Common use of Third Party Management Clause in Contracts

Third Party Management. 16.1 Vendor has policies and supporting procedures to ensure that information assets are protected when Vendor engages third party service providers and/or processors (sub-processors). This includes requirements for information security due diligence and information security risk assessments to be performed to ensure: (a) Information Security requirements are clearly articulated and documented in the agreements with Vendor processors; (b) Vendor processors implement the same level of protection and control as Vendor; (c) Processors are required to report any suspected or actual information security incidents to Vendor promplty. 16.2 Vendor has undertaken reasonable efforts to ensure that appropriate written agreements are in place with processors who have access to Personal Data, NTT information, applications, systems, databases and infrastructure. These agreements include information security standards for ensuring the confidentiality, integrity and availability of Personal Data and NTT information. 17.1 Vendor has policies, processes and procedures for identifying, detecting, responding, recovering and notifying appropriate stakeholders in the event of an information security incident, including Personal Data breaches. This includes mechanisms for performing a root cause analysis and undertaking corrective actions.

Third Party Management. 16.1 Vendor has policies and supporting procedures to ensure that information assets are protected when Vendor engages third party service providers and/or processors (sub-processors). This includes requirements for information security due diligence and information security risk assessments to be performed to ensure: (a) Information Security requirements are clearly articulated and documented in the agreements with Vendor processors; (b) Vendor processors implement the same level of protection and control as Vendor; (c) Processors are required to report any suspected or actual information security incidents to Vendor prompltypromptly. 16.2 Vendor has undertaken reasonable efforts to ensure that appropriate written agreements are in place with processors who have access to Personal Data, NTT information, applications, systems, databases and infrastructure. These agreements include information security standards for ensuring the confidentiality, integrity and availability of Personal Data and NTT information. 17.1 Vendor has policies, processes and procedures for identifying, detecting, responding, recovering and notifying n otifying appropriate stakeholders in the event of an information security incident, including Personal Data breaches. This includes mechanisms for performing a root cause analysis and undertaking corrective actions.

Third Party Management. 16.1 Vendor has policies and supporting procedures to ensure that information assets are protected when Vendor engages third party service providers and/or processors (sub-processors). This includes requirements for information security due diligence and information security risk assessments to be performed to ensure: (a) Information Security requirements are clearly articulated and documented in the agreements with Vendor processors; (b) Vendor processors implement the same level of protection and control as Vendor; (c) Processors are required to report any suspected or actual information security incidents to Vendor prompltypromptly. 16.2 Vendor has undertaken reasonable efforts to ensure that appropriate written agreements are in place with processors who have access to Personal Data, NTT DATA information, applications, systems, databases and infrastructure. These agreements include information security standards for ensuring the confidentiality, integrity and availability of Personal Data and NTT DATA information. 17.1 Vendor has policies, processes and procedures for identifying, detecting, responding, recovering and notifying appropriate stakeholders in the event of an information security incident, including Personal Data breaches. This includes mechanisms for performing a root cause analysis and undertaking corrective actions.