Common use of Information Security and Confidentiality Clause in Contracts

Information Security and Confidentiality. 5.1. Data Processor shall fulfil any legal obligations imposed on it regarding information security under applicable data protection laws including taking appropriate technical and organisational measures to protect the Personal Data which is processed. 5.2. Data Processor agrees to maintain a level of security for the Services that is in accordance with (i) industry practice, (ii) applicable data protection laws (including putting in place reasonable administrative, physical, technical, organisational and other security measures to protect against unauthorised access to, or loss, destruction, unavailability or alteration of any Customer Personal Data processed or stored), and (iii) the latest version of Data Processor's “Standard Policies and Procedures - Information Security Overview” available at ▇▇▇.▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇. Data Processor may update the Information Security Overview from time to time, provided however, that any changes will not degrade the overall level of security. 5.3. Data Processor undertakes not to, without Data Controller's prior written consent, disclose or otherwise make Personal Data processed under this DPA available to any third party, except for sub-processors engaged in accordance with this DPA, unless Data Processor is compelled by law so to disclose or otherwise make it available. 5.4. Data Processor shall ensure that only such staff and other Data Processor representatives that require access to Personal Data in order to fulfil the Data Processor's obligations have access to such information. Data Processor shall ensure that such staff and other Data Processor representatives are bound by a statutory or contractual confidentiality obligation concerning this information.

Information Security and Confidentiality. 5.1. Data Processor shall be obligated to fulfil any legal obligations imposed on it regarding information security under applicable data protection laws including taking and shall in any case take appropriate technical and organisational organizational measures to protect the Personal Data personal data which is processed. 5.2. Data Processor agrees to maintain a level of security for the Services that is in accordance with (i) industry practice, (ii) applicable data protection laws (including putting in place reasonable administrative, physical, technical, organisational and other security measures to protect against unauthorised unauthorized access to, or loss, destruction, unavailability or alteration of any Customer Personal Data personal data processed or stored), and (iii) the latest version of Data Processor's “Standard Policies and Procedures - Information Security Overview” available at ▇▇▇.▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇. Data Processor may update the Information Security Overview from time to time, provided however, that any changes will not materially degrade the overall level of securityinformation security policies and procedures in place. 5.3. Data Processor undertakes not to, without Data Controller's prior written consent, disclose or otherwise make Personal Data personal data processed under this DPA Data Processing Agreement available to any third party, except for sub-processors engaged in accordance with this DPAdata processing agreement, unless Data Processor is compelled by law so to disclose or otherwise make it available. 5.4. Data Processor shall be obliged to ensure that only such staff and other Data Processor representatives that directly require access to Personal Data personal data in order to fulfil the Data Processor's obligations in accordance with this data processor agreement have access to such information. Data Processor shall ensure that such staff and other Data Processor representatives are bound by a statutory or contractual confidentiality obligation concerning this informationinformation to the same extent as Data Processor in accordance with this data processing agreement.