Effective Date: June 6, 2018

86Borders PaaS Security Policy

This document is incorporated by reference into the 86Borders PaaS Services Agreement and applicable to PaaS Services ordered by Customer.

86Borders uses a reputable U.S.-based cloud services provider for operating the 86Borders Platform.  As part of its services, the cloud services provider undertakes reasonable industry measures designed to protect the operating environment of the Platform and the PaaS Services against unauthorized physical access and the threats of fire, power, temperature, humidity and other physical forces with the following capability:

·A secure data center with physical access limited to authorized personnel and protected by multi-level security systems. Other persons are admitted only on an as-needed and supervised basis (such as to maintain hardware components).

·Continuous, conditioned power supplied by a redundant power infrastructure, including battery backup systems and diesel- powered generators, with regular system testing for continuous availability.

·Redundant HVAC climate control and fire suppression systems.

In addition to the physical access protections described above:

·86Borders maintains controls consistent with the ISO 27002 framework.

·Customer Data is maintained in secure directories that require access authentication.

·86Borders, through its cloud services provider, performs daily backups of Customer Data, and Customer Data is stored with the cloud services provider. Daily backups will be retained for at least 14 days.

·86Borders maintains antivirus protection software on the Platform. In the event viruses, worms or similar problems are determined to have infected the Platform, 86Borders will use commercially reasonable efforts to restore the Platform as quickly as reasonably possible.

In order to enhance data security, Customer is responsible for:

·Ensuring it uses utmost discretion in granting administrator privileges.

·Ensuring that its Clients and Users do not share their passwords.

·Ensuring and maintaining security of its systems and the machines that connect to and use the Platform, including implementation of necessary patches and operating system updates.

·Complying with the 86Borders Acceptable Use Policy.

 

The scope of the PaaS Services does not include any Customer security requirements beyond those set forth in the applicable PaaS/Platform Services Agreement.  Customer agrees that it will not perform, and will not engage or authorize any third party to perform, any penetration testing of the Platform without obtaining 86Borders’ prior written permission.