NDA & Information Security Requirements Acknowledgement
Thank you for working with Pernix International.
Some of our projects have unique handling requirements and require vendors, suppliers, and/or subcontractors to sign a Confidentiality and Non-Disclosure Agreement and review special Information Security handling requirements. To do this digitally, please review the information contained at Step 1 and 2 below, and complete the acknowledgement at Step 3.
Please review this information thoroughly, it includes information about special handling required for confidential client information, and a Confidentiality & Non-Disclosure Agreement.
A copy of this acknowledgement can be downloaded below so you can refer to it.
Step 1: Information Security Requirements
Information Security Requirements
Supplier agrees to adhere to the following requirements in respect of all Confidential Information. These requirements will apply to all Confidential Information, unless altered or annulled through mutual agreement between Discloser and Supplier.
(a) Supplier shall not refer to Customer and any of its subsidiary entities in any work materials or Confidential Information, including, but not limited to, technical schematics; written and verbal communications; administrative processes; or other project records.
(a1) Supplier shall designate a codename or codenames in lieu of Customer’s name for use in the aforementioned Confidential Information and communications.
(a2) Supplier shall inform Discloser of any instances in which use of codenames either is not feasible (such as in financial transactions) or legally permissible. In such instances, Supplier shall work in good faith with Discloser or Customer to develop a solution that reduces exposure of Customer’s data to the greatest possible extent.
(b) Supplier shall label and control all Confidential Information and communications at the highest level of confidentiality according to Supplier’s internal information security and data-handling policies. If no such policies exist, Supplier shall handle the aforementioned data and communications in accordance with Customer’s data security and labeling policies, at the level of “Need-to-Know”.
(c) Supplier shall provide, with input from Discloser or Customer, security briefings / training to all Supplier employees with access to Confidential Information, in order to educate employees on the special terms and conditions governing the project.
(d) Supplier shall restrict access to Confidential Information only to employees with a demonstrated need-to-know, as determined by Supplier in consultation with Discloser or Customer. Supplier likewise shall audit all Confidential Information for any indications of unauthorized access or compromise.
(d1) Supplier shall store all Confidential Information in an access-controlled, audited information system protected by at-rest encryption (minimum AES-128) and multifactor (two-factor) authentication.
(d2) At any time at the written request of Customer, Supplier shall provide to Customer a list of Supplier employees with access to Confidential Information.
(d3) If required by Customer, Supplier shall notify Customer as soon as reasonably practicable about any changes, dismissals, resignations, or other significant developments related to Supplier personnel with access to Confidential Information.
(d4) Supplier shall notify Customer immediately (which in all cases shall mean no later than one business day) about any suspected or confirmed breaches, leaks, spills, compromises, or unauthorized access related to Confidential Information.
(d5) To the extent permitted by applicable law, Supplier shall monitor corporate device and software utilization to ensure access to Confidential Information adheres to the information security protocols specified in paragraph 1(b).
(d6) If requested by Customer and at Customer’s expense, Supplier shall use a Customer-supplied partner domain with specially designated login credentials to share Confidential Information and/or to communicate with Customer regarding Confidential Information.
(e) Supplier shall not engage any third-party regarding Customer’s Confidential Information without prior consultation with and written approval from Customer.
(f) Supplier shall adopt additional information security measures not specified herein and as reasonably requested by Customer, with Customer hereby agreeing to reimburse Supplier for any pre-approved, documented, and verifiable increases in the cost of performing Services owing to such additional security measures.
Step 2: Review Confidentiality & Non-Disclosure Agreement
Confidentiality & Non-Disclosure Agreement
The undersigned acknowledges that Pernix International (the “Company”) has furnished or may furnish to the undersigned (“Recipient”) certain information and/or processes that are the Company’s property and used in the course of its business. The Recipient acknowledges that this data the Company has provided or may provide is confidential. This includes, but is not limited to, financial, commercially sensitive, proprietary and other non-public, confidential materials of, or concerning, the business affairs and operations of the Company (collectively, all such data is referred to as “Confidential Information”). Confidential Information does not include, information that the Recipient can demonstrate to have (i) been known at the time of disclosure to the general public, (ii) become publicly available through means other than as a result of a breach of this Agreement, or (iii) been disclosed by a third-party who is under no duty to the Company to protect the confidentiality of the same.
Recipient agrees not to disclose the Confidential Information and not to disclose that any discussions or contacts with the Company have occurred or are intended with regard to the Confidential Information, other than as provided for in the following paragraph.
The Confidential Information is being provided to Recipient solely for the purpose of pursing a working relationship for the subject project. Recipient agrees and acknowledges that disclosure of the Confidential Information will cause serious harm or damage to the Company. In particular, Recipient agrees and acknowledges that certain of the Confidential Information may be characterized as “material, non-public information” and that the use of such information, or disclosure of such information to others, in connection with the purchase and/or sale of securities may be deemed a violation of the applicable United States securities laws. Therefore, Recipient agrees that Recipient will not use the information furnished for any purpose other than as stated above and in a manner consistent with any applicable United States securities laws. Recipient further agrees that it will not either directly or indirectly by agent, employee, or representative, disclose this information, either in whole or in part, to any third-party.
However, the Recipient may disclose the Confidential Information to those directors, officers, employees and affiliates of Recipient and to Recipient’s advisors or their representatives who need such access for the purpose of evaluating the Confidential Information for the purpose described above (it being understood that those directors, officers, employees, advisors and representatives shall be informed by Recipient of the confidential nature of such information). The Recipient also shall direct them to treat such information confidentially and in the same manner as Recipient is obligated, and Recipient shall be responsible for their breach). The Recipient also may make disclosures to which the Company consents in writing.
Recipient acknowledges that the Company is relying on the Recipient’s compliance with this Agreement in connection with the Company’s decision to disclose the Confidential Information to Recipient.
Recipient acknowledges that monetary damages may not be a sufficient remedy for damages resulting from the unauthorized disclosure of Confidential Information and that the Company shall be entitled, without waiving any other rights or remedies, to such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction. In the event that the Company seeks injunctive relief of any provisions of this Agreement, Recipient agrees to waive and hereby does waive any requirement that the Company post a bond or any other security.
All Confidential Information is and shall remain the sole and exclusive property of the Company. Recipient agrees that, upon the written request of the Company, it will return or destroy all copies of the Confidential Information that it has received, as well as all other documents that incorporate or reflect the Confidential Information. This Agreement shall be binding upon Recipient and Recipient’s successors, assigns, heirs, executors and personal representatives and shall inure to the benefit of the Company and the Company’s successors and assigns. The obligations of the Recipient as stated herein shall be effective for a period of two (2) years from the date of execution of this agreement.
If any action at law or in equity is necessary to enforce or interpret the rights arising out of or relating to this Agreement, the prevailing party shall be entitled to recover reasonable attorneys’ fees, costs and necessary disbursements, in addition to any other relief to which it may be entitled.
This Agreement shall be construed and governed by the laws of the State of Illinois, regardless of the laws that might otherwise govern under applicable conflict of laws principles, and venue shall be in the State of Illinois. All obligations created by this Agreement shall survive change or termination of the parties’ business relationship.
Step 3: Complete the Information Security & NDA Acknowledgement Form
By submitting this form you are acknowledging proper handling for project material and digitally signing the Confidentiality and Non-Disclosure Agreement. A copy of the Information Security Requirements and NDA can be downloaded above for your records.