INFORMATION SECURITY PRECAUTIONS
1. Security Precautions
In an effort to comply with Tensorleap’s obligations in Section 7 of the Agreement, Tensorleap shall take precautions which include, but are not limited to, establishing and maintaining: (i) contractual restrictions on access to the information by contractors (ii) intrusion detection systems on all information systems of where Protected Information is maintained or controlled by Tensorleap, and (iii) notification procedures for notifying Customer promptly in the event a security breach is detected or suspected, as well as other response programs when there is a suspected or detected security breach involving Protected Information. These precautions will also include, as appropriate: (1) access controls to Tensorleap’s information systems, including controls to identify and permit access only to authorized individuals and controls to prevent access to Customer Confidential Information through improper means; (2) Tensorleap Personnel controls and training; (3) physical access restrictions at locations where Customer, Confidential Information is located; and (4)encryption of electronic Customer Confidential Information in transit and at rest.
Tensorleap will: (1) monitor the foregoing measures with periodic audits or testing, and (2) provide copies of the same sufficient to assure Customer, or its regulatory authorities, that Tensorleap is implementing these precautions, and (3) notify Customer immediately in the event Tensorleap becomes aware of any security breach (“Security Breach”). In providing any notice of a Security Breach, Tensorleap shall (i) provide notice to one or more Customer managers generally responsible for security matters affected by the Security Breach, within seventy two (72) hours of discovering the Security Breach, and (ii) keep Customer informed as to the actual and anticipated effects of the Security Breach and the corrective actions taken or to be taken in response to the Security Breach.
2. Business Continuity Plan and Disaster Recovery
Tensorleap will establish and maintain disaster recovery and business continuity plans designed to minimize the risks associated with a disaster affecting Tensorleap’s ability to provide the Services, which includes off-site data storage and recovery infrastructure. Tensorleap will maintain adequate backup procedures in order to recover Customer’s data to the point of the last available good backup. Tensorleap will test its disaster recovery and business continuity plans, including call trees, not less frequently than annually, and will annually certify to Customer that the disaster recovery and business continuity plans are fully operational. Tensorleap will implement the applicable disaster recovery or business continuity plan upon the occurrence of a disaster, and shall notify Customer promptly following such event. In the event of a disaster (as defined in the plan), Tensorleap will not charge fees higher than or in addition to the agreed fees under the Agreement. Tensorleap will notify Customer of, and invite Customer to participate in (at no additional charge to Customer), Tensorleap’s disaster recovery and business continuity plan test.