, except for requests included in the product offering and remote management performed over a secure connection, according to Section 2 above. All traffic traversing any unsecured network, used to remotely manage the Vendor servers, will be performed over a secured, encrypted VPN tunnel. Certain confidential information contained in this document, marked by [**], has been omitted because American Well Corporation has determined that the information (i) is not material and (ii) is the type that American Well Corporation customarily and actually treats as private or confidential.
