2. Splunk Security Program
2.1 Scope and Content. Splunk Security Program: (a) complies with industry recognized information security standards; (b) includes administrative, technical and physical safeguards designed to protect the confidentiality, integrity and availability of Confidential Information, including Customer Content; and (c) is appropriate to the nature, size and complexity of Splunk’s business operations.
2.2 Security Policies, Standards and Methods. Splunk maintains security policies, standards and methods (collectively, Security Policies) designed to safeguard the processing of Confidential Information, including Customer Content, by employees and contractors in accordance with this SAASA.
2.3 Security Program Office. Splunk’s Chief Information Security Officer (CISO) leads Splunk’s Security Program and the CISO Office develops, reviews and approves, together with appropriate stakeholders, Splunk’s Security Policies.
2.4 Security Program Updates. Splunk Security Program Policies are available to employees via the corporate intranet. Splunk reviews, updates and approves Security Policies annually to maintain their continuing relevance and accuracy. Employees receive information and education about Splunk’s Security Policies during onboarding and annually thereafter.
2.5 Security Training & Awareness. New employees are required to complete security training as part of the new hire process and receive annual and targeted training (as needed and appropriate to their role) thereafter to help maintain compliance with Splunk’s Security Policies, as well as other corporate policies, such as the Splunk Code of Conduct. This includes requiring Splunk employees to annually re-acknowledge the Code of Conduct and other Splunk policies as appropriate. Splunk conducts periodic security awareness campaigns to educate personnel about their responsibilities and provide guidance to create and maintain a secure workplace.