Technical Controls. PTV, employees of PTV and subcontractors of PTV (collectively employees and subcontractors of PTV are “PTV’s Personnel”) will implement and maintain appropriate technical, logical, administrative, physical, human and organizational measures (such as training and monitoring) and other protections for Customer’s Confidential Information, which PTV expressly acknowledges includes sensitive information and PII, and such measures and protections shall take into account any change in the nature of the data, expanded or different definitions of PII, and shall be in accordance with applicable law, industry standards and federal and state agency guidelines, as such standards, law and guidelines may evolve, including but not limited to controls consistent with and adopted pursuant to DoD, ISO 22301, 27001 and 27002, NIST, the NIST Cybersecurity Framework, and regulatory action and guidance by the Federal Trade Commission, including, without limitation and by example only: (i) host and network based intrusion detection systems, penetration tests (conducted through the use of a vendor other than PTV ); (ii) controls against unauthorized access (including, without limitation, viruses and malicious software); (iii) encryption of all Customer PII in transit electronically; and (iv) controls preventing the loading of Customer PII on any laptop computers, USB drives or other portable storage media, unless such Customer PII is encrypted and the loading of such Customer PII on such portable storage media is necessary for PTV to perform under the contract. In regard to Section 2(A)(i) of this Agreement, above, Customer, within its sole discretion and cost, shall select the third party PTV to conduct its own independent penetration and/or vulnerability testing of the PTV Cloud Service at its own expense.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement