DEFAULT STANDARDS Clause Samples
The "Default Standards" clause establishes the baseline requirements or criteria that must be met under an agreement. It typically outlines the minimum acceptable levels of performance, quality, or conduct expected from the parties involved, often referencing industry norms or specific benchmarks. For example, it may require that services be performed in accordance with generally accepted professional standards or that products meet certain regulatory specifications. The core function of this clause is to ensure clarity and consistency in expectations, reducing ambiguity and potential disputes over what constitutes satisfactory performance.
DEFAULT STANDARDS a. To the extent that Cisco Processes Special Categories of Data, the security measures referred to in this DPE shall also include, at a minimum (i) routine risk assessments of Cisco’s infor- mation security program, (ii) regular testing and monitoring to measure and confirm the effec- tiveness of the information security program’s key controls, systems, and procedures, and (iii) encryption of Special Categories of Data while during transmission (whether sent by e-mail, fax, or otherwise) and storage (including when stored on mobile devices, such as a portable computer, flash drive, PDA, or cellular telephone). If encryption is not feasible, Cisco shall not store Special Categories of Data on any unencrypted devices unless compensating controls are implemented. Cisco shall protect all Special Categories of Data stored on electronic data- bases, servers, or other forms of non-mobile devices against all reasonably anticipated forms of compromise by use of the safeguards contained in Attachment A (Information Security Ex- hibit).
b. In addition to the foregoing, to the extent Cisco receives, processes, transmits or stores any Cardholder Data for or on behalf of Customer, Cisco represents and warrants that information security procedures, processes, and systems will at all times meet or exceed all applicable information security laws, standards, rules, and requirements related to the collection, storage, Processing, and transmission of payment card information, including those established by ap- plicable governmental regulatory agencies, the Payment Card Industry (the “PCI”), all applica- ble networks, and any written standards provided by Customer’s information security group to Cisco from time to time (all the foregoing collectively the “PCI Compliance Standards”).
c. Where Cisco Processes Protected Health Information (as that term is defined by The Health Insurance Portability and Accountability Act, or HIPAA), the Business Associate Agreement will be added as Attachment C and will also apply to the Processing of such data. If any of the Applicable Laws are superseded by new or modified mandatory applicable law (including any decisions or interpretations by a relevant court or governmental authority relating thereto), the new or modified mandatory applicable law shall be deemed to be incorporated into this DPE, and Cisco will promptly begin complying with such mandatory applicable law.
d. If this DPE does not specifically address a particular data security ...
DEFAULT STANDARDS a. To the extent that Supplier Processes Special Categories of Data, the security measures re- ferred to in this DPE shall also include, at a minimum (i) routine risk assessments of Supplier’s information security program, (ii) regular testing and monitoring to measure and confirm the effectiveness of the information security program’s key controls, systems, and procedures, and