Privacy and Security Safeguards. (i) The Managed Service Provider shall implement reasonable and appropriate measures to secure the Purchaser’s data and content against accidental or unlawful loss, access or disclosure. (ii) If the data is classified as sensitive / confidential / restricted, the Managed Service Provider shall ensure that the data is encrypted as part of a standard security process for sensitive / confidential / restricted content or choose the right cryptographic algorithms evaluating security, performance, and compliance requirements specific to the Purchaser’s application and may choose from multiple key management options approved by the Purchaser. (iii) The Managed Service Provider shall notify the Purchaser promptly in the event of security incidents or intrusions, or requests from foreign governments / their agencies for access to the data, to enable the Purchaser to manage these events proactively. (iv) The Managed Service Provider shall not delete any data at the end of the Agreement/Contract (for a maximum of 45 days beyond the expiry of the Agreement) without the express approval of the Purchaser. After the approval to delete the data is accorded by the Purchaser, the Managed Service Provider shall ensure that all the storage blocks or multiple copies of data, if any, are unallocated or zeroed out so that it cannot be recovered. If due to some regulatory reasons, it is required to securely decommission data, the Purchaser can implement data encryption at rest using Purchaser’s managed keys, which are not stored in the Cloud. Then Purchaser may delete the key used to protect the decommissioned data, making it irrecoverable. (v) The Managed Service Provider shall report to the Purchaser, in writing, of information security breaches by unauthorized persons (including unauthorized persons who are employees of any Party) either to gain access to or interfere with the Project's Data, facilities or Confidential Information. (vi) The Managed Service Provider shall undertake to treat information passed on to it under this Agreement/Contract as classified. Such Information shall not be communicated / published / advertised by the Managed Service Provider to any person/organization without the express permission of the Purchaser. (vii) The Managed Service Provider shall not use/process the service attributes and data associated with Cloud and managed services for the purposes beyond the scope of the current project.
Appears in 2 contracts