Security and Audit. 5.1 Sage shall implement and maintain appropriate technical and organisational security measures appropriate to the risks presented by the relevant Processing activity to protect the Customer Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage or disclosure. Sage operates, maintains and enforces an information security management programme (“Security Program”) which is consistent with recognized industry best practice. The Security Program contains appropriate administrative, physical, technical and organizational safeguards, policies and controls in the following areas: 5.1.1 information security policies; 5.1.2 organization of information security; 5.1.3 human resources security; 5.1.4 asset management; 5.1.5 access control; 5.1.6 cryptography; 5.1.7 physical and environmental security; 5.1.8 operations security; 5.1.9 communications security; 5.1.10 system acquisition, development and maintenance; 5.1.11 supplier relationships; 5.1.12 information security incident management; 5.1.13 information security aspects of business continuity management; 5.1.14 legislative, regulatory and contractual compliance. 5.2 Subject to any existing obligations of confidentiality owed to other parties, Sage shall make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Exhibit A, which may include a summary of any available third party security audit report, or shall, at your sole cost and expense (including, for the avoidance of doubt any expenses reasonably incurred by us), allow for and contribute to independent audits, including inspections, conducted by a suitably-qualified third party auditor mandated by you and approved by Sage.
Appears in 2 contracts
Sources: Software License Agreement, Software License Agreement