Security Controls. Annually, upon Fund’s reasonable request, Transfer Agent shall provide Fund’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent’s Security Policy and an opportunity to discuss Transfer Agent’s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent’s information technology management team. Transfer Agent shall review its Security Policy annually.
Security Controls. Apple will assist You to ensure Your compliance with Your obligations with regards to the security of Personal Data, including, if applicable, Your Institution’s obligations, under Article 32 of the GDPR, by implementing the Security Procedures set forth in section 3F of this Agreement and by maintaining the ISO 27001 Certification and ISO 27018 Certification. Apple will make available for review by Institution the certificates issued in relation to the ISO 27001 Certification and ISO 27018 Certification following a request by You or Your Institution under this Section 3G.
Security Controls. Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.
Security Controls. Prior to State Street having access to Client Data, then annually and upon Client’s reasonable request, State Street shall provide Client’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for State Street’s Security Policy and an opportunity to discuss State Street’s information security measures with a qualified member of State Street’s information technology management team.
Security Controls. You must implement and maintain safeguards and security controls that are reasonable for the size, nature and maturity of your business and industry to protect Verification Data and Stripe Data against unauthorised access, use and disclosure. If you fail to do so, in addition to all other remedies available to Stripe, Stripe may suspend or restrict your access to the Stripe Identity Services and Verification Data.
Security Controls. A. Provider shall store and process Data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure Data from unauthorized access, disclosure and use.
Security Controls. Entrust Datacard shall implement appropriate technical and organizational measures to maintain the security, confidentiality and integrity of Personal Data, including measures designed to protect against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data.
Security Controls. In accordance with its information security program, Smartsheet shall implement appropriate physical, organizational, and technical controls designed to: (a) ensure the security, integrity, and confidentiality of Customer Content accessed, collected, used, stored, or transmitted to or by Smartsheet; and (b) protect Customer Content from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure, and other unlawful forms of processing. Without limitation, Smartsheet will, as appropriate, utilize the following controls:
Security Controls. The Hosted Services environment is protected using a combination of security controls such as boundary protection, use of certified and supported software, a security Incident policy (including ownership, process, communication, escalation and tracking), penetration testing, vulnerability scanning, intrusion detection and malware protection. Data flows between Customer and the Hosted Services are secured using recognised industry standard encryption algorithms. The Hosted Services implements logical separation of customer data so that each Customer only has access to its own information. Amendments to the infrastructure are handled as set out in paragraph 16 below, and Customer issues arising through the use of the Hosted Services are handled as set out in paragraph 13. Secure Use. Customer undertakes to take all appropriate technical and organisational security measures in accordance with good industry practice to protect against any abuse or fraudulent use of the Hosted Services, including but not limited to any illegal or unlawful activity; the collection, development or distribution of malicious code; hacking or cracking activities; the circumvention of copy-protection mechanisms; assisting or allowing any third person to do any of the foregoing. Secure Access. Service Provider manages employee logical and physical access to the Hosted Services to ensure that access is restricted to authorised personnel only in accordance with their role and that access is monitored and controlled. Customer is responsible for its own user administration for the Hosted Services (unless an applicable Order Agreement states that Customer has delegated this responsibility to Service Provider) which includes controlling Customer’s end user access and authorisation. Service Provider employee access and Customer end user access to the Hosted Services requires a mandatory secondary authentication (multi-factor authentication) after password control. Customer remains fully responsible for employing the password requirements defined by the Hosted Services (such as controls on password length, character content, character repetition, sequence repetition, frequency of password change and number of allowed unsuccessful login attempts) and multi-factor authentication (mandatory secondary authentication after password control) to ensure secure access to the Hosted Services. Personnel Vetting and Training. Service Provider maintains a screening policy regarding Hosted Services employe...