Common use of Security and Audit Clause in Contracts

Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage. 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage 5.1. We shall implement and maintain appropriate technical and organizational organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section clause 5.3 below. 5.2 5.2. Subject to any existing obligations of confidentiality owed to other parties, Sage we shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit ASchedule 2, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sageus. 5.3 5.3. Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational organisational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization organisation of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section section 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage. 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 5.1.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section clause 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you the Customer all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your the Customer’s sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by usSage), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor audit or mandated by you the Customer and approved by Sage. 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational organisational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization organisation of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 5.1.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage 5.1. We shall implement and maintain appropriate technical and organizational organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section clause 5.3 below. 5.2 5.2. Subject to any existing obligations of confidentiality owed to other parties, Sage we shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit AAppendix B, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sageus. 5.3 5.3. Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational organisational safeguards, policies and controls in the following areas: 5.3.1 5.3.1. information security policies; 5.3.2 5.3.2. organization of information security; 5.3.3 5.3.3. human resources security; 5.3.4 5.3.4. asset management; 5.3.5 5.3.5. access control; 5.3.6 5.3.6. cryptography; 5.3.7 5.3.7. physical and environmental security; 5.3.8 5.3.8. operations security; 5.3.9 5.3.9. communications security; 5.3.10 5.3.10. system acquisition, development and maintenance; 5.3.11 ; supplier relationships; 5.3.12 5.3.11. supplier relationships; 5.3.12. information security incident management; 5.3.13 5.3.13. information security aspects of business continuity management; 5.3.14 5.3.14. legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage We shall implement and maintain appropriate technical and organizational organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section clause 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage we shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit Appendix A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sageus. 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational organisational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization organisation of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage.doubt 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 5.1.14 legislative, regulatory and contractual compliance.

Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organizational organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Personal Data against unauthorized unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Such measures include, without limitation, the security measures set out in Section clause 5.3 below. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you the Customer all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your the Customer’s sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by usSage), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor audit or mandated by you the Customer and approved by SageXxxx. 5.3 Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized recognised industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational organisational safeguards, policies and controls in the following areas: 5.3.1 information security policies; 5.3.2 organization organisation of information security; 5.3.3 human resources security; 5.3.4 asset management; 5.3.5 access control; 5.3.6 cryptography; 5.3.7 physical and environmental security; 5.3.8 operations security; 5.3.9 communications security; 5.3.10 system acquisition, development and maintenance; 5.3.11 supplier relationships; 5.3.12 information security incident management; 5.3.13 information security aspects of business continuity management; 5.3.14 5.1.14 legislative, regulatory and contractual compliance.