Operations Security. Supplier must enable logging and monitoring on all operating systems, databases, applications, and security and network devices that are involved in providing Deliverables. Supplier will maintain anti-malware controls that are designed to protect systems from malicious software, including malicious software that originates from public networks. In addition, Supplier will use anti-malware software (of Industry Standard or better quality), maintain such software at the then current major release, purchase maintenance & support available from the vendor for such software, and promptly implement new releases and versions of such software.
Operations Security. To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with State Data, the Contractor shall cause an SSAE 18 SOC 2 Type 2 audit report to be conducted annually. The audit results and the Contractor’s plan for addressing or resolution of the audit results shall be shared with the State within sixty (60) days of the Contractor's receipt of the audit results. Further, on an annual basis, within 90 days of the end of the Contractor’s fiscal year, the Contractor shall transmit its annual audited financial statements to the State.
Operations Security. 12.4.2.1 On the Commercial Operations Date, the Seller shall provide to the Purchaser security ("Operations Security") in the amount of [] to ensure the completion and proper operation and maintenance of the Plant. The Operations Security shall be:
(a) an unconditional and irrevocable direct pay letter of credit issued by a bank acceptable to the Purchaser in form and substance satisfactory to the Purchaser; and
(b) adjusted in terms of amount from time to time in accordance with [Schedule 5 -]. Adjustments to be considered in a case-by-case basis.
12.4.2.2 The Operations Security may be applied to:
(a) the payment of liquidated damages and accrued interest thereon in accordance with Clause 12.5; and
(b) the payment of other Damages and interest that the Seller shall be required to pay to the Purchaser.
12.4.2.3 Except as expressly provided in this Agreement, the Seller shall maintain the Operations Security at the level designated in Clause 12.
4.2.1 at all times; except that the Seller may have [] Days from the date the Purchaser gives notice to the Seller that it has retained or collected funds from the Operations Security pursuant to this Clause 12.4.2 to replenish the Operations Security so as to return it to the required level, as escalated.
12.4.2.4 Upon termination of this Agreement:
(a) the Purchaser shall be entitled to retain or collect, as the case may be, from the Operations Security any Damages or moneys then due or reasonably expected to be due to the Purchaser by the Seller and shall pay or return to the Seller the remainder of the Operations Security and accrued interest, if any; and
(b) if there is any matter between the Seller and the Purchaser that has been referred to an expert for determination or is being arbitrated pursuant to the Agreement, then the Purchaser shall be entitled to retain or collect, as the case may be, from the Operations Security, an amount equal to the Damages or moneys that the Purchaser, in its reasonable judgment, deems sufficient to satisfy any amount that may be due to the Purchaser by reason of such matter. Upon settlement or resolution of the matter, the Purchaser shall pay or return to the Seller the remaining amount of Operations Security.
Operations Security. As applicable to the performance of any service pursuant to which the Contractor will receive or collect State Data, as outlined in a Statement of Work, or a Purchase Order, or any other form of ordering document hereunder, the Contractor shall work with the State to determine the appropriate security model and compliance assessment for any such services. Further, on an annual basis, within 90 days of the end of the Contractor’s fiscal year, the Contractor shall transmit its annual audited financial statements to the State.
Operations Security. The Contractor shall cause an SSAE 16 SOC 2 Type 2 audit report to be conducted annually. The audit results and the Contractor’s plan for addressing or resolution of the audit results shall be shared with the State within sixty (60) days of the Contractor's receipt of the audit results. Further, on an annual basis, within 90 days of the end of the Contractor’s fiscal year, the Contractor shall transmit its annual audited financial statements to the State.
Operations Security. To the extent the Contractor or its subcontractors, affiliates or agents handles, collects, stores, disseminates or otherwise deals with State Data, the Contractor shall cause an SSAE 18 SOC 2 Type 2 audit report to be conducted annually. Upon the State’s request and the execution of an appropriate non-disclosure agreement, Contractor will share the audit results and the Contractor’s plan for addressing or resolution of the audit results. shall be shared with the State within sixty (60) days of the Contractor's receipt of the audit
Operations Security. The Company shall have an established change management system in place for making changes to business processes, information processing facilities and systems. The change management system shall include tests and reviews before changes are implemented, such as procedures to handle urgent changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by whom. The Company shall implement malware protection to ensure that any software used for Company’s provision of the Services to the Customer is protected from malware. The Company shall make backup copies of critical information and test back-up copies to ensure that the information can be restored as agreed with the Customer. The Company shall log and monitor activities, such as create, reading, copying, amendment and deletion of processed data, as well as exceptions, faults and information security events and regularly review these. Furthermore, the Company shall protect and store (for at least 6 months or such period/s set by Data Protection Law) log information, and on request, deliver monitoring data to the Customer. Anomalies / incidents / indicators of compromise shall be reported according to the data breach management requirements as set out in clause 9, below. The Company shall manage vulnerabilities of all relevant technologies such as operating systems, databases, applications proactively and in a timely manner. The Company shall establish security baselines (hardening) for all relevant technologies such as operating systems, databases, applications. The Company shall ensure development is segregated from test and production environment.
Operations Security. The Service Provider shall cause an SSAE 16 SOC 2 Type 2 audit report to be conducted annually. The audit results and the Service Provider’s plan for addressing or resolution of the audit results shall be shared with the Customer within sixty (60) days of the Service Provider 's receipt of the audit results. Further, on an annual basis, within 90 days of the end of the Service Provider’s fiscal year, the Service Provider shall transmit its annual audited financial statements to the State.
Operations Security. 8.1. The Supplier shall:
8.1.1. at its sole discretion, implement readily available software to detect, report and remove or quarantine malicious software /code in systems in accordance with standard industry practice in relation to the Services provided;
8.1.2. ensure there is a process to back-up copies of Customer Data and that the procedure is tested regularly and is in accordance with the Supplier’s own internal retention policies. Back-ups shall be secured through physical protection and the use of encryption; and
8.1.3. ensure that timely information about technical vulnerabilities of Systems used shall be obtained, any exposure to such vulnerabilities evaluated, and effective measures taken to address the associated risk.
Operations Security a. Maintaining documented Medallia cloud operating procedures.
b. Maintaining change and release management controls to ensure changes to products production systems made by Medallia are properly authorized and reviewed prior to implementation.
c. Monitoring usage, security events, and capacity levels within the Medallia cloud to manage availability and proactively plan for future capacity requirements.
d. Utilizing virus and malware protection software a, which are configured to meet common industry standards designed to protect Medallia systems and Customer Data from virus infections or similar malicious payloads.
e. Implementing disaster recovery and business continuity procedures. These will include periodic replication of Customer Data to a secondary data center in a geographically disparate location from the primary data center.
f. Maintaining a system and security logging process to capture critical system logs. These logs shall be maintained for at least six months and reviewed on a periodic basis.
g. Ensuring systems processing and storing customer data are appropriately configured and hardened.
h. Ensuring servers, operating systems, and supporting software used in the Medallia cloud for Products receive Critical and High security patches within a timely manner, In the event any such security patch would materially adversely affect the Products, then Medallia will use commercially reasonable efforts to implement compensating controls until a security patch is available that would not materially adversely affect the Products.
i. Conducting third-party external application penetration tests periodically.
