Common use of Operations Security Clause in Contracts

Operations Security. a. Maintaining documented Medallia cloud operating procedures. b. Maintaining change and release management controls to ensure changes to products production systems made by Medallia are properly authorized and reviewed prior to implementation. c. Monitoring usage, security events, and capacity levels within the Medallia cloud to manage availability and proactively plan for future capacity requirements. d. Utilizing virus and malware protection software a, which are configured to meet common industry standards designed to protect Medallia systems and Customer Data from virus infections or similar malicious payloads. e. Implementing disaster recovery and business continuity procedures. These will include periodic replication of Customer Data to a secondary data center in a geographically disparate location from the primary data center. f. Maintaining a system and security logging process to capture critical system logs. These logs shall be maintained for at least six months and reviewed on a periodic basis. g. Ensuring systems processing and storing customer data are appropriately configured and hardened. h. Ensuring servers, operating systems, and supporting software used in the Medallia cloud for Products receive Critical and High security patches within a timely manner, In the event any such security patch would materially adversely affect the Products, then Medallia will use commercially reasonable efforts to implement compensating controls until a security patch is available that would not materially adversely affect the Products. i. Conducting third-party external application penetration tests periodically.

Operations Security. a. Maintaining documented Medallia Voci cloud operating procedures. b. Maintaining change and release management controls to ensure changes to products production systems made by Medallia Voci are properly authorized and reviewed prior to implementation. c. Monitoring usage, security events, and capacity levels within the Medallia Voci cloud to manage availability and proactively plan for future capacity requirements. d. Utilizing virus and malware protection software a, which are configured configured to meet common industry standards designed to protect Medallia Voci systems and Customer Data from virus infections or similar malicious payloads. e. Implementing disaster recovery and business continuity procedures. These will include periodic replication of Customer Data to a secondary data center in a geographically disparate location from the primary data center. f. Maintaining a system and security logging process to capture critical system logs. These logs shall be maintained for at least six months and reviewed on a periodic basis. g. Ensuring systems processing and storing customer data are appropriately configured configured and hardened. h. Ensuring servers, operating systems, and supporting software used in the Medallia Voci cloud for Products receive Critical and High security patches within a timely manner, In the event any such security patch would materially adversely affect affect the Products, then Medallia Voci will use commercially reasonable efforts efforts to implement compensating controls until a security patch is available that would not materially adversely affect affect the Products. i. Conducting third-party external application penetration tests periodically.

Operations Security. a. Maintaining documented Medallia cloud operating procedures. b. Maintaining change and release management controls to ensure changes to products production systems made by Medallia are properly authorized and reviewed prior to implementation. c. Monitoring usage, security events, and capacity levels within the Medallia cloud to manage availability and proactively plan for future capacity requirements. d. Utilizing virus and malware protection software a, which are configured to meet common industry standards designed to protect Medallia systems and Customer Client Data from virus infections or similar malicious payloads. e. Implementing disaster recovery and business continuity procedures. These will include periodic replication of Customer Client Data to a secondary data center in a geographically disparate location from the primary data center. f. Maintaining a system and security logging process to capture critical system logs. These logs shall be maintained for at least six months and reviewed on a periodic basis. g. Ensuring systems processing and storing customer Client data are appropriately configured and hardened. h. Ensuring servers, operating systems, and supporting software used in the Medallia cloud for Products receive Critical and High security patches within a timely manner, In the event any such security patch would materially adversely affect the Products, then Medallia will use commercially reasonable efforts to implement compensating controls until a security patch is available that would not materially adversely affect the Products. i. Conducting third-party external application penetration tests periodically.