Security Procedures; Compliance. Apple shall use industry-standard measures to safeguard Personal Data during the transfer, processing, and storage of Personal Data as part of the Service. As part of these measures, Apple will use commercially reasonable efforts to encrypt Personal Data at rest and in transit; ensure the ongoing confidentiality, integrity, availability and resilience of the Service; in the event of an issue, restore the availability of Personal Data in a timely manner; and regularly test, assess, and evaluate the effectiveness of such measures. Apple will take appropriate steps to ensure compliance with security procedures by its employees, contractors and Sub-processors, and Apple shall ensure that any persons authorized to process such Personal Data comply with applicable laws regarding the confidentiality and security of Personal Data with regards to the Service. Encrypted Personal Data may be stored at Apple’s geographic discretion. To the extent Apple is acting as a data processor, Apple will assist You with ensuring Your compliance, if applicable, with the following:
(a) Article 28 of the GDPR (by allowing for and contributing to audits; provided, that Apple’s ISO 27001 and ISO 27018 certifications shall be considered sufficient for such required audit purposes); (b) Article 32 of the GDPR (by implementing the security procedures set forth in this Section 9.3 and by maintaining the ISO 27001 and ISO 27018 Certifications); (c) Articles 33 and 34 of the GDPR or other equivalent obligations under law (by assisting You with providing required notice of a Data Incident to a supervisory authority or data subjects);
