Common use of Security and Data Protection Clause in Contracts

Security and Data Protection. 14.1 Questionmark shall maintain information and physical security policies and procedures to protect the Customer Data consistent with good industry practice. 14.2 Questionmark represents that it is certified by a reputable third party against the ISO 27001 standard or a comparable successor standard, and that its production data centre used to deliver assessments is also audited against the SSAE 18 or ISO 27001 standards or comparable successor standards. On written request, Questionmark shall provide to Customer copies of its certificates and other reasonably requested documentation about its security. 14.3 Questionmark shall use reasonable efforts to respond to Customer questions regarding Questionmark’s security practices. Any reports, summaries thereof or information provided pursuant to this clause 14 is Confidential Information of Questionmark. 14.4 Questionmark shall use commercially reasonable efforts not to include in the Services any computer viruses, malware, disabling devices or contaminants the purpose of which is to damage Customer’s computer systems (“Contaminants”), the parties agreeing that any feature of the software that monitors the service configuration or disables access to the software at the end of the Term is not a Contaminant. 14.5 The parties shall comply with their respective obligations as detailed in Schedule 1.

Security and Data Protection. 14.1 13.1 Questionmark shall maintain information and physical security policies and procedures to protect the Customer Data consistent with good industry practice. 14.2 13.2 Questionmark represents that it is certified by a reputable third party against the ISO 27001 standard or a comparable successor standard, and that its production data centre used to deliver assessments Assessments is also audited against the SSAE 18 or ISO 27001 standards or comparable successor standards. On written request, Questionmark shall provide to Customer copies of its certificates and other reasonably requested documentation about its securitysecurity documentation. 14.3 13.3 Questionmark shall use reasonable efforts to respond to Customer questions regarding Questionmark’s its security practices. Any reports, summaries thereof or information provided pursuant to this clause 14 is Questionmark Confidential Information of QuestionmarkInformation. 14.4 13.4 Questionmark shall use commercially reasonable efforts not to include in the Services OnDemand Service any computer viruses, malware, disabling devices or contaminants the purpose of which is to damage Customer’s computer systems (“Contaminants”), the parties agreeing that any . Any feature of the software OnDemand Service that monitors the service configuration Service Configuration or disables access to the software OnDemand Service at the end of the Term is not a Contaminant. 14.5 13.5 The parties Parties shall comply with their respective obligations as detailed in Schedule 13.