Protection of Data at Rest. Supplier shall use and employ a high standard of data protection mechanisms as is customary in the industry to protect Company Data as defined in this Agreement. 5.6.1 All Company Personal Sensitive Information at rest, including back-up copies thereof, stored by Supplier at Supplier’s data center are encrypted using 256-bit AES encryption, or encryption mechanisms providing equal or higher protection than 256- bit AES. 5.6.2 Any Company Data, including backup copies thereof, which are removed from Supplier’s facility or stored off-site, are encrypted using 256-bit AES or encryption mechanisms providing equal or higher protection than 256-bit AES. Supplier must process and store Company Data on computer server hardware dedicated solely to processing Company Data and must keep Company’s Data on physically separate computer server hardware from non-Company information. 5.6.3 Any Confidential Information may not be stored within a file or database in the Demilitarized Zone (“DMZ”). 5.6.4 All keys used for encryption must be handled in accordance with documented key management processes and procedures.
Appears in 4 contracts
Samples: Global Services Agreement, Global Services Agreement, Global Services Agreement
