KRMC Security responsibilities due to Master Service Level Agreement

SECURITY RESPONSIBILITIES

1. Data Security

KRMC implements and maintains appropriate electronic, physical, and organizational security procedures, measures, and controls to protect against accidental, unauthorized, or unlawful access, destruction, alteration, modification, disclosure, or loss of any Confidential Client Information. Without limiting the foregoing, KRMC implements and maintains security practices and controls that comply with and are consistent with:

  • International Standards Organization and the International Electrotechnical Commission 27001/22:2013 (ISO/IEC 27001:2013); and
  • System and Organization Controls (SOC 2) controls and requirements.

In the event of a conflict or inconsistency between the foregoing data security standards and Information Security Requirements, the higher standard will prevail.

2. Data Security Breach

In the event of any Security Breach, KRMC will promptly, and as soon as feasible after it determines that the Security Breach has occurred:

  • (a) notify Clients about the Security Breach by email and/or by phone; and
  • (b) investigate the Security Breach and provide with detailed information about the Security Breach, including any such information reasonably required.

3. Annual SOC 2 Type II Audits

If requested, KRMC will perform SOC 2 Type II audit, and if requested by a client, will provide a summary of the audit results to the client promptly after they become available.