Common use of Operational Controls Clause in Contracts

Operational Controls. In its performance of Hosted Subscription Services, Verint shall maintain operational controls sufficient to enable Verint’s satisfaction of its performance obligations in this Section 3, including, without limitation, the following: • Verint will utilize up-to-date and comprehensive virus and malware protection capabilities, and commercially reasonable practices, including detection, scanning and removal of known viruses, worms and other malware on the Verint’s hosting systems. These virus protection capabilities will be in force on all computers and/or devices utilized in connection with the technology services, as well as on all data files or other transfers that have access or are connected to Verint’s hosting system. • If a virus, worm or other malware causes a loss of operational efficiency or loss of data, Verint will mitigate losses and restore data from the last virus free backup to the extent practicable. • Verint shall obligate its hosting partners to provide a multiple layered security approach. This shall include perimeter firewalls, DMZ, one or more internal network segments, and network intrusion detection monitors for attempted intrusion to the production environment. Network vulnerability scans shall be conducted regularly and issues addressed according to Industry Standard change control processes. • Verint shall mitigate security vulnerabilities through the use of perimeter and host countermeasures such as intrusion prevention, web application firewall, IP address shunning, and other measures designed to prevent successful exploitation of vulnerabilities. • Verint and its hosting partners shall proactively address security risks by applying released security patches, including, as example, Windows security patching and updates to patch known vulnerabilities in an applicable operating system. Patches shall be deployed to production via Verint’s change management process. Verint shall test all patches in its test environment prior to release to production. If a patch degrades or disables the production environment, Verint shall continue to mitigate vulnerabilities until a patch is provided by the software or operating system manufacturer that does not degrade or disable production. Such mitigation efforts may include intrusion prevention, web application firewall, and other measures chosen by Verint to reduce likelihood or prevent successful access to Customer Data by an unauthorized party. • Each month, Verint and its hosting partners shall schedule maintenance windows to perform data center, system, and application maintenance activities. Verint shall notify Customer in advance of any scheduled maintenance activity that is expected to disrupt the Hosted Subscription Services functionality. • Verint shall retain security logs for a minimum of thirty (30) days online and ninety (90) days archived. Verint may retain logs for a longer period at its sole discretion.

Operational Controls. In its performance of Hosted Subscription Services, Verint Cognyte shall maintain operational controls sufficient to enable VerintCognyte’s satisfaction of its performance obligations in this Section 3, including, without limitation, the following: • Verint Cognyte will utilize up-to-date and comprehensive virus and malware protection capabilities, and commercially reasonable practices, including detection, scanning and removal of known viruses, worms and other malware on the VerintCognyte’s hosting systems. These virus protection capabilities will be in force on all computers and/or devices utilized in connection with the technology services, as well as on all data files or other transfers that have access or are connected to VerintCognyte’s hosting system. • If a virus, worm or other malware causes a loss of operational efficiency or loss of data, Verint Cognyte will mitigate losses and restore data from the last virus free backup to the extent practicable. • Verint Cognyte shall obligate its hosting partners to provide a multiple layered security approach. This shall include perimeter firewalls, DMZ, one or more internal network segments, and network intrusion detection monitors for attempted intrusion to the production environment. Network vulnerability scans shall be conducted regularly and issues addressed according to Industry Standard change control processes. • Verint Cognyte shall mitigate security vulnerabilities through the use of perimeter and host countermeasures such as intrusion prevention, web application firewall, IP address shunning, and other measures designed to prevent successful exploitation of vulnerabilities. • Verint Cognyte and its hosting partners shall proactively address security risks by applying released security patches, including, as example, Windows security patching and updates to patch known vulnerabilities in an applicable operating system. Patches shall be deployed to production via VerintCognyte’s change management process. Verint Cognyte shall test all patches in its test environment prior to release to production. If a patch degrades or disables the production environment, Verint Cognyte shall continue to mitigate vulnerabilities until a patch is provided by the software or operating system manufacturer that does not degrade or disable production. Such mitigation efforts may include intrusion prevention, web application firewall, and other measures chosen by Verint Cognyte to reduce likelihood or prevent successful access to Customer Data by an unauthorized party. • Each month, Verint Cognyte and its hosting partners shall schedule maintenance windows to perform data center, system, and application maintenance activities. Verint Cognyte shall notify Customer in advance of any scheduled maintenance activity that is expected to disrupt the Hosted Subscription Services functionality. • Verint Cognyte shall retain security logs for a minimum of thirty (30) days online and ninety (90) days archived. Verint Cognyte may retain logs for a longer period at its sole discretion.