1. Security Protocols
1.1. Information Security Program. Koidra shall maintain a comprehensive written information security program, including policies, standards, procedures, and related documents governing the processing and security of
Customer Data and the Koidra systems used to process or secure Customer Data in connection with providing the SaaS (“Koidra Information Systems”). Subcontractors engaged by Koidra in accordance with the Agreement will maintain (at a minimum) substantially similar levels of security as applicable and required by these Security Practices.
1.2. Security Controls. In accordance with its information security program, Koidra shall implement appropriate physical, organizational, and technical controls designed to: (a) ensure the security, integrity, and confidentiality of Customer Data accessed, collected, used, stored, or transmitted to or by Koidra; and (b) protect Customer Data from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure, and other unlawful forms of processing.
2. System Availability
Koidra will maintain (or, with respect to systems controlled by its subcontractors, ensure that such subcontractors maintain) a disaster recovery (“DR”) program designed to recover the Subscription Service’s availability following a disaster. At a minimum, such DR program will include the following elements: (a) routine validation of procedures to regularly and programmatically create retention copies of Customer Data for the purpose of recovering lost or corrupted data; (b) inventories, updated at minimum annually, that list all critical Koidra Information Systems; (c) annual review and update of the DR program; and (d) annual testing of the DR program designed to validate the DR procedures and recoverability of the service detailed therein.
3. Security Incidents.
3.1. Procedure. If Koidra becomes aware of confirmed unauthorized or unlawful access to any Customer Data processed by Koidra Information Systems (a “Security Incident”), Koidra will promptly: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
3.2. Unsuccessful Attempts. An unsuccessful attack or intrusion is not a Security Incident subject to this Section 3. An “unsuccessful attack or intrusion” is one that does not result in unauthorized or unlawful access to Customer Data and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or TCP/UDP headers), or similar incidents.
3.3. User Involvement. Unauthorized or unlawful access to Customer Data that results from the compromise of a User’s login credentials or from the intentional or inadvertent disclosure of Customer Data by a User is not a Security Incident.
3.4 . Notifications. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s SysAdmin users by any reasonable means Koidra selects, including email. Customer is solely responsible for maintaining accurate contact information in the online Service at all times.
3.5. Disclaimer. Koidra's obligation to report or respond to a Security Incident under this Section 3 is not an acknowledgement by Koidra of any fault or liability of Koidra with respect to the Security Incident.
Last updated: May 25, 2021
These are the legacy versions of the Koidra Inc. Security Practices and are provided for informational purposes only.