Information Security Addendum

THESE TERMS OF SERVICE (“TERMS”) GOVERN THE ACCESS TO AND/OR USE OF PRODUCTS AND SERVICES PROVIDED BY [COMPANY NAME] (“WE,” “US,” OR “OUR”) AND CONSTITUTE A LEGALLY BINDING AGREEMENT BETWEEN [COMPANY NAME] AND ANY INDIVIDUAL OR ENTITY (“YOU” OR “CUSTOMER”) SEEKING TO ACCESS OR USE OUR PRODUCTS OR SERVICES.

BY ACCESSING OR USING ANY OF OUR PRODUCTS OR SERVICES, YOU AGREE TO BE BOUND BY THESE TERMS, ALONG WITH ANY ADDITIONAL TERMS, CONDITIONS, AND POLICIES REFERENCED AND INCORPORATED HEREIN (THE “AGREEMENT”). IF YOU ACCESS OR USE OUR PRODUCTS OR SERVICES ON BEHALF OF AN ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT ENTITY TO THIS AGREEMENT.

IF YOU DO NOT AGREE TO THESE TERMS, YOU MUST NOT ACCESS OR USE ANY OF OUR PRODUCTS OR SERVICES.

IN THE EVENT OF A SEPARATE WRITTEN AGREEMENT BETWEEN YOU (OR YOUR ENTITY) AND US THAT SPECIFICALLY GOVERNS YOUR USE OF OUR PRODUCTS OR SERVICES, THE TERMS OF THAT AGREEMENT SHALL PREVAIL OVER THESE TERMS.

For the purposes of this agreement and any related documents, “GOCODE CLOUD” shall mean GOCODE PTE. LTD., including but not limited to all its products, services, and offerings provided to us. This definition expressly includes HyperGo and any other existing or future products, services, platforms, or solutions that may be developed, launched, or offered by GOCODE PTE. LTD. Unless otherwise specified, all references to “GOCODE” or “GOCODE CLOUD” shall be interpreted in this manner throughout this document and any associated agreements.

This Information Security Addendum (the “Addendum”) sets forth the technical and organizational measures for the protection of Content processed by GoCode HyperGo (if applicable) or data (if any) provided by Customer to GoCode Pte Ltd in connection with the delivery of Support Services (if applicable) (collectively “Customer Information”). Capitalized terms not defined in this Addendum shall have the meanings set forth in the applicable agreement between Customer and GoCode Pte Ltd for the delivery of GoCode HyperGo and/or Support Services (the “Agreement”).

GoCode Pte Ltd shall maintain an information security program that is designed to protect the security, confidentiality, and integrity of Customer Information (the “GoCode Information Security Program”). The GoCode Information Security Program will be implemented on an organization-wide basis. The GoCode Information Security Program will be designed to ensure GoCode Pte Ltd’s compliance with data protection laws and regulations applicable to GoCode Pte Ltd’s performance under the applicable Agreement (including any Data Processing Addendum), and shall include the safeguards set below, which substantially conform to the ISO/IEC 27002 control framework (the “GoCode Information Security Controls”).

1. AUDITS AND CERTIFICATIONS

1.1 Audits and Certifications. GoCode Pte Ltd shall engage independent third-party auditors to assess the GoCode Information Security Program as and when required, in accordance with regulatory requirements and business needs. Such assessments may include the following audits and certifications:

1.1.1 SOC 2 Type II

1.1.2 ISO 27001

2. SHARED RESPONSIBILITY

2.1 Shared Responsibility Model. GoCode Pte Ltd adheres to a shared responsibility model that varies between GoCode HyperGo and Bring-Your-Own-Cloud (“BYOC”) offerings. For GoCode HyperGo, GoCode Pte Ltd maintains specific security responsibilities, while customers are responsible for managing their data and access. In the BYOC model, customers retain additional responsibilities for cloud infrastructure security and management. Further delineation is described throughout this Addendum, and additional information is available in our Trust Center.

3. CUSTOMER DATA STORAGE LOCATION

3.1 GoCode HyperGo. Create services for customers to upload data in customer-specified cloud providers and regions that are managed by GoCode Pte Ltd based on cloud provider and region availability.

3.2 Bring-Your-Own-Cloud (“BYOC”). Create services for customers to upload data in customer-provided cloud accounts. Services are managed by GoCode Pte Ltd and cloud accounts are managed by the Customer.

4. ORGANIZATIONAL CONTROLS

4.1 Governance. GoCode Pte Ltd assigns to an individual or a group of individuals appropriate roles for developing, coordinating, implementing, and managing GoCode Pte Ltd’s administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of Customer Information.

4.2 Security Personnel. GoCode Pte Ltd uses data security personnel that are sufficiently trained, qualified, and experienced to be able to fulfill their information security-related functions.

4.3 Risk Assessments. GoCode Pte Ltd conducts periodic risk assessments designed to analyze existing information security risks, identify potential new risks, and evaluate the effectiveness of existing security controls.

4.4 Risk Prioritization. GoCode Pte Ltd maintains risk assessment processes designed to evaluate the likelihood of risk occurrence and material potential impacts if risks occur.

4.5 Information Security Policies. GoCode Pte Ltd creates information security policies, approved by management, published, and acknowledged by all employees.

4.6 Information Security Policy Review. GoCode Pte Ltd reviews and updates policies at planned intervals to maintain their continuing suitability, adequacy, and effectiveness.

4.7 Data Classification. GoCode Pte Ltd maintains a data classification standard based on data criticality and sensitivity.

4.8 Data Retention and Destruction. GoCode Pte Ltd maintains policies establishing data retention and secure destruction requirements.

4.9 Asset Ownership. GoCode Pte Ltd implements procedures to clearly identify assets and assign ownership of those assets.

4.10 Compliance. GoCode Pte Ltd establishes procedures designed to ensure all applicable statutory, regulatory, and contractual requirements are adhered to across the organization.

5. PEOPLE CONTROLS

5.1 Information Security Policy Acknowledgement. GoCode Pte Ltd creates information security policies, approved by management, published, and acknowledged by all employees.

5.2 Information Security Awareness Training. GoCode Pte Ltd requires all employees to undergo security awareness training on an annual basis.

6. ASSET MANAGEMENT

6.1 Data Classification. GoCode Pte Ltd maintains a data classification standard based on data criticality and sensitivity.

6.2 Data Retention and Destruction. GoCode Pte Ltd maintains policies establishing data retention and secure destruction requirements.

6.3 Asset Ownership. GoCode Pte Ltd implements procedures to clearly identify assets and assign ownership of those assets.

7. ACCESS CONTROLS

7.1 Access Control Policy. GoCode Pte Ltd maintains technical, logical, and administrative controls designed to limit access to Customer Information.

7.2 Privileged Access. GoCode Pte Ltd restricts privileged access to the Customer Data to authorized users with a business need.

7.3 Access Reviews. GoCode Pte Ltd reviews personnel access rights on a regular and periodic basis.

7.4 Access Termination. GoCode Pte Ltd maintains policies requiring termination of access to Customer Information after termination of an employee.

7.5 User Authentication. GoCode Pte Ltd implements access controls designed to authenticate users and limit access to Customer Information.

8. CRYPTOGRAPHY

8.1 Encryption Key Management. GoCode Pte Ltd implements encryption key management procedures.

WhatsApp
+6569503126
[email protected]
Support Ticket

[email protected]

Support Ticket

8 Burn Road #01-04, Trivex, Singapore 369977
Go Further With Go

Copyright © 2024 GoCode Pte Ltd – 202307130G