Common use of Data Security Requirements Clause in Contracts

Data Security Requirements. The Acquired Entities and the conduct of their business are in compliance in all material respects with all Data Security Requirements. Each Acquired Entity has secured all material necessary rights, consents, and permissions, as applicable, consistent with Data Security Requirements sufficient for the processing of Personal Information by the Acquired Entities. Since the Look-Back Date, there has not been any (i) actual, suspected or alleged incidents of data security breaches or unauthorized access with respect to the Business Systems or (ii) actual, suspected or alleged unauthorized acquisition, destruction, damage, disclosure, loss, corruption, alteration or use of any Personal Information, which in either case (x) would be reasonably likely to result in any material loss or material liability to the Acquired Entities; (y) resulted in a notice by the Acquired Entities to, or a requirement to notify, any Persons, or (z) resulted in a complaint from any Person. Each Acquired Entity has established or is subject to, and since the Look-Back Date has been in material compliance with, a written information security program comprising commercially reasonable administrative, technical and physical safeguards designed to: (A) protect the security, confidentiality, and integrity of all Business Systems and all Acquired Entity Data; (B) prevent unauthorized access to, use or disclosure of the Business Systems and Acquired Entity Data; (C) includes reasonable policies and procedures that apply to each Acquired Entity with respect to privacy, data protection, processing, security and the collection and use of and Acquired Entity Data; and (D) identify threats to the confidentiality or security of Acquired Entity Data and intrusions into the Business Systems. Each Acquired Entity has been subject to routine security risk assessments in accordance with industry standards and have addressed and fully remediated all material threats and deficiencies identified in any assessments of the security risks or vulnerabilities of each Acquired Entity.

Data Security Requirements. The Acquired Entities and the conduct of their business are in compliance in all material respects Supplier must: (a) comply with all applicable Amplitel Policies (including standards and procedures) relating to security and Amplitel Data Security Requirements. Each Acquired Entity notified by Amplitel to the Supplier in accordance with this Agreement; (b) implement, maintain and enforce appropriate and industry best practice security procedures and safeguards in order to protect Amplitel Data in the Supplier’s possession and control against any misuse, loss, interference unauthorised access, modification or disclosure; (c) ensure that Amplitel has secured access at all material necessary rightstimes to Amplitel Data while it is in the Supplier’s possession or control and provide that Amplitel Data to Amplitel upon request; (d) if any Amplitel Data is lost, consentsdamaged, corrupted or otherwise unable to be accessed, take all reasonably practicable measures available to the Supplier to recover and permissionsrestore that Amplitel Data immediately (and such measures will be at Supplier’s cost to the extent such loss, as applicabledamage, consistent with Data Security Requirements sufficient for the processing corruption or loss of Personal Information access is caused or contributed to by the Acquired Entities. Since Supplier or its Personnel); (e) immediately notify Amplitel if it becomes aware of any likely, suspected or actual misuse or loss of, interference with or unauthorised access to, modification of, or disclosure of, Amplitel Data, or breach of the Look-Back DateSupplier’s obligations relating to Amplitel Data (a Data Breach), there has not been or is or may be required by Law to disclose any Amplitel Data or Data Breach (Notifiable Event); (f) comply with any reasonable direction from Amplitel with respect to: (i) actualassessing, suspected or alleged incidents of data security breaches or unauthorized access with respect to the Business Systems investigating, remedying and addressing a Data Breach; or (ii) actuala Notifiable Event, suspected or alleged unauthorized acquisitionincluding providing information requested by Amplitel relevant to the Notifiable Event, destruction, damage, disclosure, loss, corruption, alteration or use and not otherwise disclosing to any third party the circumstances regarding the Notifiable Event without express prior written approval from Amplitel; (g) inform and co-operate with Amplitel in the event of any Personal Information, which in either case breach or risk regarding the security of Amplitel Data; (xh) would be reasonably likely ensure that any person who is authorised by the Supplier to result in any material loss or material liability have access to Amplitel Data complies and agrees to comply with this clause to the Acquired Entitiessame extent as the Supplier; (i) comply with any additional data security requirements set out in the Module Terms and the PO or SOW (in which case the parties agree that the more onerous requirement will take precedence to the extent of any inconsistency); and (yj) resulted only disclose, store, transfer, and make accessible Amplitel Data within Australia, the country in a notice which the Amplitel Data is shared by the Acquired Entities toAmplitel, or a requirement to notify, any Persons, as otherwise set out in the PO or (z) resulted in a complaint from any Person. Each Acquired Entity has established or is subject to, and since the Look-Back Date has been in material compliance with, a written information security program comprising commercially reasonable administrative, technical and physical safeguards designed to: (A) protect the security, confidentiality, and integrity of all Business Systems and all Acquired Entity Data; (B) prevent unauthorized access to, use or disclosure of the Business Systems and Acquired Entity Data; (C) includes reasonable policies and procedures that apply to each Acquired Entity with respect to privacy, data protection, processing, security and the collection and use of and Acquired Entity Data; and (D) identify threats to the confidentiality or security of Acquired Entity Data and intrusions into the Business Systems. Each Acquired Entity has been subject to routine security risk assessments in accordance with industry standards and have addressed and fully remediated all material threats and deficiencies identified in any assessments of the security risks or vulnerabilities of each Acquired EntitySOW.

Data Security Requirements. The Acquired Entities and the conduct of their business are in compliance in all material respects Supplier must:‌ (a) comply with all security policies, standards and procedures notified by Amplitel to the Supplier in relation to the Amplitel Data, including in relation to Amplitel Data Security Requirements. Each Acquired Entity encryption and other applicable Amplitel Policies; (b) implement, maintain and enforce appropriate and industry best practice security procedures and safeguards in order to protect Amplitel Data in the Supplier’s possession and control against any misuse, loss, interference unauthorised access, modification or disclosure; (c) ensure that Amplitel has secured access at all material necessary rightstimes to Amplitel Data while it is in the Supplier’s possession or control and provide that Amplitel Data to Amplitel upon request; (d) if any Amplitel Data is lost, consentsdamaged, corrupted or otherwise unable to be accessed, take all reasonably practicable measures available to the Supplier to recover and permissionsrestore that Amplitel Data immediately (and such measures will be at Supplier’s cost to the extent such loss, as applicabledamage, consistent with Data Security Requirements sufficient for the processing corruption or loss of Personal Information access is caused or contributed to by the Acquired Entities. Since Supplier or its Personnel); (e) immediately notify Amplitel if it becomes aware of any likely, suspected or actual misuse or loss of, interference with or unauthorised access to, modification of, or disclosure of, Amplitel Data, or breach of the Look-Back DateSupplier’s obligations relating to Amplitel Data (a Data Breach), there has not been or is or may be required by Law to disclose any Amplitel Data or Data Breach (Notifiable Event);‌ (f) comply with any reasonable direction from Amplitel with respect to: (i) actualassessing, suspected or alleged incidents of data security breaches or unauthorized access with respect to the Business Systems investigating, remedying and addressing a Data Breach; or (ii) actuala Notifiable Event, suspected or alleged unauthorized acquisitionincluding providing information requested by Amplitel relevant to the Notifiable Event, destruction, damage, disclosure, loss, corruption, alteration or use and not otherwise disclosing to any third party the circumstances regarding the Notifiable Event without express prior written approval from Amplitel; (g) inform and co-operate with Amplitel in the event of any Personal Information, which in either case breach or risk regarding the security of Amplitel Data; (xh) would be reasonably likely ensure that any person who is authorised by the Supplier to result in any material loss or material liability have access to Amplitel Data complies and agrees to comply with this clause to the Acquired Entitiessame extent as the Supplier; (i) comply with any additional data security requirements set out in the Module Terms and the PO or SOW (in which case the parties agree that the more onerous requirement will take precedence to the extent of any inconsistency); and (yj) resulted only disclose, store, transfer, and make accessible Amplitel Data within Australia, the country in a notice which the Amplitel Data is shared by the Acquired Entities toAmplitel, or a requirement to notify, any Persons, as otherwise set out in the PO or (z) resulted in a complaint from any Person. Each Acquired Entity has established or is subject to, and since the Look-Back Date has been in material compliance with, a written information security program comprising commercially reasonable administrative, technical and physical safeguards designed to: (A) protect the security, confidentiality, and integrity of all Business Systems and all Acquired Entity Data; (B) prevent unauthorized access to, use or disclosure of the Business Systems and Acquired Entity Data; (C) includes reasonable policies and procedures that apply to each Acquired Entity with respect to privacy, data protection, processing, security and the collection and use of and Acquired Entity Data; and (D) identify threats to the confidentiality or security of Acquired Entity Data and intrusions into the Business Systems. Each Acquired Entity has been subject to routine security risk assessments in accordance with industry standards and have addressed and fully remediated all material threats and deficiencies identified in any assessments of the security risks or vulnerabilities of each Acquired EntitySOW.

Data Security Requirements. The Acquired Entities If the Supplier deals with any Cleanaway Data, the Supplier must: (a) implement, maintain and enforce appropriate security procedures and safeguards in order to protect Cleanaway Data in the conduct Supplier’s possession and control against any misuse, loss, interference unauthorised access, modification or disclosure; (b) ensure that Cleanaway has access at all times to Cleanaway Data while it is in the Supplier’s possession or control and provide that Cleanaway Data to Cleanaway upon request; (c) if any Cleanaway Data is lost, damaged, corrupted or otherwise unable to be accessed, take all reasonably practicable measures available to the Supplier to recover and restore that Cleanaway Data promptly (and such measures will be at Supplier’s cost to the extent such loss, damage, corruption or loss of their business are in compliance in all material respects with all Data Security Requirements. Each Acquired Entity has secured all material necessary rights, consents, and permissions, as applicable, consistent with Data Security Requirements sufficient for the processing of Personal Information access is caused or contributed to by the Acquired Entities. Since Supplier or its Representatives); (d) immediately notify Cleanaway if it becomes aware of any likely, suspected or actual misuse or loss of, interference with or unauthorised access to, modification of, or disclosure of, Cleanaway Data, or breach of the Look-Back DateSupplier’s obligations relating to Cleanaway Data (a Data Breach), there has not been or is or may be required by Law to disclose any Cleanaway Data or Data Breach (Notifiable Event); (e) comply with any reasonable direction from Cleanaway with respect to: (i) actualassessing, suspected or alleged incidents of data security breaches or unauthorized access with respect to the Business Systems or investigating, remedying and addressing a Data Breach; or (ii) actuala Notifiable Event, suspected or alleged unauthorized acquisitionincluding providing information requested by Cleanaway relevant to the Notifiable Event, destruction, damage, disclosure, loss, corruption, alteration or use and not otherwise disclosing to any third party the circumstances regarding the Notifiable Event without express prior written approval from Cleanaway; (f) inform and co-operate with Cleanaway in the event of any Personal Information, which in either case breach or risk regarding the security of Cleanaway Data; (xg) would be reasonably likely ensure that any person who is authorised by the Supplier to result in any material loss or material liability have access to Cleanaway Data complies and agrees to comply with this clause to the Acquired Entitiessame extent as the Supplier; (h) comply with any additional data security requirements set out in the Purchase Order or Specifications (in which case the parties agree that the more onerous requirement will take precedence to the extent of any inconsistency); and (yi) resulted in a notice by the Acquired Entities toonly disclose, or a requirement to notifystore, any Persons, or (z) resulted in a complaint from any Person. Each Acquired Entity has established or is subject totransfer, and since make accessible Cleanaway Data within Australia or as otherwise set out in the Look-Back Date has been in material compliance with, a written information security program comprising commercially reasonable administrative, technical and physical safeguards designed to: (A) protect the security, confidentiality, and integrity of all Business Systems and all Acquired Entity Data; (B) prevent unauthorized access to, use or disclosure of the Business Systems and Acquired Entity Data; (C) includes reasonable policies and procedures that apply to each Acquired Entity with respect to privacy, data protection, processing, security and the collection and use of and Acquired Entity Data; and (D) identify threats to the confidentiality or security of Acquired Entity Data and intrusions into the Business Systems. Each Acquired Entity has been subject to routine security risk assessments in accordance with industry standards and have addressed and fully remediated all material threats and deficiencies identified in any assessments of the security risks or vulnerabilities of each Acquired EntityPurchase Order.

Data Security Requirements. The Acquired Entities and the conduct of their business are in compliance in all material respects Supplier must: (a) comply with all security policies, standards and procedures notified by Telstra to the Supplier in relation to the Telstra Data, including in relation to Telstra Data Security Requirements. Each Acquired Entity encryption and other applicable Telstra Policies; (b) implement, maintain and enforce appropriate and industry best practice security procedures and safeguards in order to protect Telstra Data in the Supplier’s possession and control against any misuse, loss, interference unauthorised access, modification or disclosure; (c) ensure that Telstra has secured access at all material necessary rightstimes to Telstra Data while it is in the Supplier’s possession or control and provide that Telstra Data to Telstra upon request; (d) if any Telstra Data is lost, consentsdamaged, corrupted or otherwise unable to be accessed, take all reasonably practicable measures available to the Supplier to recover and permissionsrestore that Telstra Data immediately (and such measures will be at Supplier’s cost to the extent such loss, as applicabledamage, consistent with Data Security Requirements sufficient for the processing corruption or loss of Personal Information access is caused or contributed to by the Acquired Entities. Since Supplier or its Personnel); (e) immediately notify Telstra if it becomes aware of any likely, suspected or actual misuse or loss of, interference with or unauthorised access to, modification of, or disclosure of, Telstra Data, or breach of the Look-Back DateSupplier’s obligations relating to Telstra Data (a Data Breach), there has not been or is or may be required by Law to disclose any Telstra Data or Data Breach (Notifiable Event); (f) comply with any reasonable direction from Telstra with respect to: (i) actualassessing, suspected or alleged incidents of data security breaches or unauthorized access with respect to the Business Systems investigating, remedying and addressing a Data Breach; or (ii) actuala Notifiable Event, suspected or alleged unauthorized acquisitionincluding providing information requested by Telstra relevant to the Notifiable Event, destruction, damage, disclosure, loss, corruption, alteration or use and not otherwise disclosing to any third party the circumstances regarding the Notifiable Event without express prior written approval from Telstra; (g) inform and co-operate with Telstra in the event of any Personal Information, which in either case breach or risk regarding the security of Telstra Data; (xh) would be reasonably likely ensure that any person who is authorised by the Supplier to result in any material loss or material liability have access to Telstra Data complies and agrees to comply with this clause to the Acquired Entitiessame extent as the Supplier; (i) comply with any additional data security requirements set out in the Module Terms and the PO or SOW (in which case the parties agree that the more onerous requirement will take precedence to the extent of any inconsistency); and (yj) resulted only disclose, store, transfer, and make accessible Telstra Data within Australia, the country in a notice which the Telstra Data is shared by the Acquired Entities toTelstra, or a requirement to notify, any Persons, as otherwise set out in the PO or (z) resulted in a complaint from any Person. Each Acquired Entity has established or is subject to, and since the Look-Back Date has been in material compliance with, a written information security program comprising commercially reasonable administrative, technical and physical safeguards designed to: (A) protect the security, confidentiality, and integrity of all Business Systems and all Acquired Entity Data; (B) prevent unauthorized access to, use or disclosure of the Business Systems and Acquired Entity Data; (C) includes reasonable policies and procedures that apply to each Acquired Entity with respect to privacy, data protection, processing, security and the collection and use of and Acquired Entity Data; and (D) identify threats to the confidentiality or security of Acquired Entity Data and intrusions into the Business Systems. Each Acquired Entity has been subject to routine security risk assessments in accordance with industry standards and have addressed and fully remediated all material threats and deficiencies identified in any assessments of the security risks or vulnerabilities of each Acquired EntitySOW.