Security and Compliance

  1. Home
  2. /
  3. Security and Compliance

Security Exhibit

Definitions

“Customer” refers to the entity that has ordered services from ShipConsole under this Agreement and defined in each Statement of Work entered into hereunder.

“Services” shall mean each discrete software engineering and consulting service to be performed by ShipConsole for Customer as described in a Statement of Work, and governed by the terms of this Agreement.

“Parties” means ShipConsole and Customer collectively and “Party” means each of ShipConsole and Customer individually.

“Personal Data” means any information or data that relates to an identified or identifiable natural person or data considered to be personal data as defined under Privacy Laws.

“Confidential Information,” means all technical, financial, operational, marketing and sales information of either Party disclosed to the other, that is either designated as “Confidential” or the receiving Party should reasonably understand to be confidential given the nature of the information and the circumstances of its disclosure. A Party’s Confidential Information shall not include information that : (a) is or becomes a part of the public domain through no act of omission of the receiving Party: (b) was in the receiving Party’s lawful possession prior to the disclosure by the disclosing Party and had not been obtained by the receiving Party either directly or indirectly from the disclosing Party; (c) is lawfully disclosed to the receiving Party by a third party without restriction on the disclosure; or (d) is independently developed by the receiving Party without use of or reference to the disclosing Party’s Confidential Information.

“Data Privacy Laws” means any applicable law, statute, directive or regulation regarding privacy, data protection, and/or the processing of Personal Data to which ShipConsole and/or the Customer are subject and which is applicable to the parties’ data protection obligations under this Agreement.

“Security Incident” means any circumstance that involves, or which a party reasonably believes may involve, the accidental or unauthorized access, use, disclosure, modification, storage, destruction or loss of Customer Confidential Information in ShipConsole’ or ShipConsole Personnel’s possession, custody or control.

Security

ShipConsole shall maintain a written security program, that includes appropriate administrative, technical, organizational and physical safeguards, security awareness and security measures designed to protect Confidential Information from unauthorized access and use.

ShipConsole agrees to install and implement security hardware, software, procedures and policies that will provide effective information security. ShipConsole agrees to use commercially reasonable efforts to monitor and update such hardware, software, procedures and policies to utilize improved technology and to respond to developing security threats in order to maintain a level of security protection, preparedness and resilience appropriate for the information involved and the then current state of security solutions. Upon request, ShipConsole shall provide Customer any SSAE18 audit reports issued to on behalf of ShipConsole during the term of this Agreement.

ShipConsole further agrees to:

Maintain and implement information security program.

ShipConsole shall only collect, access, use, or share Confidential Information with authorized third parties, in performance of its obligations under the Agreement, or to comply with applicable legal obligations. ShipConsole will not make any secondary or other use (e.g., for the purpose of data mining) of Confidential Information except (a) as expressly authorized in writing by Customer in connection with Customer’s purchase of Services hereunder, or (b) as required by law.

ShipConsole shall:

  • With appropriate notice, and no more than once per annum on a mutually agreed-upon date, at Customer expense, allow Customer, or its designee, to conduct a security audit at ShipConsole’ facilities.
  • ShipConsole shall use commercially reasonable efforts, as measured by the available technology at the time, to prevent anyone other than its authorized employees and Customer and its agents from accessing the Confidential Information.
  • ShipConsole will use, and will cause ShipConsole’ personnel to use appropriate forms of encryption or other secure technologies at all times in connection with the processing of Confidential Information, including in connection with any transfer, communication, remote access or storage (including back-up storage) of Confidential Information, as authorized or permitted under the Agreement.
  • ShipConsole shall provide information to, and fully cooperate with, Customer in response to any subpoena, investigation or the like seeking Confidential Information and provide information and assistance for Customer to seek certification and the like relative to its Confidential Information including information in the possession of ShipConsole. ShipConsole shall promptly notify Customer upon the receipt of any request from a third party requiring that Confidential Information be supplied to a third party.
  • ShipConsole shall not provide Confidential Information to any other entity without the prior written approval of Customer, or as otherwise authorized under this agreement except in circumstances where law enforcement and legal proceedings may prohibit it.

Data Privacy

The following provisions apply whenever ShipConsole will have access to Confidential Information.
ShipConsole shall:

  • Comply with all applicable Data Privacy Laws
  • Only collect, access, use, or share Confidential Information with authorized third parties, in performance of its obligations under the Agreement and/or Order, in conformance with Customer’s instructions, or to comply with legal obligations. ShipConsole will not make any secondary or other use (e.g., for the purpose of data mining) of Confidential Information except as expressly authorized in writing by Customer in connection with Customer’s use of the Services, or (ii) as required by law;
  • Not share, transfer, disclose or provide access to Confidential Information with any third party except to provide services under the Agreement – or as required by law. If ShipConsole does share, transfer, disclose or provide access to any authorized Confidential Information to a third party, it shall:
    • be responsible for the acts and omissions of any subcontractor or other third party, that processes (within the meaning of the applicable data privacy laws) Confidential Information on ShipConsole’ behalf in the same manner and to the same extent as it is responsible for its own acts and omissions with respect to such Confidential Information;
    • ensure such third party is bound by a written agreement that contains the same or equivalent obligations and protections as those set forth in this Section; and
  • Provide such information, assistance and cooperation as Customer may reasonably require from time to time to establish ShipConsole’ compliance with applicable data privacy laws;

Security Incidents

ShipConsole shall provide written notice to Customer as soon as possible and, in no instance more than 48 hours after, of any actual or reasonably suspected incident of accidental or unlawful destruction or accidental loss, alteration, unauthorized or accidental disclosure of or access to Customer Information of which it becomes aware (a “Security Incident”); thereafter shall take all reasonable measures to contain and remedy the Security Breach, wherever possible; provide Customer with information regarding the investigation and remediation of the Security Breach, unless restricted by law; not make any notification, announcement or publish or otherwise authorize any broadcast of any notice or information about a Security Incident (a “Security Incident Notice”) without the prior written consent of and prior written approval by Customer of the content, media and timing of the Security Incident Notice (if any), unless required to do so by law or court order; and even where required to do so by law or court order, make all reasonable efforts to coordinate with Customer prior to providing any Security Breach Notice