Radware Data Processing Agreement (Customer)

This Global Data Processing Agreement ("DPA") is made and entered into by and between Radware (“Processor”) and the counterparty to the Principal Agreement (“Customer” or “Controller”).

This DPA forms an integral part of the written or electronic agreement and/or purchase documents, including, without limitation, any purchase orders and/or order confirmations, through which the Customer ordered and Radware has agreed to provide, the Service(s) (as amended from time to time, the "Principal Agreement").

By signing a hard copy of this DPA, or by accepting this DPA by electronic means or otherwise, or by receiving the Services from Radware, Customer enters this DPA on behalf of itself and in the name and on behalf of its Affiliates that are lawfully permitted to use Redware’s Services.

This DPA reflects the parties’ agreement with regard to the Processing of Personal Data in the performance by Radware, and the receipt by Customer, of the Service(s).

SCHEDULE A

DATA PROCESSING ACTIVITY PROFILE

Radware's Cloud Web Application Firewall (CWAF) Service Data Processing Profile

Radware's Cloud DDoS Protection Service Data Processing Profile

Radware's Bot Manager Service Data Processing Profile

Radware's Cloud Native Protector Service Data Processing Profile

SCHEDULE B

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Processor shall implement appropriate technical and organizational security measures intended to protect the Customer Personal Data it Processes against accidental or unauthorized loss, destruction, alteration, disclosure or access:

IS Program - Radware maintains an information security program with the aim to identify reasonably foreseeable external and internal risks to the security of Radware Network and minimize security risks through risk assessments and regular testing.

CISO - Radware has designated a Chief Information Security Officer (CISO) to coordinate and be accountable for the information security management system.

Security Reviews - Radware conducts periodic reviews of the security of its infrastructure and the adequacy of its information security program.

Baseline for the management system - Radware follows industry best practices for its security Information Security Management system (ISMS) and is certified for ISO 27001, ISO 27017, ISO 27018 and ISO 27032. PCI Service Provider and HIPAA compliance is confirmed by an annual self-assessment.

Human Resources - Radware provides that employees, contractors, partners, and vendors understand their data protection and security responsibilities. These responsibilities include maintaining the confidentiality, integrity and availability of the Customer information processed by Radware. All employees of the organization and where relevant, contractors receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.

Access Control
Radware provides that only authorized users will have access to its information assets and to private data. Users are only be provided with access to assets that they have been specifically authorized to use.
Radware provides the customers with an access control management system for the relevant cloud management portals as part of the service.

Encryption - Radware provides proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information, Radware will provide that confidential data will be encrypted whenever extracted from their primary repository.

Physical and Environmental Security - Radware will use physical and environmental measures to prevent unauthorized physical access, damage to or disruption of the organization’s information and information processing facilities.

Operational & Communication Security - Radware will maintain appropriate controls related to management of IT production including change management, capacity management, malware, backup, logging, monitoring and vulnerabilities management.

System acquisition, development, and maintenance - Radware maintains security throughout the lifecycle of the information systems.

Supplier Relationship - Radware provides that its partners, suppliers, and contractors maintain adequate security measurements to secure Radware and its customers' information, through contracts and periodic audits.

Data Retention and disposal
Information stored withing the service, such as logs and alerts will be retained according to customer requirements. When no longer required, the information will be securely deleted.

SCHEDULE C

LIST OF CURRENT SUB-PROCESSORS

Radware Cloud Services Sub-processors

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center