{"component": "clause", "props": {"groups": [{"snippet": "We will take reasonable steps to ensure that the Software is secure from unauthorised access consistent with generally accepted industry standards in our industry. For clarity, these obligations shall only include taking reasonable measures to:\n(a) Secure our physical premises from unauthorised access;\n(b) Restricting access to critical parts of Service infrastructure to employees, contractors and third parties who are required to have access; and\n(c) Implement recommendations from advisors provided to us from time to time in relation to securing the Software and Services.", "snippet_links": [{"key": "reasonable-steps", "type": "definition", "offset": [13, 29]}, {"key": "to-ensure", "type": "clause", "offset": [30, 39]}, {"key": "unauthorised-access", "type": "definition", "offset": [73, 92]}, {"key": "consistent-with", "type": "clause", "offset": [93, 108]}, {"key": "generally-accepted", "type": "definition", "offset": [109, 127]}, {"key": "industry-standards", "type": "definition", "offset": [128, 146]}, {"key": "our-industry", "type": "definition", "offset": [150, 162]}, {"key": "for-clarity", "type": "clause", "offset": [164, 175]}, {"key": "obligations-shall", "type": "definition", "offset": [183, 200]}, {"key": "measures-to", "type": "clause", "offset": [232, 243]}, {"key": "access-to", "type": "definition", "offset": [320, 329]}, {"key": "service-infrastructure", "type": "definition", "offset": [348, 370]}, {"key": "third-parties", "type": "clause", "offset": [401, 414]}, {"key": "from-time-to-time", "type": "clause", "offset": [511, 528]}, {"key": "in-relation-to", "type": "clause", "offset": [529, 543]}, {"key": "the-software-and-services", "type": "clause", "offset": [553, 578]}], "samples": [{"hash": "7l7t1PbLHzl", "uri": "/contracts/7l7t1PbLHzl#security-responsibilities", "label": "End User License Agreement (Eula)", "score": 28.9092712402, "published": true}], "size": 2, "hash": "1c1135716f487d49c5fbcb732a20c972", "id": 9}, {"snippet": "(a) The Customer is solely responsible for:\n(i) keeping any usernames and passwords associated with its Account for the Services secure; and\n(ii) the use of its Account, irrespective of who is using it, even if it is used without the Customer\u2019s permission.\n(b) AME agrees to keep any username and passwords associated with the Account secure.", "snippet_links": [{"key": "the-customer", "type": "clause", "offset": [4, 16]}, {"key": "responsible-for", "type": "clause", "offset": [27, 42]}, {"key": "usernames-and-passwords", "type": "clause", "offset": [60, 83]}, {"key": "associated-with", "type": "definition", "offset": [84, 99]}, {"key": "for-the-services", "type": "clause", "offset": [112, 128]}, {"key": "agrees-to", "type": "clause", "offset": [265, 274]}, {"key": "username-and-passwords", "type": "clause", "offset": [284, 306]}, {"key": "the-account", "type": "clause", "offset": [323, 334]}], "samples": [{"hash": "4VIYOel50E6", "uri": "/contracts/4VIYOel50E6#security-responsibilities", "label": "Software as a Service (Saas) and End User License Agreement (Eula)", "score": 26.3278579712, "published": true}], "size": 2, "hash": "c8991bd398ca56e55e7858830b6b19a7", "id": 8}, {"snippet": "Please see the Security Responsibilities outlined in Part 2, Section 9, above.", "snippet_links": [{"key": "the-security", "type": "clause", "offset": [11, 23]}, {"key": "part-2", "type": "definition", "offset": [53, 59]}, {"key": "section-9", "type": "clause", "offset": [61, 70]}], "samples": [{"hash": "65yY8UooWbe", "uri": "/contracts/65yY8UooWbe#security-responsibilities", "label": "Online Banking Agreement", "score": 27.96235466, "published": true}, {"hash": "2fIROMSXLHC", "uri": "/contracts/2fIROMSXLHC#security-responsibilities", "label": "Online Banking Agreement", "score": 27.96235466, "published": true}, {"hash": "gX9uzKdOxdh", "uri": "/contracts/gX9uzKdOxdh#security-responsibilities", "label": "Online Banking Agreement", "score": 27.3901443481, "published": true}], "size": 8, "hash": "a973a8cfe660d8f05027fbf256a27cc9", "id": 1}, {"snippet": "Security is only as strong as the weakest link. We therefore need to work with you, the account holder, together with any staff, children and relatives you give permission to use Tapestry to ensure the overall system is secure. This annex explains what we do and what we hope you will do. The latest copy of this annex, together with our terms and conditions are always available in the Control Panel of your copy of Tapestry. Tapestry is the name of a product that was conceived, developed and is owned by The Foundation Stage Forum Ltd., an early years organisation that has provided resources and support for the early years workforce since February 2003. We have contracts with many local authorities, some of which have been in place for ten or more years. The Foundation Stage Forum Ltd is a VAT registered, private UK limited company. Our company number is 05757213. Our registered office is at: WaterCourt \u2587\u2587 \u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587 England BN7 1XG Our VAT registration number is 932933317. You can write to us at our registered office, or email us at \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587@\u2587\u2587\u2587\u2587.\u2587\u2587\u2587\u2587. Our contracts are under English law. We have two directors: \u2587\u2587\u2587\u2587\u2587 and \u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587\u2587. \u2587\u2587\u2587\u2587\u2587 is the founder of the FSF. He worked for many years as a technical manager for the telecommunications organisation Ericsson, having completed a Masters Degree in information systems. He became interested in the early years as a result of his wife (\u2587\u2587\u2587\u2587\u2587, see below) setting up a nursery in their home, and left Ericsson to set up the FSF in 2002 as a resource and support network for the early years workforce. He has been fully occupied with the FSF ever since, conceiving and driving the development of Tapestry as a part of this commitment. \u2587\u2587\u2587\u2587\u2587 is the board member responsible for security. \u2587\u2587\u2587\u2587\u2587 has been working with young children since 1989, firstly as a primary school teacher, and then as a successful nursery owner/manager, followed by employment as a local authority advisor and university tutor, and more recently as an Ofsted inspector. She also holds the EYP status. \u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587 is our Data Protection Officer. Her direct email is \u2587\u2587\u2587@\u2587\u2587\u2587\u2587.\u2587\u2587\u2587\u2587. \u2587\u2587\u2587\u2587\u2587\u2587 joined The Foundation Stage Forum in 2014 after graduating from the University of Birmingham. She was designated our data protection officer after completing GDPR training in November 2017. We are compliant with UK and EU data protection law. We describe our approach to data protection in Annex A. To summarise it in brief: You, the Tapestry account manager, own the data you put on Tapestry. We, The Foundation Stage Forum Ltd, do not. In technical terms, you are the Data Controller, we are the Data Processor. We will only do things with data that you, or people that you give permission to, request. We will not access your data without your permission. We only use the data you enter to provide, fix and improve the service you see: an online learning journal that helps you to monitor the progress of children, communicate with parents and the government and manage your activities. To be absolutely clear: we don\u2019t use the data for marketing; we don\u2019t share the data with others to do marketing. You should be aware of your responsibilities as a data controller. You can find out more at the Information Commissioner\u2019s Office website: \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587.\u2587\u2587\u2587.\u2587\u2587/for-organisations/. You are responsible for making sure that you only put data on Tapestry where you have permission to do so. i.e., if a parent has agreed with you that no photos of their child should be taken, you are responsible for ensuring that none of the photos added to Tapestry depict that child. Only you, and those you authorise, will have access to your Tapestry accounts. You can restrict the people you authorise to only be able to view data about some children. If we need to access your account to sort out a problem you are having, we will ask your permission first. We will not give Tapestry account information, or access to your Tapestry account, to anyone other than those individuals you have set up as staff members. Relatives contacting us for access details will always be referred to you, the Tapestry account holder. Under the data protection act, individuals have a right to see a copy of information that an organisation holds about them. As the data controller, you will need to respond to those requests and we, as the data processor, will help you. This is normally easy, since you can always see and print the information you have entered. You can modify and delete the data you enter. In the common case of children leaving your setting, you can move them into a \u2018deleted\u2019 area, where (after a delay of ninety days to avoid disastrous mistakes occurring) their data will be deleted (this includes relevant pictures, videos, journals and reports). You can instruct us to delete all your data at any time. But this is all or nothing. If you just want to delete some of your data, you will need to use the Control Panel inside Tapestry to do so yourself. If you let your subscription to Tapestry lapse, we will delete all data associated with it. We delay the deletion for 90 days in case your subscription has inadvertently lapsed (e.g., it happened while you are on holiday, or there was a delay in your Local Authority paying our invoice) but if you explicitly ask us to then we will delete your data immediately. Data will remain in our backups for 90 further days. If you wish, you can instruct us to delete all your data from these backups. But it is all or nothing. We cannot delete some of your data on these backups. Once the data is deleted from our backups we can no longer recover it. We are working towards becoming independently certified as ISO 27001 compliant. When we have achieved certification we will update this contract and provide you with access to the certification. Our data centre, Amazon Web Services, has been independently certified as ISO 27001 compliant. We are careful in who we employ. All our staff with access to your data have been checked and cleared by the Disclosure and Barring Service (DBS) and we check their DBS status annually. The company that hosts our servers and databases, AWS, also vets their staff (though in practice we would never expect them to see your data). You are responsible for only giving access to Tapestry to people you trust and who actually need access. For instance, please remember to make staff inactive once they have left your service or if they are facing relevant disciplinary procedures. Please also ensure that, when you give access to relatives of children, you are careful to allocate them to the correct children, to enter their email address correctly, and to make them inactive once the child has left your setting. Our procedures are designed to minimise our access to your data. For example, we wouldn\u2019t log into your account without your permission and even then would only do so if it was necessary to resolve a fault or problem you were experiencing. We are similarly careful with our suppliers. The company that hosts our servers and databases, AWS, operates on a similar principle of minimal access. They are ISO27001 accredited, which means they have a complete and appropriate set of security procedures. We would never expect them to need access to your data. It is important that you think about your procedures for what sort of data you put on Tapestry and what you allow your staff, children and relatives to do with it. For instance, you should think about: \u2022 Whether you give all staff access to data about all children, or just some children. \u2022 When it is appropriate for your staff to take and share photos and videos. \u2022 Whether you give access to children in school or at home, what guidance you give them about what is acceptable to add and what you will do if they add inappropriate material. \u2022 What instructions you should give to parents as to what is appropriate for them to add, and what they may do with material that you add (e.g., insisting no photos are uploaded to social media sites by parents without the written permission of the parents whose children are depicted in photos, videos or text.)", "snippet_links": [{"key": "need-to-work", "type": "definition", "offset": [61, 73]}, {"key": "the-account-holder", "type": "clause", "offset": [84, 102]}, {"key": "permission-to-use", "type": "clause", "offset": [161, 178]}, {"key": "to-ensure", "type": "clause", "offset": [188, 197]}, {"key": "overall-system", "type": "clause", "offset": [202, 216]}, {"key": "this-annex", "type": "clause", "offset": [228, 238]}, {"key": "terms-and-conditions", "type": "definition", "offset": [338, 358]}, {"key": "always-available", "type": "definition", "offset": [363, 379]}, {"key": "control-panel", "type": "clause", "offset": [387, 400]}, {"key": "owned-by", "type": "definition", "offset": [498, 506]}, {"key": "the-foundation", "type": "clause", "offset": [507, 521]}, {"key": "an-early", "type": "clause", "offset": [540, 548]}, {"key": "resources-and-support", "type": "clause", "offset": [586, 607]}, {"key": "the-early-years", "type": "definition", "offset": [612, 627]}, {"key": "contracts-with", "type": "clause", "offset": [667, 681]}, {"key": "local-authorities", "type": "clause", "offset": [687, 704]}, {"key": "in-place", "type": "clause", "offset": [730, 738]}, {"key": "ten-or-more-years", "type": "clause", "offset": [743, 760]}, {"key": "limited-company", "type": "clause", "offset": [825, 840]}, {"key": "our-company", "type": "clause", "offset": [842, 853]}, {"key": "registered-office", "type": "definition", "offset": [878, 895]}, {"key": "vat-registration-number", "type": "definition", "offset": [955, 978]}, {"key": "english-law", "type": "clause", "offset": [1106, 1117]}, {"key": "technical-manager", "type": "definition", "offset": [1232, 1249]}, {"key": "information-systems", "type": "definition", "offset": [1337, 1356]}, {"key": "setting-up", "type": "clause", "offset": [1441, 1451]}, {"key": "support-network", "type": "definition", "offset": [1539, 1554]}, {"key": "development-of", "type": "clause", "offset": [1665, 1679]}, {"key": "board-member", "type": "clause", "offset": [1732, 1744]}, {"key": "responsible-for", "type": "clause", "offset": [1745, 1760]}, {"key": "working-with", "type": "definition", "offset": [1786, 1798]}, {"key": "primary-school", "type": "clause", "offset": [1839, 1853]}, {"key": "local-authority", "type": "clause", "offset": [1939, 1954]}, {"key": "our-data-protection-officer", "type": "clause", "offset": [2074, 2101]}, {"key": "the-university", "type": "definition", "offset": [2209, 2223]}, {"key": "november-2017", "type": "clause", "offset": [2320, 2333]}, {"key": "eu-data-protection-law", "type": "definition", "offset": [2364, 2386]}, {"key": "our-approach", "type": "clause", "offset": [2400, 2412]}, {"key": "account-manager", "type": "definition", "offset": [2488, 2503]}, {"key": "technical-terms", "type": "clause", "offset": [2586, 2601]}, {"key": "the-data-controller", "type": "definition", "offset": [2611, 2630]}, {"key": "data-processor", "type": "definition", "offset": [2643, 2657]}, {"key": "your-data", "type": "definition", "offset": [2769, 2778]}, {"key": "to-provide", "type": "clause", "offset": [2835, 2845]}, {"key": "the-service", "type": "clause", "offset": [2863, 2874]}, {"key": "online-learning", "type": "clause", "offset": [2887, 2902]}, {"key": "with-parents", "type": "clause", "offset": [2975, 2987]}, {"key": "and-the-government", "type": "definition", "offset": [2988, 3006]}, {"key": "your-activities", "type": "definition", "offset": [3018, 3033]}, {"key": "your-responsibilities", "type": "clause", "offset": [3172, 3193]}, {"key": "information-commissioner", "type": "definition", "offset": [3245, 3269]}, {"key": "office-website", "type": "definition", "offset": [3272, 3286]}, {"key": "you-are-responsible", "type": "clause", "offset": [3327, 3346]}, {"key": "a-parent", "type": "definition", "offset": [3443, 3451]}, {"key": "you-authorise", "type": "clause", "offset": [3633, 3646]}, {"key": "the-people", "type": "definition", "offset": [3709, 3719]}, {"key": "access-your-account", "type": "clause", "offset": [3798, 3817]}, {"key": "account-information", "type": "clause", "offset": [3917, 3936]}, {"key": "staff-members", "type": "definition", "offset": [4032, 4045]}, {"key": "contacting-us", "type": "clause", "offset": [4057, 4070]}, {"key": "access-details", "type": "definition", "offset": [4075, 4089]}, {"key": "data-protection-act", "type": "clause", "offset": [4161, 4180]}, {"key": "right-to", "type": "clause", "offset": [4201, 4209]}, {"key": "of-information", "type": "definition", "offset": [4221, 4235]}, {"key": "respond-to", "type": "definition", "offset": [4316, 4326]}, {"key": "at-any-time", "type": "clause", "offset": [4832, 4843]}, {"key": "your-subscription", "type": "clause", "offset": [5004, 5021]}, {"key": "associated-with", "type": "definition", "offset": [5065, 5080]}, {"key": "in-case", "type": "clause", "offset": [5119, 5126]}, {"key": "iso-27001", "type": "definition", "offset": [5694, 5703]}, {"key": "this-contract", "type": "clause", "offset": [5766, 5779]}, {"key": "the-certification", "type": "clause", "offset": [5811, 5828]}, {"key": "data-centre", "type": "clause", "offset": [5834, 5845]}, {"key": "amazon-web-services", "type": "clause", "offset": [5847, 5866]}, {"key": "disclosure-and-barring-service", "type": "clause", "offset": [6034, 6064]}, {"key": "the-company", "type": "clause", "offset": [6111, 6122]}, {"key": "our-servers", "type": "definition", "offset": [6134, 6145]}, {"key": "in-practice", "type": "clause", "offset": [6196, 6207]}, {"key": "please-remember-to", "type": "clause", "offset": [6373, 6391]}, {"key": "your-service", "type": "clause", "offset": [6432, 6444]}, {"key": "disciplinary-procedures", "type": "definition", "offset": [6476, 6499]}, {"key": "to-enter", "type": "definition", "offset": [6631, 6639]}, {"key": "email-address", "type": "clause", "offset": [6646, 6659]}, {"key": "the-child", "type": "clause", "offset": [6702, 6711]}, {"key": "for-example", "type": "definition", "offset": [6800, 6811]}, {"key": "security-procedures", "type": "clause", "offset": [7212, 7231]}, {"key": "your-staff", "type": "clause", "offset": [7403, 7413]}, {"key": "access-to-data", "type": "clause", "offset": [7520, 7534]}, {"key": "all-children", "type": "clause", "offset": [7541, 7553]}, {"key": "photos-and-videos", "type": "clause", "offset": [7636, 7653]}, {"key": "access-to-children", "type": "definition", "offset": [7674, 7692]}, {"key": "at-home", "type": "definition", "offset": [7706, 7713]}, {"key": "inappropriate-material", "type": "clause", "offset": [7808, 7830]}, {"key": "social-media-sites", "type": "clause", "offset": [8013, 8031]}, {"key": "written-permission", "type": "definition", "offset": [8055, 8073]}, {"key": "the-parents", "type": "clause", "offset": [8077, 8088]}], "samples": [{"hash": "lcMWNZAplfF", "uri": "/contracts/lcMWNZAplfF#security-responsibilities", "label": "Contract for the Tapestry Online Learning Journal", "score": 32.4257087708, "published": true}, {"hash": "axbvtSkSIQM", "uri": "/contracts/axbvtSkSIQM#security-responsibilities", "label": "Contract for the Tapestry Online Learning Journal", "score": 32.4017181396, "published": true}], "size": 7, "hash": "a34d861d5f881f625edbf3d9c5fb7b75", "id": 2}, {"snippet": "(a) Anaplan is responsible for implementing and maintaining the technical and organizational measures for the Anaplan Service as described in the security standards designed to help Client secure Personal Data against unauthorized Processing and accidental or unlawful loss, access or disclosure, which can be found in Schedule II (Technical and Organizational Security Measures) and at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/policies/security.\n(b) Client acknowledges that the security measures are subject to technical progress and development and that Anaplan may update or modify the security measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Service provided to Client.", "snippet_links": [{"key": "responsible-for", "type": "clause", "offset": [15, 30]}, {"key": "technical-and-organizational-measures", "type": "definition", "offset": [64, 101]}, {"key": "anaplan-service", "type": "definition", "offset": [110, 125]}, {"key": "security-standards", "type": "definition", "offset": [146, 164]}, {"key": "personal-data", "type": "definition", "offset": [196, 209]}, {"key": "schedule-ii", "type": "definition", "offset": [319, 330]}, {"key": "technical-and-organizational-security-measures", "type": "clause", "offset": [332, 378]}, {"key": "subject-to", "type": "definition", "offset": [491, 501]}, {"key": "technical-progress", "type": "clause", "offset": [502, 520]}, {"key": "and-development", "type": "clause", "offset": [521, 536]}, {"key": "from-time-to-time", "type": "clause", "offset": [597, 614]}, {"key": "provided-that", "type": "definition", "offset": [616, 629]}, {"key": "updates-and-modifications", "type": "clause", "offset": [635, 660]}, {"key": "the-service-provided", "type": "clause", "offset": [721, 741]}, {"key": "to-client", "type": "definition", "offset": [742, 751]}], "samples": [{"hash": "6El1ZTo6SHA", "uri": "/contracts/6El1ZTo6SHA#security-responsibilities", "label": "Data Processing Addendum", "score": 36.0299339294, "published": true}, {"hash": "gD1OmoonzKE", "uri": "/contracts/gD1OmoonzKE#security-responsibilities", "label": "Data Processing Addendum", "score": 34.6668167114, "published": true}, {"hash": "7GG5qOBcMms", "uri": "/contracts/7GG5qOBcMms#security-responsibilities", "label": "Data Processing Addendum", "score": 33.1851196289, "published": true}], "size": 3, "hash": "4cc79484ffd33a9170aeb693cf06a49d", "id": 3}, {"snippet": "Anaplan is responsible for implementing and maintaining the technical and organizational measures for the Anaplan Service as described in the security standards designed to help Client secure Personal Data against unauthorized processing and accidental or unlawful loss, access or disclosure, which can be found at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/policies/security.", "snippet_links": [{"key": "responsible-for", "type": "clause", "offset": [11, 26]}, {"key": "technical-and-organizational-measures", "type": "definition", "offset": [60, 97]}, {"key": "anaplan-service", "type": "definition", "offset": [106, 121]}, {"key": "security-standards", "type": "definition", "offset": [142, 160]}, {"key": "personal-data", "type": "definition", "offset": [192, 205]}], "samples": [{"hash": "hETZIDEmm1P", "uri": "/contracts/hETZIDEmm1P#security-responsibilities", "label": "Data Processing Addendum", "score": 30.1492977142, "published": true}, {"hash": "5oBp8Qn0ODo", "uri": "/contracts/5oBp8Qn0ODo#security-responsibilities", "label": "Data Processing Addendum", "score": 29.6961154938, "published": true}, {"hash": "4FdtWzRWJMb", "uri": "/contracts/4FdtWzRWJMb#security-responsibilities", "label": "Data Processing Addendum", "score": 25.4435310364, "published": true}], "size": 3, "hash": "55cd1f017f5585023ed505570f258e9d", "id": 4}, {"snippet": "Both parties shall:", "snippet_links": [{"key": "both-parties", "type": "definition", "offset": [0, 12]}], "samples": [{"hash": "5NhtcU5uQai", "uri": "/contracts/5NhtcU5uQai#security-responsibilities", "label": "Interconnection Security Agreement (Isa)", "score": 25.8870639801, "published": true}, {"hash": "s6DhMF33mF", "uri": "/contracts/s6DhMF33mF#security-responsibilities", "label": "Interconnection Security Agreement (Isa)", "score": 24.2895278931, "published": true}, {"hash": "avJk1xMYHag", "uri": "/contracts/avJk1xMYHag#security-responsibilities", "label": "Interconnection Security Agreement (Isa)", "score": 24.2758388519, "published": true}], "size": 3, "hash": "43468156f0ebbf8b70a2b1a5687d5954", "id": 5}, {"snippet": "The parties hereto may from time to time employ or contract with security rendering agencies for the purpose of protecting the property of the respective party. Each party understands and agrees that the security personnel of one party shall have no obligation to protect the property or persons of the other party, except as required under applicable FAA regulations, and that any attempt or action undertaken by the security personnel of one party shall be gratuitous only, and each party waives any right to impose liability on the other party for any act or omission of the security personnel or of the other for damage which may occur as a result of such act or omission.", "snippet_links": [{"key": "the-parties-hereto", "type": "clause", "offset": [0, 18]}, {"key": "from-time-to-time", "type": "clause", "offset": [23, 40]}, {"key": "for-the-purpose-of", "type": "definition", "offset": [93, 111]}, {"key": "the-property", "type": "clause", "offset": [123, 135]}, {"key": "each-party", "type": "clause", "offset": [161, 171]}, {"key": "security-personnel", "type": "definition", "offset": [204, 222]}, {"key": "one-party", "type": "definition", "offset": [226, 235]}, {"key": "obligation-to-protect", "type": "clause", "offset": [250, 271]}, {"key": "other-party", "type": "definition", "offset": [303, 314]}, {"key": "as-required", "type": "clause", "offset": [323, 334]}, {"key": "faa-regulations", "type": "definition", "offset": [352, 367]}, {"key": "right-to", "type": "clause", "offset": [502, 510]}, {"key": "act-or-omission", "type": "definition", "offset": [555, 570]}], "samples": [{"hash": "73hN4McpOlt", "uri": "/contracts/73hN4McpOlt#security-responsibilities", "label": "Charter Airline Operating Agreement", "score": 29.9468784332, "published": true}, {"hash": "hvCeRUUYaWi", "uri": "/contracts/hvCeRUUYaWi#security-responsibilities", "label": "Airline Operating Agreement", "score": 29.9385204315, "published": true}], "size": 2, "hash": "ce5517062feaec482186e9a25a1f539c", "id": 6}, {"snippet": "Security Officers are responsible for monitoring other employees and protect the property of the employer and have an obligation to report.", "snippet_links": [{"key": "security-officers", "type": "clause", "offset": [0, 17]}, {"key": "responsible-for", "type": "clause", "offset": [22, 37]}, {"key": "other-employees", "type": "clause", "offset": [49, 64]}, {"key": "property-of-the-employer", "type": "clause", "offset": [81, 105]}, {"key": "obligation-to-report", "type": "clause", "offset": [118, 138]}], "samples": [{"hash": "kGXDeezLhhK", "uri": "/contracts/kGXDeezLhhK#security-responsibilities", "label": "Collective Agreement", "score": 17.4640655518, "published": true}, {"hash": "14ITXx3Js9n", "uri": "/contracts/14ITXx3Js9n#security-responsibilities", "label": "Collective Agreement", "score": 17.0, "published": true}], "size": 2, "hash": "6eadf971f5a5ae837da9fca34f622905", "id": 7}, {"snippet": "The Client is responsible for the operation and the security of all el- ements of its computer systems for which the Provider has not ex- pressly accepted responsibility in writing. The Client shall implement suitable security measures in organisational and technical terms, in particular in connection with the allocation of access passwords, data transmission, malware and other security-relevant aspects. In addi- tion, the Client shall have appropriate data security policies and shall also execute the same regularly.", "snippet_links": [{"key": "responsible-for", "type": "clause", "offset": [14, 29]}, {"key": "the-operation", "type": "clause", "offset": [30, 43]}, {"key": "security-of", "type": "clause", "offset": [52, 63]}, {"key": "computer-systems", "type": "clause", "offset": [86, 102]}, {"key": "the-provider", "type": "definition", "offset": [113, 125]}, {"key": "in-writing", "type": "definition", "offset": [170, 180]}, {"key": "the-client-shall", "type": "clause", "offset": [182, 198]}, {"key": "security-measures", "type": "clause", "offset": [218, 235]}, {"key": "technical-terms", "type": "clause", "offset": [258, 273]}, {"key": "in-particular", "type": "clause", "offset": [275, 288]}, {"key": "in-connection-with", "type": "clause", "offset": [289, 307]}, {"key": "allocation-of", "type": "clause", "offset": [312, 325]}, {"key": "access-passwords", "type": "definition", "offset": [326, 342]}, {"key": "data-transmission", "type": "definition", "offset": [344, 361]}, {"key": "other-security", "type": "definition", "offset": [375, 389]}, {"key": "data-security-policies", "type": "definition", "offset": [457, 479]}], "samples": [{"hash": "hV8beZSrn7d", "uri": "/contracts/hV8beZSrn7d#security-responsibilities", "label": "General Terms and Conditions", "score": 20.5797405243, "published": true}], "size": 2, "hash": "4ed02415b4947e0a3e26f1c410f09df6", "id": 10}], "next_curs": "CmISXGoVc35sYXdpbnNpZGVyY29udHJhY3Rzcj4LEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiJzZWN1cml0eS1yZXNwb25zaWJpbGl0aWVzIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"parents": [["definitions", "Definitions"], ["mobile-banking-service", "Mobile Banking Service"], ["the-services", "The Services"], ["accounts-and-permitted-users", "Accounts and Permitted Users"], ["union-representation", "UNION REPRESENTATION"]], "title": "Security Responsibilities", "children": [["security-committee-sc", "Security Committee (SC)"], ["national-security-authority-nsa", "National Security Authority (NSA)"], ["nato-civil-bodies", "NATO Civil Bodies"], ["nato-military-committee-and-nato-military-bodies", "NATO Military Committee and NATO Military Bodies"], ["cis-security", "CIS Security"]], "size": 53, "id": "security-responsibilities", "related": [["city-responsibilities", "City Responsibilities", "City Responsibilities"], ["agency-responsibilities", "Agency Responsibilities", "Agency Responsibilities"], ["university-responsibilities", "University Responsibilities", "University Responsibilities"], ["vendor-responsibilities", "Vendor Responsibilities", "Vendor Responsibilities"], ["custodial-responsibilities", "Custodial Responsibilities", "Custodial Responsibilities"]], "related_snippets": [], "updated": "2025-07-17T06:09:22+00:00", "also_ask": ["What minimum security standards should be explicitly required in this clause?", "How can liability for security breaches be fairly allocated between parties?", "What are the most common pitfalls in drafting enforceable security obligations?", "How does this clause compare to industry best practices and regulatory requirements?", "What evidence is typically needed to prove compliance or breach of security responsibilities in court?"], "drafting_tip": "Specify each party\u2019s security obligations to prevent misunderstandings, allocate liability for breaches to clarify risk, and require compliance with industry standards to ensure enforceability.", "explanation": "The Security Responsibilities clause defines the obligations and duties of each party regarding the protection of data, systems, and information assets. It typically outlines specific security measures that must be implemented, such as access controls, encryption, regular security audits, and incident response protocols. By clearly assigning responsibility for maintaining security standards, this clause helps prevent data breaches and ensures accountability, thereby reducing the risk of unauthorized access or loss of sensitive information."}, "json": true, "cursor": ""}}