This is model contract language similar to a security addendum we use at Dropbox for security requirements for SaaS-style vendors. Please note that this is only one part of a model contract and does not cover topics such as privacy, etc., that would be covered under other addendums.

This is not legal advice. We highly recommend working with your own legal team to determine how to best employ the model language and modify it to suit your particular needs. Every security program has different challenges and risks, and we hope this is a useful starting recipe.

For more information, see https://blogs.dropbox.com/tech/2019/03/towards-better-vendor-security-assessments/