This Customer Security Policy defines the applicable security requirements that you must follow when accessing the E2open LLC, our divisions, affiliates and subsidiaries (collectively “E2open”) network. The examples listed in this policy are not exhaustive. E2open reserves the right to remove any content or restrict or terminate your use of the software and services for activities or content if Customer knowingly violates this policy or any agreement pursuant to which you use the services. E2open may change this policy from time to time by posting the updated policy on its web site (http://www.e2open.com and all related sites operated by or for E2open). You are deemed to accept a change to this policy upon your use of the software and services following any such change. If you do not accept this policy, you may not access E2open’s network or use any of the software and services.
- E2open must be notified by Customer when Customer diverges or plans on diverging from “standard industry practices” regarding E2open technology and security;
- All connections or communications to E2open must be made with a cryptographically secure mechanism, either in the protocol connection or by solution encryption and digital signatures;
- Exceptions need to be approved in writing by both E2open and Customer’s security representative for the following: (i) production data should not be used in non-production environments; (ii) digital certificates used to interact with E2open must be from certificate authorities trusted in the industry;
- User identities and passwords used to connect to the E2open environment must be kept strictly confidential;
- E2open must be immediately notified in the event of a breach of security involving E2open data;
- Service accounts used to provide system services must not be used by an individual to log into E2open’s environment;
- Customer must put adequate procedures in place to ensure that access is removed for Users who are no longer authorized to access the E2open network;
- Privileges given to Users of E2open applications must be appropriate for their role/position;
- Users of the E2open network must not enter false or malicious information into E2open’s applications or network;
- Vulnerability and application testing may be performed by Customer only with prior written consent of E2open;
- Customer is responsible for verifying the data integrity in Customer’s ERP and other systems, including verification that transactions have been entered completely, accurately, and on a timely basis, which includes reconciling Customer’s ERP and other systems with data and reports based on its use of the E2open solution;
- Customers should have controls in place and operating effectively, to ensure there is appropriate antivirus protection for their IT environment.
This Customer Security Policy was last updated on May 15, 2020 and reviewed on May 7, 2020.