Ikigai Labs will take the security measures set forth in this Appendix.
1. Physical Control Access /Physical Security. Ikigai Labs will take industry standard steps designed to prevent unauthorized persons from gaining access to Personal Data processing systems by maintaining industry standard physical security controls at all Ikigai Labs sites at which an information system that uses or houses Personal Data is located.
2. Logical/Data Access Control. Ikigai Labs will maintain appropriate access controls designed to prevent Personal Data processing systems from being used without proper authorization, including:
Further, Ikigai Labs will:
3. Data Transfer Control/Network Security. Ikigai Labs will ensure that: (i) Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control). Suppler will maintain network security using industry standard equipment and industry standard techniques, including firewalls, intrusion detection and prevention systems, and routing protocols; (ii) it utilizes industry standard anti-virus and malware protection software to protect Personal Data from anticipated threats or hazards and protect against unauthorized access to or use; and (iii) it utilizes industry-standard encryption tools (not less than 128-bit key utilizing an encryption method approved by Customer) and other secure technologies in connection with any and all Personal Data that Ikigai Labs: (A) transmits or sends wirelessly or across public networks; (B) stores on laptops or storage media; or (C) stores on portable devices, where technically feasible (including safeguarding the security and confidentiality of all encryption keys associated with encrypted Sensitive Personal Data).
4. Availability Control/Separation Control. Ikigai Labs will implement appropriate policies and procedures to ensure that: (i) it Processes Personal Data in accordance with Customer’s instructions; (ii) it Processes separately Personal Data collected for different purposes; and (iii) Personal Data is protected against accidental destruction or loss.
5. Organizational Security. Ikigai Labs will maintain security policies and procedures to classify sensitive or confidential information, clarify security responsibilities and promote awareness for employees by, among other things: (i) maintaining adequate procedures regarding the use, archiving, or disposal of media containing Personal Data; and (ii) managing Security Incidents in accordance with appropriate incident response procedures. In addition:
a. Prior to providing access to Personal Data to Ikigai Labs personnel, Ikigai Labs will require Ikigai Labs personnel to comply with its Information Security Program.
b. Ikigai Labs will maintain a security awareness program to train personnel about their security obligations. This program will include training about data classification obligations, physical security controls, security practices, and security incident reporting.
c. Ikigai Labs will maintain procedures such that (i) when media are to be disposed of or reused, any subsequent retrieval of any Personal Data stored on them before they are withdrawn from the inventory will be prevented; and (ii) when media are to leave the premises at which the files are located as a result of maintenance operations, any undue retrieval of Personal Information stored on them will be prevented.
6. Business Continuity. Ikigai Labs will maintain appropriate back-up, disaster recovery and business resumption plans, business continuity plan and risk assessment, and review and test these plans regularly to ensure that they are up to date and effective. Ikigai Labs will maintain procedures for reconstructing lost Personal Data in Ikigai Labs’ possession or under Ikigai Labs’ control, and correct, at Customer’s request, any destruction, loss or alteration of any of Personal Data caused by Ikigai Labs, or arising out of Ikigai Labs’ breach of this Data Processing Addendum.
7. Security Manager. Ikigai Labs will designate an employee who will be responsible for managing and coordinating the performance of Ikigai Labs’ obligations set forth in its Information Security Program and in this Exhibit.
8. Risk Assessments. Ikigai Labs will conduct periodic risk assessments and reviews and, as appropriate, update its Information Security Program; provided that Ikigai Labs will not modify its Information Security Program in a manner that would weaken or compromise the confidentiality, availability or integrity of Personal Data.