Audible Magic (“AM”) implements administrative, physical, and technical safeguards that reasonably and appropriately protect the integrity of Content that it receives from any Content Registrant. AM’s Content security program includes administrative, technical and physical safeguards appropriate to the size and complexity of AM’s operations and the nature and scope of its activities, including at a minimum the following safeguards:

    1. General Security Controls.
      • Confidentiality Statement/NDA. All AM employee and non-employee workers who may have access to Content sign non-disclosure and/or confidentiality agreements.
      • Background checks. AM requires that all of its employees and non-employee workers who may have access to Content have cleared AM’s background checks prior to being permitted such access. AM’s background checks include review and verification of educational qualifications, checks of criminal records, contacting and interviewing professional references, and confirmation from the employee’s or non-employee worker’s most recent employer.
      • Company Policies. AM’s security policy explicitly addresses and provides guidance to its employees and non-employee workers to ensure the confidentiality, integrity and availability of content, data, information and systems maintained, held, accessed or processed by AM.
      • Encryption and System Security. AM implements and maintains a level of encryption and data security consistent with industry standards and appropriate to ensure the protection of Content.
      • Remote Access. Any remote access to Content is executed over an encrypted method consistent with industry standards and appropriate to ensure the protection of Content. All remote access is limited to minimum necessary and least privilege principles.
      • Physical Security. Physical controls are in place to reasonably protect the AM infrastructure and the Content from unauthorized access, and to manage and monitor movement of persons into and out of AM’s facilities where Content is stored, processed, or transmitted. Content is processed on systems which are secured using reasonable commercially available security software and practices. Only employees who have need to access and who have completed the Security Practices Training are allowed electronic and physical access to Content.
      • Network Security. Network Security controls are in place, including the use of firewalls, layered DMZs, and updated intrusion detection/prevention systems to help protect systems from intrusion and/or limit the scope or success of any attack or attempt at unauthorized access.
      • Security Process Controls. Audible Magic proactively monitors security vulnerabilities and patches AM’s systems according to reasonable commercial practices.
    2. Third-Party Service Providers. Audible Magic may store Content on servers owned and or maintained by third party service providers provided such third-party providers provide security controls that comply with the standards specified in this Content Security Agreement. Content Registrant acknowledges that the level of security controls provided by Amazon Web Services and by Rackspace satisfy Content Registrant requirements.
    3. Privacy.
      • Legal Compliance. AM maintains compliance with all applicable privacy laws and regulations in the US and internationally, including without limitation US state privacy laws and EU privacy laws.
    4. Business Continuity / Disaster Recovery Controls.
      • Emergency Mode Operation Plan. AM has an established plan to enable continuation of critical business processes and protection of the security of electronic Content in the event of an emergency. An emergency is an interruption of business operations for more than 24 hours.
      • Data Backup Plan. AM has established procedures to backup Content to maintain retrievable exact copies of Content.
    5. Training. AM employees and non-employee workers are made aware of, and are required to adhere to, the security policies specified and described in the Audible Magic Security Policy, and have training in security practices including the handling of sensitive or confidential information.
    6. Corrective Steps. AM takes prompt corrective action to mitigate any risks or damages involved with any breach in security of the Content and to protect the operating environment, and promptly take any action pertaining to such unauthorized access required by applicable Federal and State laws and regulations.