Common use of Security Controls and Safeguards Clause in Contracts

Security Controls and Safeguards. 2.1. Marketo will comply with all applicable privacy and data security laws and regulations governing its use, processing and storage of Customer Data. 2.2. During the Agreement Term, Marketo shall maintain a security program materially aligned with applicable industry standards designed to ensure the security, confidentiality, availability and integrity of Customer Data and protect against unauthorized disclosure or access of Customer Data. Such security program shall include the implementation of administrative, technical and physical safeguards appropriate for the type of information that Marketo processes and the need for security and confidentiality of such information. 2.3. Marketo implements controls aligned to industry standards intended to keep Customer Data secure and throughout the Agreement Term shall maintain security measures designed to: (i) protect the security of Marketo systems which interact with Customer Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Marketo systems which interact with Customer Data and (iii) protect against unauthorized access to or use of Marketo systems which interact with Customer Data that could result in harm to Customer’s Users of the Subscription Services. 2.3.1.1. Limiting access to its information systems and the facilities in which they are housed to properly authorized persons; 2.3.1.2. Access by Marketo personnel to Customer Data is removed upon termination of employment or a change in job status that results in the personnel no longer requiring access to Customer Data; 2.3.1.3. System passwords conform to strong password standards (9 characters minimum) that include length, complexity and expiration. A maximum of ten (10) password attempts can be made, after which access is blocked until the password is reset by authorized personnel. Password policies conform with NIST Special Publication 800-53. 2.4. All customer communications transmitted over the internet are encrypted. Marketo utilizes encryption on its own email servers to ensure point-to-point encryption via opportunistic TLS. Customer can elect, for an additional charge, to configure the Subscription Services to use encrypted channels for its own collection of data via landing pages and from user activity on Customer’s web site. Customer may elect to apply high grade encryption to data at rest for an additional fee. All backups are encrypted with high-grade encryption. 2.5. Marketo monitors its network and production systems and implements and maintains security controls and procedures designed to prevent, detect and respond to identified threats and risks. Such monitoring and testing includes, but is not limited to, the following: 2.5.1. Employing an industry standard network intrusion detection system to monitor and block suspicious network traffic; 2.5.2. Reviewing access logs on servers and security events and retaining network security logs for 180 days; 2.5.3. Reviewing all access to production systems; 2.5.4. Performing network vulnerability assessments on a regular basis. Scans will be performed using industry standard scanning tools that identify application and hosting environment vulnerabilities. Marketo shall maintain a vulnerability remediation program; 2.5.5. Engaging third parties to perform network penetration testing on at least an annual basis. 2.6. Marketo shall ensure that: 2.6.1. All endpoints run an anti-virus solution and apply timely signature updates; 2.6.2. All critical, exploitable vulnerabilities are patched in a timely manner.