Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section 5.3 below.
5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage.
5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas:
5.3.1 information security policies;
5.3.2 organization of information security;
5.3.3 human resources security;
5.3.4 asset management;
5.3.5 access control;
5.3.6 cryptography;
5.3.7 physical and environmental security;
5.3.8 operations security;
5.3.9 communications security;
5.3.10 system acquisition, development and maintenance;
5.3.11 supplier relationships;
5.3.12 information security incident management;
5.3.13 information security aspects of business continuity management;
5.3.14 legislative, regulatory and contractual compliance.
Security and Audit. 5.1. Sage shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in clause 5.3.
5.2. Subject to any existing obligations of confidentiality owed to other parties, we shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by us.
5.3. Sage operates, maintain and enforce an information security management programme (“Security Program”) which is consistent with recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organisational safeguards, policies and controls in the following areas: • Information security policies • Organization of information security • Human resources security • Asset management • Access control • Cryptography • Physical and environmental security • Operations security • Communications security • System acquisition, development and maintenance • Supplier relationships • Information security incident management • Information security aspects of business continuity management • Legislative, regulatory and contractual compliance
Security and Audit. Licensor reserves the right to: - Embed security mechanisms within the Software Product to monitor, store and transmit information concerning usage in order to verify compliance with this License, being pointed out that such security mechanism: o Only reacts in case of non-compliance (use of an illegal copy). o Cannot access to proprietary data created by the Licensee through use of the Software Product (access to proprietary data that are created or modified or to result of creation or modification is impossible). - Use a hardware lock device, License administration software, or a License authorization key to control access to the Software Product. The Licensee may not take any steps to avoid, bypass or defeat the purpose of any such security measures. Use of the Software Product without the required lock device or without the authorization key provided by Licensor is prohibited. Licensor shall be entitled to audit the Licensee or have an audit performed on its behalf, during business hours, in order to verify that all conditions of the present License are respected. Licensor shall give prior notice at least three business days before said audit.
Security and Audit. Sage shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Customer Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Annex 1.
Security and Audit. 5.1 Heap may update the security measures set out in Schedule 2, including (where applicable) following any review by Heap of such measures, provided that such variation does not reduce the level of protection afforded to the Customer Personal Data by Heap under this DPA.
5.2 Heap shall treat the Customer Personal Data as the confidential information of the Customer, and shall ensure that (i) access to Customer Personal Data is limited to those employees or other personnel or agents who have a business need to have access to such Customer Personal Data; and (ii) any employees or other personnel have agreed in writing to protect the confidentiality and security of Customer Personal Data.
5.3 Upon Customer’s written request, Heap shall provide Customer with a confidential summary report of audits or security assessments conducted by its external auditors to verify the adequacy of its security measures and other information necessary to demonstrate Processor’s compliance with this Addendum. The report will constitute Heap’s Confidential Information under the confidentiality provisions of the Agreement. The Parties may, if applicable Data Protection Law requires, agree to appoint a third-party auditor to verify the adequacy of Heap’s security measures. The cost of any third-party audit will be borne by Customer, the third-party auditor shall not be any company that is a competitor to Heap, and audits shall be conducted in a manner so as to minimize the impact on Heap’s business operations. Unless otherwise required by applicable Data Protection Law, Customer shall exercise this right only if and to the extent Heap’s summary of its audits or security assessments are insufficient to allow Customer to demonstrate compliance with applicable Data Protection Laws.
5.4 With respect to any Customer Personal Data processed by Heap under applicable Data Protection Laws, if Heap or any sub-processor becomes aware of a Security Incident, Heap shall (i) notify the Customer of the Security Incident without undue delay; (ii) investigate the Security Incident and provide such reasonable assistance to the Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident and (where required) notify data subjects and applicable supervisory authorities of the Security Incident, and (iii) take steps to remedy any non-compliance with this DPA.
Security and Audit. 5.1. We shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in clause 5.3 below.
Security and Audit. 3.1 The Processor shall implement appropriate technical and organisational security measures to protect the Personal Data in accordance with Data Protection Law. The Processor shall particularly observe relevant codes of conduct, industry practice, and guidelines issued or approved by supervisory authorities.
3.2 The Processor shall notify the Controller, in writing, without undue delay after the Processor has become aware of any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data Processed for and on behalf of the Controller.
3.3 The Processor must be able to verify its compliance with this DPA and Data Protection Law and shall maintain adequate documentation verifying fulfilment of its obligations hereunder. Further, the Controller may conduct audits to ensure that the Processor is complying with this DPA and Data Protection Law. For such purpose, the Controller shall submit a detailed proposal of audit plan describing in detail the scope, duration, and proposed start date of the audit. The Processor will review the proposed audit plan and work cooperatively with the Controller to agree on a final audit plan. In any case, the audit shall be conducted on regular business hours and may not unreasonably interfere with the Processor’s business activity.
3.4 Each party shall bear its own costs in relation to the audit, unless the Processor promptly informs the Controller upon reviewing the audit plan that it expects to incur additional fees or charges not covered under the Agreement in which case clause 2.11 above will apply.
3.5 Without prejudice to the rights granted in this clause, if the requested audit scope refers to ISO, SOC, NIST or equivalent rules and the Processor provides Controller with an audit report issued by a qualified third-party auditor within the prior twelve months confirming compliance with the controls audited, the Controller agrees to accept the findings presented in such third party audit report in lieu of requesting an audit of the same controls.
Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Customer Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas:
5.1.1 information security policies;
5.1.2 organization of information security;
5.1.3 human resources security;
5.1.4 asset management;
5.1.5 access control;
5.1.6 cryptography;
5.1.7 physical and environmental security;
5.1.8 operations security;
5.1.9 communications security;
5.1.10 system acquisition, development and maintenance;
5.1.11 supplier relationships;
5.1.12 information security incident management;
5.1.13 information security aspects of business continuity management;
5.1.14 legislative, regulatory and contractual compliance.
5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage.
Security and Audit. Customer will at all times have security provisions in place to protect the DMF from being visible, searchable, harvestable, or in any way discoverable on the World Wide Web, in compliance with this Agreement. Customer understands that any successful attempt by any person to gain unauthorized access to or use of the DMF provided by IRBsearch may result in immediate termination of Customer’s access. In addition, any successful attempt by any person to gain unauthorized access may under certain circumstances result in penalties as prescribed in 15 CFR § 1110.200 levied on Customer and the person attempting such access. Customer will take appropriate action to ensure that all persons accessing the Limited Access DMF obtained from IRBsearch are aware of their potential liability for misuse or attempting to gain unauthorized access. Any such access or attempted access is a breach, or attempted breach, of security and Customer must immediately report the same to NTIS at xxxxxxx@xxxx.xxx; and to IRBsearch by written notification to IRBsearch, LLC, 0000-X Xxxxxx Xxxxx, Tallahassee, FL 32301, and by email (xxxxxxxxxxxx@xxxxxxxxx.xxx) and by phone (0-000-000-0000). Customer agrees to be subject to audit by IRBsearch and/or NTIS to determine Customer’s compliance with the requirements of this Addendum, the Agreement, and CFR. Customer agrees to retain a list of all employees, contractors, and subcontractors to which it provides DMF and to make that list available to NTIS and/or IRBsearch as part of any audits conducted hereunder. Customer will not resell or otherwise redistribute DMF.
Security and Audit. ACCESS shall notify COMPANY of, and COMPANY shall have the right to approve, upon reasonable prior notice to ACCESS, any affiliate or third party contractor, prior to its engagement by ACCESS to perform Services hereunder, review the books, records, policies and procedures of ACCESS, its affiliates and any affiliate or third party contractors that perform services under this Agreement, and conduct on-site audits and inspections during reasonable business hours, and if necessary, at a mutually agreeable time, after business hours, to ensure that ACCESS, its affiliates and any third party contractor is in full compliance with the terms of this Agreement, and with all of COMPANY’s policies and procedures relating to the safeguarding of Confidential Information, including without limitation, those tasks described in Exhibit B. Any audit or inspection hereunder shall be subject to the following limitations: (i) use of any third party auditor that is a competitor of ACCESS shall be subject to ACCESS’ prior written approval, such approval not to be unreasonably withheld or delayed; (ii) all audit results and disclosed records shall be held as ACCESS’ Confidential Information (as hereinafter defined) and shall not be used for any purpose except to verify ACCESS’ compliance with the terms of this Agreement and the accuracy of invoices; and (iii) COMPANY or any auditor conducting any such audit or inspection shall at all times comply with any and all reasonable security and confidentiality guidelines and other policies of ACCESS with respect to the audit.
