A. Moovweb Secure Logging. The Service is designed to support all types of secure transactions without storing any End User data as described below. The Service stores no End User sensitive information (e.g., credit card and other personal information). The Service also does not store or record End User cookies.
B. Secure Transaction Support. Secure Transaction Support is intended to enable Projects to transmit sensitive data to and from End Users using cryptographic protocols that provide communication security over the Internet. When designated in the Order, Moovweb will provide Secure Transaction Support for all identified secure domains in accordance with Payment Card Industry Data Security Standard (PCI-DSS) compliance standards.
C. PCI Compliance. Moovweb maintains PCI-DSS Level 1 compliance by undergoing annual audits from approved Visa and MasterCard auditors. Upon Customer’s reasonable written request no more than one time per year, Moovweb shall provide Customer a copy of Moovweb’s then-current executed Attestation of Compliance (AOC).
D. Data Security.
i. Moovweb shall maintain software, hardware, systems, personnel and other resources designed to ascertain whether a penetration attempt is being made against any part of the network, server or other infrastructure / application or facilities used by Moovweb to process or transport Collected Data. Moovweb will inform Customer without undue delay upon verification of a security breach. Customer acknowledges that Moovweb cannot guarantee that unauthorized third parties will never be able to defeat the security measures described in this Policy and the Platform Subscription Agreement.
ii. Moovweb shall conduct periodic security audits of its information systems including, but not limited to, network penetration tests and vulnerability scans.
iii. Moovweb shall encrypt using industry standard strong encryption methods (based upon SSL certificates provided by Customer) Collected Data (to the extent encrypted by Customer) while in-transit from a Project to the Service and from the Service to Customer’s systems.
iv. Moovweb shall establish and maintain least privileged based access controls for all Collected Data. Access controls include, but are not limited to, account provisioning / de-provisioning, authentication, authorization and accountability controls.
v. Notwithstanding anything to the contrary in this Policy or the Platform Subscription Agreement, Customer acknowledges that the Service will inherit and utilize in all cases the level of security and privacy established by the Customer website on which a Project is based for the transmission and protection of data and Customer agrees that Moovweb shall have no liability for any breach of security or privacy resulting from vulnerabilities inherent in the particular level of security or privacy utilized by Customer websites.
E. Disaster Recovery / Business Continuity. Moovweb (a) has implemented business continuity and disaster recovery plans (hereafter referred to as the “Plan”) for the recovery of Moovweb business processes and systems and associated data, (b) will deliver a documented copy of such Plan to Customer within a reasonable period upon request, (c) will periodically update and test the operability of such Plan at least once during every twelve (12) month period, and (d) will implement the Plan upon the occurrence of a disaster. The Plan may be modified by Moovweb from time to time to reflect process improvements or changing practices (but the modifications will not materially decrease Moovweb’s obligations as compared to those set forth in the Plan as of the Effective Date).