Scope of Risk Sample Clauses
The "Scope of Risk" clause defines the range and types of risks that are covered or allocated between the parties under an agreement. It typically outlines which events, losses, or liabilities each party is responsible for, such as property damage, personal injury, or financial loss arising from specific activities. By clearly delineating these responsibilities, the clause helps prevent disputes by ensuring both parties understand their exposure and obligations, thereby allocating risk in a transparent and agreed-upon manner.
Scope of Risk. Our staff could access the message body (including file attachments) of email messages sent or received externally - if they are not encrypted - for the short time that they are written to disk and processed in the Censornet Cloud. Only a small number of our staff are involved in administration of EMS systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that processes and temporarily stores email messages. The same small number of our staff could access spam messages that are stored in a quarantine if the service is configured to quarantine messages determined to be spam. All service-related data is handled in strict accordance with Data Protection Legislation.
Scope of Risk. Our staff could access log information that contains details of user’s web browsing activity. Only a small number of our staff are involved in the administration of WS systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores web activity log data. The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.
Scope of Risk. Our staff could access log information that contains details of user’s cloud application activity. Only a small number of our staff are involved in the administration of CASB systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores cloud application activity log data. The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.
Scope of Risk. Our staff could access log information that contains details of user’s authentication (MFA) activity. Only a small number of our staff are involved in the administration of MFA systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores MFA activity log data. The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.
Scope of Risk. Only a small number of our staff are involved in administration of CEMA systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that processes and stores email messages. Our staff could access the message body (including file attachments) of email messages received - if they are errored and not encrypted - for the short time they reside in the error queue prior to being processed into the Censornet Archive Cloud. All service-related data is handled in strict accordance with Data Protection Legislation.
Scope of Risk. Only a small number of staff involved in the administration of SAT systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons, have any accessto the infrastructure that processes and stores course content and other data. • Our staff could access the email address, first name and last name of users (location and department may also optionally be stored but are not required), along with phishing simulation engagement data (date sent, date passed/failed) and course completion data (status and quiz scores). • All service-related data is handled in strict accordance with Data Protection legislation – including EU GDPR.
Scope of Risk. Our staff could access log information that contains details of user’s authentication (Cloud MFA) activity. Only a small number of our staff are involved in the administration of Cloud MFA systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores Cloud MFA activity log data. The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.
Scope of Risk. The Posture Management module requires read-only access to the connected IaaS or SaaS service. It is the responsibility of the customer to follow the documentation to create the correct permission sets and/or IAM access to the 3rd party service. • The remediation assistant uses an Open-AI based LLM and custom ChatGPT interface. It is trained based on the 3rd party service provider documentation and answers based on available data and assumes accuracy of said documentation. The assistant is programmed with specific instructions such that it will only provide answers for the specific control within the session and must ignore questions not connected with the control. • An option exists to mitigate a control that has been marked as non-compliant, for example if a non-connected 3rd party solution is in place (e.g. MFA) or the customer has accepted the risk. When the SPM user marks a control with a “Mitigated” state it is possible to activate a toggle that disables the control from future scans. If this is selected it is the responsibility of the user to ensure the mitigation solution is operational and this setting reversed should the mitigation be removed.
Scope of Risk. Our staff could access log information that contains details of user’s cloud application activity. • Only a small number of our staff are involved in the administration of CASB systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores cloud application activity log data. • An immutable audit trail tracks logins and actions executed within the USS tenant, this data is available in the “Audit Log” report. • The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.
Scope of Risk. Our staff could access log information that contains details of user’s authentication (MFA) activity. • Only a small number of our staff are involved in the administration of MFA systems, or in supporting customers using the service, or those that have access for operational or engineering (software development) reasons have any access to the infrastructure that stores MFA activity log data. • An immutable audit trail tracks logins and actions executed within the USS tenant, this data is available in the “Audit Log” report. • The USS portal supports redaction of report data and this is enabled by default for newly provisioned accounts. Our staff (other than privileged users) cannot see personal information unless you specifically disable the redact data option.