Security Certifications Clause Samples

Security Certifications. CONTRACTOR represents and warrants to AGENCY that CONTRACTOR incorporates the following in the development, management and delivery of its information security management services: (i) ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) ISO/IEC 27000, series of Information Security Management Systems standards ("ISO Security Standards"), (ii) SSAE 16 (Statement on Standards for Attestation Engagements, and (iii) Payment Card Industry Data Security Standard (PCI DSS). If CONTRACTOR is, or if and when CONTRACTOR becomes certified under the ISOSecurity Standards or other security services standard, CONTRACTOR shall maintain such certification(s) on an on-going basis and CONTRACTOR shall provide AGENCY with a copy of such certification(s) upon request. CONTRACTOR shall provide AGENCY with full and complete copies of any ISO Security Standards audits and reviews, SOC 1 reports, SOC 2, reports, and other security audits, reports and reviews, whether conducted internally by CONTRACTOR or through a Third Party, within five (5) days of a request by AGENCY and within twenty (20) days of CONTRACTOR 's receipt of such audits, reports and reviews. If there are deficiencies cited and/or recommendations made, the CONTRACTOR Information Security Officer, the CONTRACTOR Executive Sponsor and other appropriate personnel from CONTRACTOR shall meet with AGENCY to review the deficiencies and recommendations and develop a plan of action to address such items.

Security Certifications. Zendesk holds the following security-related certifications from independent third-party auditors: SOC 2 Type II, ISO 27001:2013, and ISO 27018:2014.

Security Certifications. Provide list of security certifications you hold along with a copy of each. Providers should hold ISO 27001 for security controls or SAS 70 Type II audits for physical security.

Security Certifications deepwatch maintains internal controls, policies, and procedures at least as effective as those described in deepwatch’s most recent SOC 2 Type 2 report (“SOC Report”). Additionally, deepwatch meets or exceeds the Payment Card Industry ("PCI") Security Standards Council ("SSC") requirements for ▇▇▇▇▇ ▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇, as attested to in deepwatch’s most recent PCI Data Security Standard Attestation of Compliance ("AoC") for Onsite Assessments – Service Providers report (“PCI Report”) and has obtained TRUSTe Enterprise Certification.

Security Certifications. You must maintain, for the Term, the security certifications and accreditations stated in the Requirements from an accredited, independent, third party register or accredited, independent third party certification body.

Security Certifications. An independent third party has audited Flipsanck for the following security-related certifications: ISO270001:2013, ISO9001:2015, ISO20000-1, CSA Star Level 1, and Cyber Essentials.

Security Certifications. During the term of the Agreement, Medidata will maintain its Privacy Shield, Federal Information Systems Management Act (FISMA), Service Organization Controls 2 (SOC 2) and ISO/IEC 27001:2013 certifications.

Security Certifications. Inspera is certified as Cyber Essentials Plus, a UK based certification authority supported by the Information Commissioner's Office (ICO). Inspera is not certified according to the ISO 27001 industry standard, but all security measures and controls put in place are aligned with the standard. Inspera’s main hosting provider and supplier of cloud services, Amazon Web Services (AWS), is certified as ISO 27001. Inspera’s security policy states that any access to any information must be based on the “Need-to-know” principle. For the purposes of providing and supporting the Inspera Assessment SaaS service, this means that: ● Only a list of very few individuals have access to the backend of the Inspera Assessment and the processes required to approve and manage such privileged access are in place and monitored. ● Only those working on the service desk, taking part in the actual problem solving and the customer’s key account manager have access to the service desk application and the tickets. ● The customers themselves manage permissions and access control for each tenant and control if Inspera personnel should have access to support them. ● All access to both front-end and back-end are logged for traceability. The Inspera Assessment solution has a role-based approach to permissions and access to data, both in the application and on the backend. The configuration of these roles and their permissions can be configured differently for each customer and should be used to ensure that no one person can access all data without anyone else knowing or needing to take part. All employees and consultants working for Inspera are obligated to complete annual security and privacy training, which is both subject generic and Inspera specific. Developers are also trained in our development framework to ensure that privacy and security by design are understood and always considered. All employees and consultants are obligated to provide an annual self-declaration and confirm that they have read and understood the security and privacy requirements and are complying. The EU GDPR, and other applicable data protection legislations, is very specific on what rights the data subject has when processing their personal data. In most cases, Inspera acts as the data processor on behalf of the customer, who is the data controller according to GDPR, and has processes in place to support the data controller in the duty of complying with the data subject rights. In the few cases where Inspera i...

Security Certifications. PartnerTap is SOC 2 Type 2 certified. PartnerTap technical and organizational security measures are further described in PartnerTap’s- current security attestation report, available upon request.