13. Due to the nature of Our and Our Partner’s businesses, particularly with regard to providing criminal record checks and county court judgements or other vetting data, We and Our Partners require) to follow the similar high standards in relation to security around Screening SaaS.
14. We require that You follow these additional security requirements at all times in relation to the Screening SaaS.
15. These Security Requirements apply to any means through which You order or access the Software including, without limitation, systemto-system, direct access terminal, personal computer or the Internet.
16. These obligations are in addition to any requirements imposed by any applicable law which may apply to the Your use of the Screening SaaS (which may or may not include personal data).
17. You will:
a) ensure that only Authorised Users can have access to the Software and Screening SaaS
b) ensure that Authorised Users do not initiate Activities for personal reasons or provide them to any third party unless expressly permitted by any agreement between the parties;
c) ensure that all devices used by You to access the Operator Portal are placed in a secure location and accessible only by Authorised Users, and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other reasonable security procedures;
d) take all necessary measures to prevent unauthorised access to the Operator Portal by any person other than an Authorised User for permissible purposes, including, without limitation, limiting the knowledge of Your security codes, any telephone access number(s) We provide and any passwords You may use, to those individuals with a need to know.
e) in no event access the Operator Portal via any unsecured or unauthorised device. Secured wireless connections shall adhere at a minimum to Our encryption standards outlined below in clause 17(g);
f) not use personal computer hard drives or portable and/or removable data storage equipment or media (including but not limited to laptops, zip drives, tapes, disks, CDs, DVDs, software, and code) to store the Screening Output. In addition, data must be encrypted when not in use and all printed Screening Output must be stored in a secure, locked container when not in use, and must be completely destroyed when no longer needed by cross-cut shredding machines (or other equally effective destruction method) such that the results are not readable or useable for any purpose;
g) if You send, transfer or ship any Screening Output, encrypt the data using the following minimum standards, which standards may be modified from time to time by Us: Advanced Encryption Standard (AES), minimum 128-bit key or Triple Data Encryption Standard (3DES), minimum 168-bit key, encrypted algorithms;
h) monitor compliance with the obligations of these Security Requirements, and immediately notify Us if You suspect or know of any unauthorised access or attempt to access the Screening SaaS. Such monitoring will include, without limitation, a review of each of Our invoices for the purpose of detecting any unauthorised activity;
i) not ship hardware or software between Your locations or to third parties without purging all sensitive information;
j) if You use a third-party vendor to establish access to the Screening SaaS, be responsible for the third-party vendor’s use of the Your member numbers, security access codes, or passwords, and You will ensure the third party vendor safeguards Your security access code(s) and passwords through the use of security requirements that are no less stringent than those applicable to You under these Security Requirements; and
k) use best endeavours to assure security when disposing of any personnel vetting information or record obtained from Us in accordance with Data Protection Legislation.
18. We may suspend the Screening SaaS and the supply of Screening Output if, acting reasonably, We believe You have suffered, are suffering or may suffer a breach or attempt to breach its security.
19. During any period of suspension:
a) We will have no liability to You;
b) You will cooperate with Us to address the cause of any concerns; and
c) neither party will issue any public statement regarding the Screening SaaS or the Screening Output and identifying the other party, unless required to do so by applicable law.
d) We will reinstate any suspended services as soon as it is satisfied as to the security of the Screening SaaS and the Screening Output.