1. PURPOSE AND SCOPE
LogicGate has implemented and will maintain the following security measures for the protection of confidential information and/or Customer Data, once a Customer or its end-users, including third parties, upload or otherwise input data or information into the LogicGate platform, including, without limitation, any information submitted in response to vendor questionnaires or online forms sent to third parties using LogicGate’s platform service (hereafter, “the LogicGate Service” or “the platform”).
The security practices set forth below apply when LogicGate processes, transmits, or stores confidential information and/or Customer Data, including during LogicGate’s provision of services through the platform and infrastructure that hosts confidential information and/or Customer Data.
2. CUSTOMER SECURITY RESPONSIBILITIES
Due to the flexible nature of the LogicGate Service, the Customer has the capability and responsibility to determine the types of data that it uploads to the LogicGate Service, and stores within the platform, not including data that is required for the use of LogicGate’s Service. The Customer also has the capability and responsibility for defining access controls for its Authorized Users as it relates to what information Authorized Users can read or modify within the LogicGate Service. Based on these responsibilities, the following are the security requirements of the Customer in connection with its use of the LogicGate Service:
Customer Data Responsibilities
Customer is solely responsible for the following as it relates to data Customer chooses to store within the platform:
- Understand and comply with the laws and regulations, as well as Customer’s internal corporate policy(ies), governing the types of data that Customer and its Authorized Users to choose to load into the platform;
- Ensure that Customer’s use and configuration of the security controls within the LogicGate Service appropriately meet or exceed the controls required by the types of data the Customer or its Authorized Users choose to load into the platform;
- Ensure that Customer contact information remains up to date for notification of Personal Data Breaches and updates.
Customer Access Responsibilities
Customer is solely responsible for the following as it relates to user access to Customer Data within the platform:
- The security of its, and its Authorized Users’, login credentials, authorization tokens, and any other secret information that permits access to the LogicGate Service or Customer Data;
- Leveraging the platform’s access controls to ensure appropriate access for its Authorized Users to view or modify Customer Data.
- Ensure Customer, and any third parties who may directly or indirectly obtain access through Customer, only access or use LogicGate's APIs for legitimate and authorized purposes.
Customer General Use Responsibilities
Customer is solely responsible for ensuring the Customer and its Authorized Users, or any third parties who may obtain access to the LogicGate Service directly or indirectly through Customer, do not take the following actions as part of their general use of LogicGate’s services:
- bypass or breach any security device or protection used by the Services or access or use the Services other than by an Authorized User through the use of his or her own access credentials;
- input, upload, transmit or otherwise provide to or through the Services any information or materials that are unlawful or injurious, or contain, transmit or activate any malicious software or harmful codes;
- damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm, in any manner, the Services or LogicGate’s provision of services to any third party, in whole or in part.
Customer is solely responsible for ensuring that Customer’s software systems and infrastructure pertaining to domain security, cyber crime, domain management, brand protection, anti-piracy, counterfeiting, anti-fraud, and/or whitelist are updated to enable Customer’s use of LogicGate’s Services in full so that appropriate scanning, detection, and notification systems can be updated in advance to avoid service disruption for Customer. Where it is not practical or possible for the Customer to ensure such updates to Customer’s software systems or infrastructure, Customer accepts that LogicGate will use commercially reasonable efforts to ensure that the Services are provided, but it may not be able to provide all features or functionality otherwise enabled by the Services, and it shall have no liability to the Customer for such reduction in functionality caused by Customer’s software systems or infrastructure. Customer agrees that any such reduction in functionality will not constitute a breach of this Agreement by LogicGate or entitle the Customer to benefit under the SLA, where such reduction in functionality results from the Customer no updating Customer’s software systems and infrastructure in accordance with this clause.
3. LogicGate Technical and Organizational Measures
|Organization of Information Security||Security Ownership. LogicGate has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.
Information Security Policies. LogicGate maintains a management-approved corporate information security policy, or set of information security policies, defining responsibilities and setting out LogicGate’s approach to information security, which includes physical, administrative and technical safeguards. Such policies have been published and communicated to employees, contractors, and relevant external parties.
Senior Management Commitment. LogicGate’s Information Security Manager (or designee) develops, maintains, reviews, and approves LogicGate’s security, availability, and confidentiality standards and policies.
Risk Management. LogicGate has a formal cybersecurity risk assessment and management process which includes mitigation of any identified findings. The LogicGate ranks and reviews all identified risks at a minimum annually.
|Access Management||LogicGate access management program. LogicGate maintains an access management program for LogicGate’s access to Customer Data, applicable where LogicGate maintains access to Customer Data. Management of the program is facilitated through the use of enterprise single-sign-on (SSO) solution.
|Authentication||LogicGate provides the following controls to manage the authentication of end-users to the platform:
|Personnel Security||LogicGate requires the following for all employees:
Additionally, LogicGate has established policies for disciplinary action, up to and including termination, for noncompliance with security policies and procedures.
|Business Resiliency||Business Continuity Management and Disaster Recovery
LogicGate has a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) in place to manage significant disruptions to its operations and infrastructure, which include, without limitation, the following:
LogicGate employs backup procedures to enhance the security and integrity of the Service.
|Physical & Environmental Security||Customer Data is hosted within Amazon Web Services (AWS) and the physical security of LogicGate’s services are managed by AWS as part of the AWS Shared Responsibility Model.|
|Vulnerability Management, Network Security & Monitoring||Vulnerability Management
Network Security & Monitoring
|Third-Party Certification||LogicGate shall maintain an information security certification from a firm that specializes in enterprise information security assessment and certification.|