« To Riverside basics: Overview
Riverside shall implement and maintain adequate information security controls to protect against unauthorized access to or use of Customer Personal Data. Without limiting the generality of the foregoing, Riverside shall implement and maintain the following information security controls (collectively, the “Information Security Controls”):
a. which protect the confidentiality, integrity, and authenticity of Personal Data so that it is processed, used, maintained and disclosed only as necessary for the specific purpose for which this information was disclosed to Riverside and only in accordance with the DPA;
b. an industry- standard written information security program such as, ISO 27001:27002 in conjunction with SSAE16 Type 2 reporting, that meets current relevant regulatory standards and is designed to ensure and demonstrate a suitable, sustainable, and auditable information security program;
c. access controls on information systems, including controls to authenticate, permit, remove, and audit access, which ensures only the authorized officers, directors, employees, consultants, attorneys, accountants, agents and independent subcontractors (and their employees) and other representatives or other third parties who have a need to know have access to such Personal Data to fulfil Riverside’s obligations under applicable law;
d. strong industry standard and appropriate encryption of electronic Personal Data such as TLS 1.2/1.3 and AES-256 Bit minimum and appropriate “encryption key management”, including while in transit and at rest;
e. effective monitoring systems, qualified personnel, and procedures to detect and respond to actual and attempted attacks on or intrusions into information systems;
f. response programs that specify actions to be taken when Riverside detects unauthorized access to information systems or physical locations containing Personal Data;
g. industry standard backup controls and measures to protect against destruction, loss or damage of Personal Data due to breach of integrity, authenticity, and/or potential environmental hazards, such as fire and water damage; and
h. regular testing of key controls, systems and procedures of these Information Security Controls.