Common use of Information Security Measures Clause in Contracts

Information Security Measures. In addition to, and not in lieu of, any information security requirements set forth in the Agreements, Supplier shall implement appropriate technical, administrative and organizational measures to ensure that Personal Data is protected against accidental or unlawful Processing, destruction, loss, alteration, unauthorized disclosure of, or access to such Personal Data, and such measures to the extent appropriate under the circumstances and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing shall include but not limited to the requirements of the Information Security and Privacy Requirements found here: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/en-us/about/doing-business-with-CenturyLink.html, as well as: a. Pseudonymizing and/or encrypting Personal Data; b. Reasonable steps to ensure reliability and integrity of any Supplier personnel or permitted Sub- Processor who have access to Personal Data and appropriate measures to ensure that such parties are informed of the confidential nature of Personal Data and comply with the obligations set forth in this Addendum; c. Testing, assessing and evaluating the effectiveness of information systems for ensuring the security of Processing; d. Reasonable steps to ensure the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and e. Reasonable steps to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services utilized to Process Personal Data.

Information Security Measures. In addition to, and not in lieu of, any information security requirements set forth in the Agreements, Supplier shall implement appropriate technical, administrative and organizational measures to ensure that Personal Data is protected against accidental or unlawful Processing, destruction, loss, alteration, unauthorized disclosure of, or access to such Personal Data, and such measures to the extent appropriate under the circumstances and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing shall include but not limited to the requirements of the Information Security and Privacy Requirements found here: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/en-us/about/doing-business-with-CenturyLink.htmlLumen.html, as well as: a. Pseudonymizing and/or encrypting Personal Data; b. Reasonable steps to ensure reliability and integrity of any Supplier personnel or permitted Sub- Processor who have access to Personal Data and appropriate measures to ensure that such parties are informed of the confidential nature of Personal Data and comply with the obligations set forth in this Addendum; c. Testing, assessing and evaluating the effectiveness of information systems for ensuring the security of Processing; d. Reasonable steps to ensure the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and e. Reasonable steps to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services utilized to Process Personal Data.