Common use of Security Practices and Procedures Clause in Contracts

Security Practices and Procedures. Screencastify has implemented the following security controls intended to provide reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the PII in its custody: a. Screencastify has designated a privacy officer responsible for information security governance and maintains privacy policies and practices that support compliance with the Family Educational Rights and Privacy Act (“FERPA”), the Children's Online Privacy Protection Act (“COPPA”) and other applicable laws. b. PII is hosted in Google Cloud data centers located in the United States that maintain their own rigorous industry standard certifications and compliance offerings. c. Screencastify will comply with its privacy policy at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy/policy. d. All provisions of the Customer’s Parents’ Bill of Rights for data privacy and security as required by New York Ed Law 2d are incorporated into this Plan. e. Screencastify provides regular privacy and security awareness training, including training on applicable laws that govern the handling of PII, to its employees who will have access to PII. f. Screencastify limits internal access to education records and PII to those individuals that are determined to have legitimate educational interests within the meaning of §2-d and FERPA; e.g., the individual needs access to the PII in order to fulfill his or her responsibilities in performing services to the Customer; g. Screencastify uses encryption technology and other suitable means to protect the PII in Screencastify’s custody, whether in motion or at rest, from unauthorized disclosure using a technology or methodology specified by the secretary of the U.S. Department of Health and Human Services in guidance issued under P.L. 111-5, Section 13402(H)(2), or any other technology or methodology specifically authorized by applicable statute, regulation or the New York State Education Department; h. If Screencastify becomes aware of any breach of security resulting in an unauthorized release of Customer’s PII by Screencastify or its subcontractors, Screencastify will notify Customer as required by applicable law or otherwise where Screencastify deems necessary to protect the safety and security of PII. i. Screencastify uses a minimum encryption of AES256 for all data at rest and a minimum of TLS 1.3 for all data in transit.

Security Practices and Procedures. Screencastify has implemented the following security controls intended to provide reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the PII in its custody: a. A. Screencastify has designated a privacy officer responsible for information security governance and maintains privacy policies and practices that support compliance with the Family Educational Rights and Privacy Act (“FERPA”), the Children's Online Privacy Protection Act (“COPPA”) and other applicable laws. b. B. PII is hosted in Google Cloud data centers located in the United States that maintain their own rigorous industry standard certifications and compliance offerings. c. C. Screencastify will comply with its privacy policy at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/privacy/policy.▇▇▇▇▇/▇▇▇▇▇▇▇ d. D. All provisions of the Customer’s Parents’ Bill of Rights for data privacy and security as required by New York Ed Law 2d are incorporated into this PlanExhibit. e. E. Screencastify provides regular privacy and security awareness training, including training on applicable laws that govern the handling of PII, to its employees who will have access to PII. f. F. Screencastify limits internal access to education records and PII to those individuals that are determined to have legitimate educational interests within the meaning of §2-2- d and FERPA; e.g., the individual needs access to the PII in order to fulfill his or her responsibilities in performing services to the Customer; g. G. Screencastify uses encryption technology and other suitable means to protect the PII in Screencastify’s custody, whether in motion or at rest, from unauthorized disclosure using a technology or methodology specified by the secretary of the U.S. Department of Health and Human Services in guidance issued under P.L. 111-5, Section 13402(H)(2), or any other technology or methodology specifically authorized by applicable statute, regulation or the New York State Education Department; h. H. If Screencastify becomes aware of any breach of security resulting in an unauthorized release of Customer’s PII by Screencastify or its subcontractors, Screencastify will notify Customer as required by applicable law or otherwise where Screencastify deems necessary to protect the safety and security of PII. i. I. Screencastify uses a minimum encryption of AES256 for all data at rest and a minimum of TLS 1.3 for all data in transit. J. Screencastify has dedicated employee resources charged with maintaining necessary and reasonable security controls to protect student data. The company maintains a comprehensive information security policy aligned with the controls set forth in NIST CSF v. 1.1 and relies on a combination of monitoring of data systems (such as vulnerability scans and detection processes) and access controls (for example, least privilege principles) to help ensure the security of data systems.