SECURITY ANNEX
This Panther Security Annex supplements the Panther Enterprise Subscription Agreement between the parties (the “Agreement”). In case of a conflict between this Panther Security Annex and the Agreement, the Agreement shall prevail. Capitalized terms not defined herein have the meaning provided in the Agreement.
Security of Data Processing.
Panther has implemented and will maintain technical and organizational measures inclusive of administrative, technical and physical safeguards to ensure a level of security appropriate to the risk of the data processing for the Panther Services as described in this Panther Security Annex (collectively, the “Security Measures”). The Security Measures may be changed by Panther from time to time during the Term of the Agreement in order to take into account advancements in available security technologies. However, Panther will not materially decrease the overall security of the Platform during the Term of the Agreement.
The Security Measures include, but will not be limited to, the measures described in this Annex designed to ensure the ongoing confidentiality, integrity, and availability of Customer Data and designed to prevent unauthorized access, use, modification or disclosure of Customer Data.
Panther Shared Responsibility Model
Panther Responsibilities
Panther is responsible for the confidentiality, integrity and availability of the Platform and internal Panther information technology systems.
Security Measures must include:
(a) strict logical or physical separation between Customer Data and Customer Confidential Information, Panther’s own data and data of other customers of Panther;
(b) maintaining industry-standard perimeter protection for Panther’s network and devices connected thereto (“Panther’s System”);
(c) applying, as soon as practicable, patches or other controls to Panther’s System that effectively address actual or potential code-based security vulnerabilities;
(d) employing commercially reasonable efforts to ensure that Panther’s System remains free of security vulnerabilities, viruses, malware, and other harmful code;
(e) employing commercially reasonable efforts to practice safe coding standards and practices which address common application security vulnerabilities;
(f) providing appropriate education and training to Panther employees and workers regarding these Security Measures and ensuring that those individuals are bound by confidentiality obligations;
(g) accessing or transferring Customer Data or Customer Confidential Information to or from Customer systems only in a secure and confidential manner, including complying with specific security provisions and procedures set forth by Customer in advance in writing, and
(h) limiting Panther employee/agent/subcontractor access to Panther’s network, systems, devices and facilities to those with a need for such access, and whose access privileges shall be revoked promptly upon their termination.
Panther shall provide to Customer an individual point of contact for security purposes, and shall update this information from time to time as necessary.
Customer Responsibilities
The Customer is responsible for the security of the software used in conjunction with the Platform. This includes, but is not limited to, Customer user access management, password configurations, and/or implementing multi-factor authentication. In addition, Customer also is responsible for the secure management of its users that Customer manages and provisions for the purpose of granting access to the Platform and abiding by the Agreement in using the Platform.
Third-Party Audits and Certifications
Panther has, and will maintain, the Security Measures described in this Annex. Panther also has, and will maintain, auditing procedures to audit its Security Measures. The Security Measures for the Platform are subject to periodic testing by independent third-party audit organizations against audits and certifications described at panther.com/company/trust and which include SOC 2 and PCI compliance audits and ISO:27001 certification.
Panther will provide copies of current audit reports for the Platform to Customer upon written request and under NDA once each annual period. Such audit reports, and the information they contain, are Panther Confidential Information and must be handled by Customer accordingly. Such reports may be used solely by Customer to evaluate the design and operating effectiveness of defined controls applicable to the Platform.
