You shall utilize industry security best practices, including but not limited to any measures used and/or reasonably recommended by TomTom, to safeguard, secure and prevent piracy and unauthorized access of the Licensed Products and the Authorized Application. This shall include adequate physical perimeter and entry controls in line with local regulations and standards to ensure that only authorized personnel are allowed access.
You shall ensure that Your own environments used for functions relating to the Licensed Products and the Authorized Application are monitored in such a manner that prevents violating information and/or IT security are detected and traceable. You shall inform TomTom as soon as reasonably possible of any potential security incidents relating to the Licensed Products and the Authorized Application of which You become aware.
You shall not disclose any TomTom information which may be considered as business or trade secrets, except to the extent necessary for the performance of its assignment under the Agreement.
You shall use suitable encryption techniques for protection of the information of TomTom. Where encryption cannot be implemented, appropriate compensating controls must be implemented to reduce the risk of unauthorized disclosure.
You shall implement policies and processes to identify and remediate vulnerabilities in a timely manner in its own environments used for functions relating to the Licensed Products and the Authorized Application. Vulnerability management includes both infrastructure and applications. At a minimum, You shall scan infrastructure and applications for security vulnerabilities every 90 days.