Data Security and Processing Sample Clauses
The Data Security and Processing clause establishes the obligations and standards for handling, storing, and protecting data exchanged or processed under the agreement. It typically outlines requirements for implementing security measures, restricting access to sensitive information, and ensuring compliance with relevant data protection laws. This clause is essential for safeguarding confidential or personal data, mitigating the risk of data breaches, and clarifying each party’s responsibilities regarding data management.
Data Security and Processing. 9.1. Security Program. SailPoint will maintain administrative, physical, and technical safeguards designed to protect the security and confidentiality of Customer Data, including measures designed to prevent unauthorized access, use, modification, or disclosure of Customer Personal Data. SailPoint’s current SaaS data security programs for each SaaS Service are described on SailPoint’s website at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/legal/. With respect to the SaaS Services listed at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/legal/saas-services/, SailPoint will operate in conformance with the physical, technical, operational, and administrative measures and protocols regarding data security that are set forth in its then current Service Organization Control 2 (SOC 2) Type 2 Report(s) (or equivalent report(s)), received from its third-party auditors. Upon Customer request, for each calendar year during the term of this SaaS Agreement, upon sixty (60) calendar days of issuance but no later than the end of each calendar year, SailPoint shall submit to Customer via email to Customer’s Contract Manager or designee a copy of its annual American Institute of Certified Public Accountants Service Organization Control (SOC) 1 type 2 report or SOC 2 type 2 report (for all Trusted Services Principles) relevant to the Services, such relevancy as solely determined by Customer.
Data Security and Processing. 7.1. Data Security Standards. Varicent shall use, process, retain, and disclose Customer Data only as necessary for the specific purpose of providing the Cloud Service and in compliance with Varicent’s data security standards and procedures set forth at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/legal_agreements (the “Data Security Standards”) and applicable Law. Varicent shall not sell Personal Data. Customer acknowledges that (a) Varicent may modify the Data Security Standards from time to time at Varicent’s sole discretion and (b) such modifications shall supersede prior versions; provided that, such modified Data Security Standards shall be, except to the extent required to comply with applicable Law, no less protective of the Customer Data than the Data Security Standards in place as of the Effective Date.
7.2. Customer Responsibilities. Customer is solely responsible for (a) taking necessary actions to order, enable, and use the available data protection features for the Cloud Service and (b) implementing and managing security and privacy measures for the Customer Systems and any items not provided and managed by Varicent within the Cloud Service (such as systems and applications built or deployed by Customer upon the Cloud Service and Customer end-user access control to the Cloud Service).
Data Security and Processing