Regulated Data. No hosted storage services referenced in this document may be used to store regulated data (PII/PHI, etc.). See specific PHI/PII data definitions in Section 6.6 below. For systems managed by Service Provider under this Agreement, Service Provider agrees to follow industry standard security practices including but not limited to regular patching of operating systems and software maintained by Service Provider, centralized audit log capture and review, personnel background checks, enforcement of separation of duties, and enforcement of the principle of “least privilege.” Customer is responsible for defining any additional regulations or laws associated with the type of data stored within Service Provider systems. Such additional requirements must be documented by Customer and incorporated into this Agreement via signed amendment prior to data storage.
Appears in 2 contracts