Common use of Data Controls Clause in Contracts

Data Controls. In its performance obligations with respect to Hosted Subscription Services, Cognyte does require access to Customer Data, and the following additional terms and conditions shall apply: • Cognyte’s security procedures shall require that any Customer Data stored by Cognyte only be stored using secure data encryption algorithms and key strengths of 128-bit symmetric and 1024-bit asymmetric or greater. Cognyte shall monitor Industry Standards and implement an action plan if key lengths in use can be compromised through commercially reasonable means. • Cognyte will maintain a key management process that includes appropriate controls to limit access to private keys and a key revocation process. Private keys, and passwords shall not be stored on the same media as the data they protect. • Cognyte will prohibit Cognyte Personnel from the download, extraction, storage or transmission of Customer Data through personally owned computers, laptops, tablet computers, cell phones, or similar personal electronic devices except where enrolled in Cognyte’s Mobile Device Management (MDM), Information Rights Management (IRM), or other security programs. If personal computers or mobile devices are used to perform any part of the Hosted Subscription Services, Cognyte will encrypt all Customer Data on such mobile devices. • Cognyte agrees that any and all electronic transmission or exchange of Customer Data shall be protected by encryption standards. • Customer Data stored as a part of the Hosted Subscription Services shall reside only on Cognyte production systems housed in Cognyte hosting partner data centers, unless noted in a SOW or required with respect to professional service engagements or performance of support services. Any storage of Customer Data on Cognyte premises is temporary and is used strictly for support and services engagements. Once Customer Data on Cognyte premise has served its purpose, it shall be promptly destroyed in accordance to Cognyte’s confidential data destruction procedures. • Cognyte will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. Cognyte will ensure that transfers of Personal Data to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR and that such transfers and safeguards are documented according to Article 30(2) of the GDPR.

Data Controls. In its performance obligations with respect to Hosted Subscription Services, Cognyte does require access to Customer Data, and the following additional terms and conditions shall apply: • Cognyte’s security procedures shall require that any Customer Data stored by Cognyte only be stored using secure data encryption algorithms and key strengths of 128-bit symmetric and 1024-bit asymmetric or greater. Cognyte shall monitor Industry Standards and implement an action plan if key lengths in use can be compromised through commercially reasonable means. • Cognyte will maintain a key management process that includes appropriate controls to limit access to private keys and a key revocation process. Private keys, and passwords shall not be stored on the same media as the data they protect. • Cognyte will prohibit Cognyte Personnel from the download, extraction, storage or transmission of Customer Data through personally owned computers, laptops, tablet computers, cell phones, or similar personal electronic devices except where enrolled in Cognyte’s Mobile Device Management (MDM), Information Rights Management (IRM), or other security programs. If personal computers or mobile devices are used to perform any part of the Hosted Subscription Services, Cognyte will encrypt all Customer Data on such mobile devices. • Cognyte agrees that any and all electronic transmission or exchange of Customer Data shall be protected by a secure and encrypted means (e.g. HTTPS, SSH, encryption standardsusing TLS on gateway while sending emails). • Customer Data stored as a part of the Hosted Subscription Services shall reside only on Cognyte production systems housed in Cognyte hosting partner data centers, unless noted in a SOW or required with respect to professional service engagements or performance of support services. Any storage of Customer Data on Cognyte premises is temporary and is used strictly for support and services engagements. Once Customer Data on Cognyte premise has served its purpose, it shall be promptly destroyed in accordance to Cognyte’s confidential data destruction procedures. • Cognyte will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. Cognyte will ensure that transfers of Personal Data to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR and that such transfers and safeguards are documented according to Article 30(2) of the GDPR.