Written Information Security Program. a. At all times during the term of the Agreement, Vendor will implement and maintain a written information security program (“WISP”), which must include appropriate administrative, technical, physical, and operational safeguards to maintain the security, privacy, availability, integrity, and confidentiality of University Data in use, in motion, and at rest. b. Vendor will implement and maintain a formalized risk governance plan, policy, and a continuous risk assessment process demonstrating Vendor’s ability to identify, quantify, prioritize, and mitigate risks. If requested by University, Vendor will (and/or cause subcontractors to) certify its compliance with the requirements of this ISPA and provide written responses to any reasonable questions submitted to Vendor by University. Vendor agrees to conduct and provide to University a Data Protection Impact Assessment (“DPIA”) or an independent audit report, if reasonably requested by University.
Appears in 2 contracts
Sources: Information Security and Privacy Addendum, Information Security and Privacy Addendum