Security Evaluations a. Acquia performs periodic risk assessments that evaluate and assess the security of the system's physical configuration and environment, software, information handling processes, and user practices including appropriate logs and reports on security activity.
b. In addition, security policies are regularly reviewed and evaluated to ensure operational effectiveness, compliance with applicable laws and regulations, and to address new threats and risks.
c. Security Policies are also reviewed when there is a material change in Acquia’s business practices or the external threat environment that may reasonably implicate the security or integrity of records containing Customer Data. Acquia uses a documented change control process for software, systems, applications, and databases that ensures access changes are controlled, approved, and recorded.
d. Acquia will promptly notify Customer of any planned system configuration changes or other changes that would adversely affect the confidentiality, integrity, or availability of Customer Data.
Security Evaluations. In addition to Opal’s own annual internal security audit to assess compliance with Opal’s security policies, processes, and procedures, Opal shall retain an accredited independent auditing firm to verify such compliance and provide an independent assessment of Opal’s compliance with ISO 27001 and/or SOC 2 Type II standards. Executive summaries of Opal’s most recent audit reports are available at xxxxx://xxx.xxxxxxxxxxxx.xxx/security.
1. Security Evaluations. Upon Customer’s request, but no more than once per calendar year and with at least ten (10) business days’ advance written notice, Customer may evaluate Opal’s security policies, processes, and procedures, provided that the scope of such evaluation will be limited to information that is not deemed confidential by Opal, including without limitation data belonging to other customers and Opal’s intellectual property and proprietary business practices (an “Evaluation”).
Security Evaluations. (a) Global shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Mercury Information and Global Processing Resources. Global shall periodically (no less than quarterly) conduct vulnerability assessments and penetration tests of its publicly-accessible Information Processing Resources. Global shall document the results of these evaluations and any remediation activities taken in response to such evaluations. Upon request no more than once per year, Global shall (i) provide a copy of its Attestation of Compliance, resulting from a PCI-DSS audit of the applicable Global Processing Resources; (ii) provide a copy of its SSAE 16 SOC 1 report and any other certifications, attestations or reports required by applicable law, regulations or the Rules for the provision of Services or Additional Services that are requested by Mercury.
(b) Mercury shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Mercury Information and Global Processing Resources. Mercury shall periodically (no less than quarterly) conduct vulnerability assessments and penetration tests of its publicly-accessible Information Processing Resources. Mercury shall document the results of these evaluations and any remediation activities taken in response to such evaluations. Upon request, no more than once per year, Mercury shall (i) provide a copy of its Attestation of Compliance, resulting from a PCI-DSS audit; (ii) provide a copy of its SSAE 16 SOC 1 report and any other certifications, attestations or reports required by applicable law, regulations or the Rules for the provision of Services or Additional Services that are requested by Global.
Security Evaluations. Notified shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Customer Information and Notified Processing Resources. Notified shall periodically (no less than annually) have a reputable third party perform vulnerability assessments and penetration tests of its publicly accessible Information Processing Resources. Notified shall document the results of these evaluations and any remediation activities taken in response to such evaluations.
Security Evaluations. West shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Customer Information and West Processing Resources. West shall periodically (no less than annually) have a reputable third party perform vulnerability assessments and penetration tests of its publicly accessible Information Processing Resources. West shall document the results of these evaluations and any remediation activities taken in response to such evaluations.
Security Evaluations. (a) Planet Payment shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Global Payments Confidential Information and Planet Payment Services Resources. Planet Payment shall periodically (no less than quarterly) conduct vulnerability assessments and penetration tests of its publicly-accessible Planet Payment Services Resources. Planet Payment shall document the results of these evaluations and any remediation activities taken in response to such evaluations. Upon request no more than once per year, Planet Payment shall provide a copy of its PCI-DSS Report of Compliance, SSAE 16 SOC 1, Type II report and any other certifications, attestations or reports required by applicable law, regulations or industry governing bodies for the provision of Services hereunder.
Security Evaluations. Data Center shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Sensitive Information. Data Center shall document the results of these evaluations and any remediation activities taken in response to such evaluations, and make available a copy to Researcher upon request.
Security Evaluations. Provider shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of United Information and Provider Processing Resources. Provider shall document the results of these evaluations and any remediation activities taken in response to such evaluations, and provide to United a copy.
Security Evaluations. Vendor shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of United Information and Vendor Processing Resources. Vendor shall document the results of these evaluations and any remediation activities taken in response to such evaluations, and provide to United a copy.
Security Evaluations
