Supplementary Measures
These supplementary measures shall form part of the applicable agreement between Customer and the Verint entity in which they are incorporated (“Agreement”). Terms in these Supplementary Measures with initial capitals shall have the meaning given in the Agreement.
1 GENERAL SECURITY TERMS. These Supplementary Measures shall be in addition to the provisions relating to the Processing or storage of Personal Data in Schedule D, Information Security Schedule.
1.1 Access Controls.
- Verint warrants that:
- a) it has not purposefully created any means, such as a back door or similar programming, by which a public authority can bypass Verint’s security mechanisms, authentication procedures and/or intrusion detection solutions to gain access to and/or use the Hosted Environment or any other Verint controlled environment in which Personal Data is stored or Processed;
- b) it has not purposefully created or changed its business processes, security mechanisms, software and/or authentication procedures in a manner that facilitates a public authority to gain access to and/or use the Hosted Environment or any other Verint controlled environment in which Personal Data is stored or Processed; and
- c) it is not required by national law or government policy to create or maintain any means by which a public authority would gain access to and/or use the Hosted Environment or any other Verint controlled environment in which Personal Data is stored or Processed.
2.2 Technical Measures.
- Encryption keys used to decrypt data held at rest are stored in the geolocation of the Hosted Environment and access to the keys is under the control of Verint Personnel. Verint has in place procedures to ensure that authorization to decrypt Personal Data is subject to approval by appropriate management.
2.3 Organisational Measures.
- Verint maintains policies and procedures which document how Verint responds to legally binding requests from public authorities regarding disclosure of Customer Personal Data and how Verint may undertake legally permitted notification and co-operation with Customer, Data Subjects and/or Supervisory Authorities regarding the disclosure of Personal Data to any public authority which makes such requests.