Data Processing and Storage Clause Samples

Data Processing and Storage. All Data and any Customer-related data will be processed and stored in accordance with Flashpoint’s then-current data retention and data privacy policy. On an annual basis, Flashpoint shall successfully complete a Service Organization Controls (SOC) 2 Type 2 examination related to the Security and Confidentiality principles of the American Institute of Certified Public Accountants (AICPA) Trust Services Principles (the “SOC 2 Examination”).

Data Processing and Storage. All Data and any Subscriber-related data will be processed and stored in accordance with Flashpoint’s then- current data retention and data privacy policy. On an annual basis, Flashpoint shall successfully complete a Service Organization Controls (SOC) 2 Type 2 examination related to the Security and Confidentiality principles of the American Institute of Certified Public Accountants (AICPA) Trust Services Principles (the “SOC 2 Examination”) and obtain an opinion from an independent audit firm regarding compliance with such principles. Flashpoint shall provide Subscriber with a copy of the applicable attestation letters resulting from each such examination.

Data Processing and Storage. In the event that Subscriber supplies Flashpoint with keywords in connection with our keyword alerting services, Flashpoint will store the keywords internally in order to detect on them, but Flashpoint does not share these keywords with anyone else, outside of our Subscriber Success, Solutions Architects, and Alerting Service internal Teams. Flashpoint will, however, monitor the service for internal system purposes only. Similarly, when Flashpoint performs searches for alerting, the searches are stored in Flashpoint’s keyword database – i.e., the fact that certain organizations are looking for certain keywords is still recorded. The organization is not able to be correlated with just the logs, however. Flashpoint does redact the specific queries once it moves to running searches under the context of the specific organization; while the keywords themselves are still maintained as set forth immediately above in this Section 11.1. In addition, Flashpoint may use third party platforms and tools that meet our security and privacy policy requirements in order to assist with the collection of Analytical Information. In addition to the foregoing, all Data and any Subscriber-related data will be processed and stored in accordance with Flashpoint’s then- current data retention and data privacy policy.

Data Processing and Storage. Please be advised that Flashpoint will not maintain any history nor logs of Subscriber’s searches, nor will it keep a database of what is being researched by Subscriber through our Services. Similarly, in the event that Subscriber supplies Flashpoint with keywords in connection with our keyword alerting services, Flashpoint will store the keywords internally in order to detect on them, but Flashpoint does not share these keywords with anyone else, outside of our Subscriber Success, Solutions Architects, and Alerting Service internal Teams. Flashpoint will, however, monitor the service for internal system purposes only. Similarly, when Flashpoint performs searches for alerting, the searches are stored in Flashpoint’s keyword database – i.e., the fact that certain organizations are looking for certain keywords is still recorded. The organization is not able to be correlated with just the logs, however. Flashpoint does redact the specific queries once it moves to running searches under the context of the specific organization; while the keywords themselves are still maintained as set forth immediately above in this Section 11.1. In addition, Flashpoint may use third party platforms and tools that meet our security and privacy policy requirements in order to assist with the collection of Analytical Information. In addition to the foregoing, all Data and any Subscriber-related data will be processed and stored in accordance with Flashpoint’s then-current data retention and data privacy policy.

Data Processing and Storage. The vendor may have available a complete and dedicated network-based backend support system, developed to process the data collected by the Bluetooth sensor. Such support shall also include a secure web-based user interface to enable the Department to view, analyze and configure data outputs. The data shall be available for viewing in real time and as post-processed report-generated analysis. Data processing will include, travel time, flow, speed, and MAC address counts. The data processing shall also filter the following data as needed to deliver the most accurate information: • Pedestrian • Vehicular • Toll-Tag (85th percentile) • Smoothing • Mean, Median, etc. • 2-stage filter • Data uploaded from the Bluetooth device network may be hosted and archived by the manufacturer on a dedicated server in a state-of-the art hosting facility, which is rated and equipped for mission critical environments, also known as a CyberCenter. The CyberCenter shall include at a minimum the following: • Serial attached small computer systems interface, model SAS 70 Type II Internal Control Standards—an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). Type II audit not only includes the description of controls, but also the detailed testing of controls. To achieve SAS 70 Type II, Cyber Center facility operations are thoroughly scrutinized and annually evaluated with results reported and published. • Physical security – Cyber Centers are outfitted with biometric palm scanners and secure card-key access to the collocation areas of the data center. Additionally, all customer equipment is kept in secure locations. On-site security personnel monitor hosting facilities 24/7 via indoor and outdoor video surveillance. Cyber Center access requires security desk check-in and is managed 24/7. • Heating ventilation and air conditioning (HVAC) and fire suppression - All Cyber Centers are designed with N+1 redundant chilling/heating systems and redundant, multi-zoned, fire suppression systems. – Very Early Smoke Detection Apparatus (VESDA®) systems are located throughout the raised floor area in all Cyber Centers. • Power - Redundant power is available as needed. It is designed with battery backup for uninterrupted power supply (UPS). Diesel generators (N+1) ensure uninterruptible power. • Public network connectivity – Cyber Center facilities are linked to a tier one OC-192 IP network or better.