Scope and Content. Each Party will develop, implement, maintain and enforce a written information privacy and security program (“Security Program”) that (i) complies with an Industry Recognized Framework, (ii) includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of Personal Information and (iii) is appropriate to the nature, size and complexity of each Party’s business operations. “Industry Recognized Framework” means a global industry recognized information security management system (“ISMS”), such as ISMS standard ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements, as published by the International Organization for Standardization and the International Electrotechnical Commission (“ISO 27001”) and the Control Objectives for Information and related Technology best practices framework established by the Information Systems and Control Association and the IT Governance Institute (“COBIT”).
Appears in 2 contracts
Sources: Operating Agreement, Operating Agreement (PayPal Holdings, Inc.)