Common use of SECURITY PROCESSES Clause in Contracts

SECURITY PROCESSES. If requested by an Authorized User, Contractor shall complete a Consensus Assessment Initiative Questionnaire (CAIQ). The CAIQ is available at Cloud Security Alliance (▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/). The CAIQ may be used to assist the Authorized User in building the necessary assessment processes when engaging with Contractors. In addition to a request for a CAIQ, Contractor shall cooperate with all reasonable Authorized User requests for a Written description of Contractor’s physical/virtual security and/or internal control processes. The Authorized User shall have the right to terminate an Authorized User Agreement when such a request has been denied. For example, Federal, State and local regulations and/or laws may require that Contractors operate within the Authorized User’s regulatory environment. In order to ensure that security is adequate and free of gaps in control coverage, the Authorized User may require information from the Contractor’s Service Organization Controls (SOC) audit report.