KRMC Security Responsibilities
SECURITY RESPONSIBILITIES
1. Data Security
KRMC implements and maintains appropriate electronic, physical, and organizational security procedures, measures, and controls to protect against accidental, unauthorized, or unlawful access, destruction, alteration, modification, disclosure, or loss of any Confidential Client Information. Without limiting the foregoing, KRMC implements and maintains security practices and controls that comply with and are consistent with:
- International Standards Organization and the International Electrotechnical Commission 27001/22:2013 (ISO/IEC 27001:2013); and
- System and Organization Controls (SOC 2) controls and requirements.
In the event of a conflict or inconsistency between the foregoing data security standards and Information Security Requirements, the higher standard will prevail.
2. Data Security Breach
In the event of any Security Breach, KRMC will promptly, and as soon as feasible after it determines that the Security Breach has occurred:
- (a) notify Clients about the Security Breach by email and/or by phone; and
- (b) investigate the Security Breach and provide with detailed information about the Security Breach, including any such information reasonably required.
3. Annual SOC 2 Type II Audits
If requested, KRMC will perform SOC 2 Type II audit, and if requested by a client, will provide a summary of the audit results to the client promptly after they become available.