Laserfiche WebLink
REV: 12-16-24 MI <br />Agreement and related instructions of the customer. Granicus takes the following measures: <br />4.1 Granicus will use controls and processes to monitor compliance with contracts between <br />Granicus and its customers, subprocessors or other service providers. <br />4.2 In accordance with Granicus Information Security Policies, Personal Data will require at least <br />the same protection level as “confidential” information according to the Granicus Information <br />Classification standard. <br />4.3 All Granicus employees and contractual subprocessors or other service providers will be <br />contractually bound to respect the confidentiality of all sensitive information including trade <br />secrets of Granicus customers and partners. <br />5 DATA SEPARATION CONTROL <br />Granicus will employ technical measures to ensure that data is properly segregated: <br />5.1 Where feasible, Granicus will use the technical capabilities of the deployed software (for <br />example: multi- tenancy, or separate system landscapes) to achieve data separation among <br />Personal Data originating from multiple customers. <br />5.2 If Personal Data is required to handle a support incident from Customer, the data is assigned <br />to that message and used only to process that message; it is not accessed to process any <br />other messages. This data is stored in dedicated support systems. <br />6 DATA INTEGRITY CONTROL <br />Granicus will ensure that Personal Data remains intact, complete, and current during processing <br />activities. <br />7 SECURITY INCIDENTS AND REPORTING <br />Granicus maintains a process to receive input regarding potential security incidents and violations. <br />Granicus will respond and report to actual incidents in accordance with the Granicus Incident <br />Response Plan and Information Security Policies. <br />ATTY/AGR.2024.237/Granicus (Agenda Management System) (Page 34 of 35)