Security of the Service and Compliance. Throughout the term of this Agreement, keylight will maintain a data security program for the Service that will: (a) include reasonable administrative, physical, technical, organizational and other security measures to protect against unauthorized access to, or destruction, loss, unavailability or alteration of, any Customer Data processed or stored by the Service; (b) comply with the PCI DSS (or prevailing successor industry standard, if replaced); and (c) include reasonable and appropriate controls pursuant to keylight’s ISO 27001 audit (or other name if replaced); and (d) notify Customer within forty-eight (48) hours via email and/or telephone conversation upon becoming aware of any security breach of the Service. Subject to the DPA, keylight will be responsible for unauthorized access and damage to, and for unauthorized deletion, destruction and loss of, Customer Data solely to the extent arising from keylight’s negligent breach of its obligations under this Agreement pursuant to 14 Warranties and Commitments and 16 Limitation of liability below.
Security of the Service and Compliance. Throughout the term of this Agreement, Xxxxxxxxx.XX will maintain a data security program for the Service that will: (a) include reasonable administrative, physical, technical, organizational and other security measures to protect against unauthorized access to, or destruction, loss, unavailability or alteration of, any Customer Data processed or stored by the Service; and (b) include reasonable and appropriate controls pursuant to Xxxxxxxxx.XX’s Service Organization Control (“SOC”) 1 & 2 audit (or other name if replaced) although certification may be inflight. Xxxxxxxxx.XX will be responsible for unauthorized access and damage to, and for unauthorized use, deletion, destruction and loss of, Customer Data solely to the extent arising from Xxxxxxxxx.XX’s breach of its obligations under this Agreement.
