Pass-Through terms for Zenden third party data

Last updated January 2, 2020

The following terms apply to you to the extent you (identified as “Vendor” below) access, receive, and/or store the relevant data from ZenDen.

The contract between ZenDen and the third party licensor, including as reflected herein, and not the agreement between you and ZenDen, shall establish the scope of indemnity, and limits of liability, with respect to each respective item of the relevant data. ZenDen does not have the authority to modify these terms. These terms shall survive termination or expiration of your agreement with ZenDen.


Product/Service:

The Work Number® and various other services (“TWN”)

Licensor:

TALX Corporation

Pass-Through Terms:

  1. Vendor must use data at rest encryption of at least AES-256 where TWN data is stored.
  2. Vendor shall keep an inventory of all TWN data stored within its cloud environment.
  3. TWN data shall be logically and/or physically separated in multi-tenant environments in accordance industry standards.
  4. Vendor shall employ secure data destruction techniques to destroy TWN data and any assets that are no longer needed for legal or other retention purposes in accordance with industry standards.
  5. Vendor shall provide incident handling and forensic support in the event of an investigation of a Security Incident, where “Security Incident” means any actual breach, theft or unauthorized access, use, misuse, theft, vandalism, modification or transfer of or to Licensor’s services or TWN data.
  6. Vendor’s cloud hosted systems shall be patched at the most current levels and have vulnerabilities addressed in accordance with industry standards.
  7. Vendor shall follow industry security hardening standards such as DISA STIG or CIS guidance for its information systems and infrastructures.
  8. Vendor shall have ZenDen’s application environment certified by an independent third party (e.g., SOC 2 Type 2, PCI/ISO 27001/NIST).
  9. Third parties providing support services to ZenDen or Vendor shall not have access TWN data without Vendor first obtaining Licensor’s prior consent.
  10. ZenDen shall manage all encryption keys within Vendor’s cloud computing environment.