HEARSAY Systems
Information Security Overview
Last updated:
June 2, 2023
The following documents are incorporated by reference herein:
Archived Main Terms of Service
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
This Information Security Overview, (“Security Overview”) is incorporated into and made part of the Agreement. All terms not defined in this Security Overview retain the meaning in the Agreement.
1. Purpose
This Security Overview describes Hearsay’s security program, infrastructure, and organizational security safeguards to protect (a) Customer Data from unauthorized use, access, or theft and (b) the Services. Hearsay continually reviews and updates its security program and strategy to help protect Customer Data and the Services. Hearsay reserves the right to update this Security Overview from time to time; provided, however, any update will not materially reduce the overall protections set forth in this Security Overview. The current terms of this Security Overview are available at www.hearsaysystems.com/company/legal/information-security-overview. This Security Overview does not apply to any Services that are identified as beta, limited release, or developer preview.
2. Information Security Safeguards
Hearsay shall maintain throughout the Term an information security program that is reasonably designed to provide protection to the security, confidentiality, integrity and availability of Customer Confidential Information in accordance with applicable laws governing privacy of personal information in the United States, E.U. and Canada, and at a minimum, includes controls for (i) system access, (ii) system and application development and maintenance, (iii) change management, (iv) incident response, physical and environmental security, (v) disaster recovery/business continuity, and (vi) employee training (“Information Security Safeguards”).
- 2.1. Standards & Practices. Information Security Safeguards will incorporate commercially reasonable methods and safeguards to ensure the security, confidentiality, integrity, availability and privacy of the Customer Confidential Information. Hearsay will adhere to generally accepted information security practices relating to Hearsay’s industry.
- 2.2. Updates. Information Security Safeguards will be documented and kept current in light of changes in applicable legal and regulatory requirements related to privacy and data security practices applicable to Hearsay.
- 2.3. Workspace Security. Information Security Safeguards must include controls designed to ensure that work areas containing the Customer Confidential Information are secured. Access to such work areas will be controlled by a commercial grade access control system. All electronic copies, printed copies, computer screen captures or any form of duplication of original documents containing the Customer Confidential Information will be protected in the same manner as the original. The Customer Confidential Information in hard-copy form shall be protected against disclosure to any individuals who do not have a legitimate business need to have access to the Customer Confidential Information, and the Customer Confidential Information must be safeguarded to ensure the privacy, security, availability and integrity of the Customer Confidential Information.
- 2.4. Appropriate Safeguards. Information Security Safeguards will include (i) safeguards against the unauthorized destruction, loss, or alteration of the Customer Confidential Information; (ii) safeguards against unauthorized access to Customer Confidential Information; and (iii) network and internet security procedures, protocols, security gateways and firewalls with respect to Customer Confidential Information in accordance with applicable legal and regulatory requirements and applicable industry practices.
- 2.5. Physical Security Safeguards. Hearsay shall use third-party data centers that have annual SSAE 16 (or comparable audit engagement) performed. In the event that such data center(s) become non-compliant with the requirements, then Hearsay, in a reasonable time period, will discontinue using the third party and find an alternative third party that will meet the requirements.
3. Information Security Infrastructure
- 3.1. Access Controls. Hearsay will ensure appropriate access controls (i.e., password/key requirements and two-factor authentication) are in place to protect Customer Confidential Information. Hearsay agrees that it shall maintain, throughout the term of the Agreement and at all times while Hearsay has access to or possession of the Customer Confidential Information, appropriate access controls and shall not materially degrade or lessen the access controls. Hearsay must also ensure that segregation of duties is employed in the assignment of all critical job functions related to the Services involving the Customer Confidential Information. Customer will be solely responsible for implementing and maintaining access controls on its own systems.
- 3.2. Authorized Persons. Hearsay must limit access to the Customer Confidential Information solely to those of its employees, contractors or agents who have a need to access the Customer Information: (i) in connection with the Services; (ii) to perform Hearsay’s obligations or rights pursuant to the Agreement; or (iii) to facilitate the due diligence and closing of an acquisition, divestiture, or similar transactions (including auditors, bankers, attorneys, and potential parties to a transaction) (“Authorized Persons”). Hearsay will ensure that Authorized Persons have signed confidentiality agreements or are otherwise bound by confidentiality obligations. Hearsay will be held responsible for any breach resulting from failure of its Authorized Persons to comply with these Information Security Safeguards with regard to the Customer Confidential Information.
- 3.3. Password Administration. Hearsay’s passwords that are associated with access to the Customer Confidential Information as applicable will be at minimum the generally accepted standards applicable to Hearsay’s industry (e.g. currently Hearsay uses two factor auth.)
- 3.4. Encryption. Hearsay encrypts all laptops, network file transfers, and web transactions involving any of the Customer Confidential Information in connection with the performance of the Service pursuant to the Agreement. Encryption must be provided through commercial grade, industry-standard strong cryptographic algorithms, protocols, and commercially reasonable key strengths. Hearsay agrees that it shall not implement a less secure method of encryption.
- 3.5. Network and Host Security. Hearsay must have commercially reasonable firewalls and anti-virus protection on all laptops and desktops in place and functioning properly (the “Network and Host Security Methods”). Hearsay will use reasonable commercial efforts to ensure that operating systems and applications that are associated with the Customer Confidential Information are patched within a commercially reasonable time period after Hearsay has actual or constructive knowledge of any security vulnerabilities. Hearsay will exercise generally accepted industry standards to ensure that any software, systems, or networks that may interact with Customer’s systems, networks or any of the Customer Confidential Information under Hearsay’s control are not and do not become infected by any viruses.
4. Compliance with Laws and Customer Security Procedures
Prior to performing services on Customer’s site, Customer shall provide Hearsay with written security procedures (including, without limitation, procedures relating to Customer’s facilities and materials, the Customer Confidential Information, and if applicable any Software for Hearsay’s review and compliance with such).
5. Security Breach Management
- 5.1. Notice. Hearsay must notify Customer after confirmation of breach of security of the Customer Confidential Information by Hearsay in accordance with the Agreement.
- 5.2. Remediation. In the event of a confirmed breach of security of the Customer Information by Hearsay, Hearsay will, at its own expense, (i) investigate the actual breach of security, (ii) provide Customer with a remediation plan, reasonably acceptable to Customer, to address the security breach and to mitigate the incident and reasonably prevent any further incidents, (iii) remediate the effects of the security breach in accordance with such remediation plan, and (iv) provide reasonable cooperation to Customer and any law enforcement or regulatory official investigating such security breach.
Cookie table
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Strictly necessary cookies are necessary to operate the account portal, so you can’t opt out of them.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
You can use your browser settings to opt out of certain performance cookies or via our cookie banner. Note that opting out may affect the functionality of our Site or Services for you.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
You can use your browser settings to opt out of certain functionality cookies or via our cookie banner. Note that opting out may affect the functionality of our Site or Services for you.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising
This table is subject to change and does not include all third party service providers that Hearsay uses at any given time. Please see our cookie banner for specific cookies that are used.
If you have any questions, our full contact information is listed
here, or contact us at
privacy@hearsaycorp.com.