Professional services security measures
These Professional Services Security Measures describe the administrative, technical, and physical safeguards that Subcontractor must maintain when providing professional services to OpenAI or on OpenAI’s behalf. These measures are incorporated into the Agreement between the parties, and capitalized terms not defined herein have the meanings set forth in the Agreement.
Subcontractor must apply these measures to all Systems, personnel, and processes that access, process, transmit, or store Confidential Data. The term “Subcontractor” herein has the same meaning as “Supplier” under the Agreement.
- Subcontractor must assign a qualified person or team to maintain its Information Security Program and oversee compliance with these Professional Services Security Measures.
- Subcontractor must maintain written information security and privacy policies that are appropriate to the Services, consistent with its Information Security Program, and designed to comply with applicable Data Protection Laws.
- Subcontractor must communicate its security and privacy policies, code of conduct, and related procedures, including these Professional Services Security Measures, to personnel who support the Services and must require those personnel to acknowledge them at onboarding and periodically thereafter.
- If OpenAI must adhere to additional policies provided by Customer, OpenAI will provide such policies to Subcontractor and Subcontractor must comply with such policies, unless OpenAI approves a documented exception in writing
- Subcontractor must monitor compliance with its security and privacy policies and must remediate non-compliance, including through disciplinary action where appropriate.
- Subcontractor must maintain a documented risk management program that identifies, evaluates, and mitigates information security and privacy risks related to the Services.
- At least annually, Subcontractor must perform a risk assessment covering Systems, processes, locations, assets and infrastructure supporting the Services that considers internal and external threats, and the likelihood and impact of reasonably foreseeable risks.
- Subcontractor must document risk treatment decisions and track remediation of identified risks within timeframes that are reasonable for the severity and likelihood of the risk.
- Subcontractor must not transfer Customer Data out of Customer-managed environments unless the Customer approves the transfer in writing. Subcontractor must maintain evidence of that approval and provide it to OpenAI on request.
- Subcontractor must access and use Confidential Data only to provide the Services and only as permitted by the Agreement, the applicable statement of work, the Customer (as applicable), and OpenAI.
- Subcontractor must protect Confidential Data against unauthorized access, use, disclosure, alteration, and destruction using safeguards that meet these Professional Services Security Measures.
- Subcontractor must not use personal email, personal storage, personal messaging tools, or unapproved services to access, store, transmit, or process Confidential Data.
- If Customer Data is approved for storage, processing, or transmission on Subcontractor-owned or Subcontractor-controlled Systems, Subcontractor must create and follow a Data Handling Plan for the engagement.
- Each Data Handling Plan must describe the data types, roles and responsibilities, storage locations, transmission paths, transfers, processing activities, retention periods, deletion process, applicable technical safeguards, Customer policies, and the way Subcontractor will at a minimum apply these Professional Services Security Measures.
- Subcontractor must require each assigned team member to acknowledge the Data Handling Plan before accessing Customer Data. Subcontractor must submit the Data Handling Plan to OpenAI at least 15 days before storing, processing, or transmitting Customer Data on Subcontractor-owned or Subcontractor-controlled Systems.
- Subcontractor must use and access Customer Data, Customer Systems, OpenAI Systems, models, metadata, configurations, credentials, and related materials only when needed to provide the Services. Any other access or use is prohibited.
- At least 15 days before the start of an engagement, Subcontractor must provide OpenAI with a staffing plan that identifies all personnel who will provide the Services or access Confidential Data, Customer Systems, or OpenAI Systems.
- Subcontractor must update the staffing plan within 24 hours after any staffing change and must include all personnel with access to Confidential Data, Customer Systems, or OpenAI Systems.
- Subcontractor must periodically attest to the accuracy of the staffing plan on a schedule set by OpenAI.
- Subcontractor personnel included in the staffing plan must not simultaneously support another AI lab with similar Services unless OpenAI approves the assignment in writing.
- Subcontractor must provide security and privacy training to assigned personnel at onboarding and at least annually. Training should include verified awareness or these Professional Services Security Measures. Subcontractor must also require assigned personnel to complete any Customer- or OpenAI-required training before accessing Confidential Data, Customer Systems, or OpenAI Systems.
- Subcontractor must require assigned personnel to sign confidentiality agreements or be bound by written confidentiality obligations that protect Confidential Data.
- Before assigning personnel to the Services, Subcontractor must complete identity verification and background screening to the extent permitted by applicable law. Identity verification and criminal background screening must be treated as separate controls.
- Identity verification must satisfy NIST SP 800-63 Identity Assurance Level 3 or an equivalent standard approved by OpenAI.
- Background screening must include employment and education verification where required or permitted, criminal records searches for all jurisdictions where the person has lived or worked during the prior seven years or the longest period permitted by law, and Social Security number traces where available and lawful.
- Subcontractor must screen assigned personnel against applicable sanctions and export control lists, including lists maintained by the U.S. Department of the Treasury Office of Foreign Assets Control, the U.S. Department of Commerce Bureau of Industry and Security, and the U.S. Department of State Directorate of Defense Trade Controls.
- Subcontractor must not source personnel for the Services from comprehensively sanctioned territories, countries or regions subject to a U.S. Department of State Level 4 travel advisory, or countries or regions experiencing active armed conflict.
- Subcontractor must maintain evidence of completed screening and provide that evidence to OpenAI on request, subject to applicable law.
- OpenAI may require additional security checks for Subcontractor personnel before those personnel access Customer Data, Confidential Data, Customer Systems, or OpenAI Systems.
- Subcontractor must protect all laptops, workstations, servers, cloud resources, hardware, and other Systems that access, process, transmit, or store Confidential Data.
- Subcontractor must centrally manage endpoints and servers used for the Services and must maintain an accurate inventory of hardware, software, cloud resources, and Systems that support the Services.
- Subcontractor must configure Systems using secure baseline configurations and must apply security patches within timeframes appropriate to the severity of the vulnerability.
- Subcontractor must use endpoint detection, anti-malware, anti-spyware, and email security controls designed to prevent, detect, and respond to malicious activity.
- Subcontractor must encrypt Confidential Data at rest on endpoints, servers, removable media, backups, object stores, databases, and file systems.
- Subcontractor must disable or tightly control removable media used with Systems that support the Services.
- Subcontractor must not permit personnel to access Confidential Data, Customer Systems, or OpenAI Systems from non-corporate-managed devices unless OpenAI approves the access in writing.
- Subcontractor must be able to remotely disable or wipe endpoints used for the Services and must require personnel to promptly report lost, stolen, or compromised devices.
- Subcontractor must allow access to Confidential Data, Customer Systems, OpenAI Systems, and supporting Systems only while the individual is included in the approved staffing plan and has a business need for access.
- Subcontractor must maintain documented identity and access management procedures for user accounts, privileged accounts, and service accounts used for the Services.
- Subcontractor must maintain a current list of personnel and service accounts with access to (Subcontractor) Systems, Customer Systems and OpenAI Systems used for the Services.
- Subcontractor must revoke or disable access within one business day after a personnel transfer, role change, or termination. For Customer- or OpenAI-managed access, Subcontractor must notify OpenAI or the Customer within the applicable policy timeframe and no later than two hours after the relevant termination or access change.
- Subcontractor must use single sign-on for interactive logins where feasible and must require multi-factor authentication for access to Systems used for the Services.
- When passwords are used, Subcontractor must enforce strong password controls, account lockout after repeated failed attempts, and automatic session locking after inactivity.
- Subcontractor must use role-based access controls, least privilege, and separation of duties for Systems used for the Services.
- Privileged access must be granted only when technically required, approved, logged, and reviewed. Non-privileged users must not be able to perform privileged functions.
- Subcontractor must review and approve access before granting it and must perform access reviews at least quarterly for Systems used for the Services.
- Subcontractor must maintain procedures to identify, disable, rotate, and investigate compromised credentials.
- Subcontractor must maintain a data classification and handling standard that assigns security and privacy controls based on the sensitivity, confidentiality, and risk of the data.
- Subcontractor must apply its classification and handling standard to Confidential Data and must follow the applicable Data Handling Plan for each engagement.
- Subcontractor must maintain acceptable-use rules for technology resources used for the Services, including rules for remote work, approved tools, secure communications, device locking, and protection against unauthorized disclosure.
- Subcontractor must require clean desk and clear screen practices in locations where Confidential Data may be accessed or viewed.
- Subcontractor must maintain a documented change management process for changes to Systems, infrastructure, security controls, and data flows that could affect the confidentiality, integrity, or availability of Confidential Data.
- The change management process must include risk review, testing where appropriate, approval, implementation tracking, rollback planning, and post-implementation review of emergency changes.
- Subcontractor must maintain a written incident response plan for identifying, reporting, investigating, containing, mitigating, and remediating Security Incidents.
- Subcontractor must notify OpenAI at vendorsecurity@openai.com within 24 hours after becoming aware of a Security Incident. The notice must include all information reasonably available to Subcontractor that OpenAI may need to meet its legal, contractual, or customer notification obligations.
- Subcontractor must not notify a Customer, regulator, data subject, or other third party about a Security Incident involving Customer Data, Confidential Data, Customer Systems, or OpenAI Systems unless OpenAI directs the notice or applicable law requires it. If law requires notice, Subcontractor must coordinate with OpenAI to the extent legally permitted.
- Subcontractor must promptly contain, investigate, mitigate, and remediate each Security Incident and must preserve evidence relevant to the Security Incident.
- Subject to any liability limits in the Agreement, Subcontractor must reimburse OpenAI for reasonable remediation costs caused by a Security Incident, including customer notices, call center support, and credit monitoring. OpenAI controls the timing, content, and manner of notices related to Security Incident unless applicable law requires otherwise.
- Subcontractor must maintain audit records sufficient to support monitoring, investigation, and accountability for Systems used for the Services.
- Subcontractor must log privileged actions and must be able to attribute privileged activity to a named individual or approved service account.
- Subcontractor must monitor privileged activity on endpoints, servers, cloud services, and supporting infrastructure used for the Services.
- Subcontractor must monitor security and availability events, including network and service logs, and must act on alerts that indicate potential unauthorized access, suspicious activity, or service disruption.
- Subcontractor must review and analyze security logs on a regular basis and must retain security logs for at least one year unless the Agreement, Data Handling Plan, or applicable law requires a longer period.
- Subcontractor must provide relevant logs to OpenAI on request to support security, privacy, audit, incident response, or customer assurance obligations.
- Subcontractor must maintain a documented secure development lifecycle for applications, scripts, automation, infrastructure-as-code, and other Systems developed or configured for the Services.
- The secure development lifecycle must include security-by-design practices across planning, design, development, testing, deployment, and maintenance.
- Before deploying code or configuration changes to production or Customer-facing environments, Subcontractor must perform security testing appropriate to the change, including code review, threat modeling where appropriate, dependency vulnerability scanning, and static, dynamic, container, or infrastructure-as-code scanning where applicable.
- Subcontractor must retain evidence of security testing and remediation for at least 1 year and provide that evidence to OpenAI on request.
- Subcontractor must logically separate production and non-production environments. Confidential Data may not be not used in non-production environments.
- Subcontractor must logically separate Confidential Data from other customer’s data and must restrict access based on need to know.
- Subcontractor must keep backend resources that process Confidential Data on private networks, private links, VPNs, zero-trust access paths, or equivalent protected connectivity.
- Subcontractor must use network controls, including firewalls, access control lists, security groups, and network policies, to permit only authorized traffic flows and block all other traffic by default.
- Subcontractor must document permitted network flows for Systems used for the Services and must review those flows periodically.
- Subcontractor must secure non-public wireless networks with enterprise authentication and strong encryption.
- Subcontractor must maintain a vulnerability management program for Systems used for the Services.
- Subcontractor must scan Systems used for the Services on a regular basis, monitor vendor and security notifications, prioritize vulnerabilities based on severity and exploitability, remediate identified vulnerabilities, and verify remediation.
- Unless OpenAI approves a different timeframe in writing, Subcontractor must remediate Critical vulnerabilities within 15 days, High vulnerabilities within 30 days, and Moderate vulnerabilities within 90 days.
- Subcontractor must maintain controls designed to prevent, detect, and respond to malware, spyware, unauthorized devices, rogue access points, and other malicious activity affecting Systems used for the Services.
- Subcontractor must maintain physical and environmental security controls at each location where Confidential Data is stored, processed, transmitted, or accessed.
- Subcontractor must restrict physical access to authorized personnel using badge, biometric, key, or equivalent access controls.
- Subcontractor must maintain visitor logs and require visitors to be escorted in areas where Confidential Data or Systems used for the Services may be accessed.
- Subcontractor must use reasonable monitoring and intrusion controls, including 24 x 7 video surveillance where appropriate for the facility and the risk.
- Subcontractor must protect printed materials containing Confidential Data using secure storage and secure disposal practices.
- Subcontractor must securely handle, store, transport, and dispose of physical media containing Confidential Data.
- Subcontractor must maintain safeguards designed to protect the availability of Systems used for the Services.
- Subcontractor must maintain documented business continuity and disaster recovery plans for critical processes and Systems that support the Services.
- Subcontractor must perform a business impact analysis or equivalent assessment for critical processes and Systems that support the Services to identify dependencies, recovery priorities, recovery time objectives, and recovery point objectives.
- Subcontractor must back up Confidential Data where backups are needed to meet recovery objectives and must protect backups using the same security controls that apply to the source data.
- Subcontractor must test business continuity and disaster recovery plans at least annually and must track remediation of identified gaps.
- Subcontractor must not allow a subprocessor, subcontractor, vendor, or other third party to access Customer Data, Confidential Data, Customer Systems, or OpenAI Systems without OpenAI's prior written approval.
- Subcontractor must maintain a third-party risk management program for approved third parties that support the Services or have access to Confidential Data.
- Subcontractor must enter into written agreements with approved third parties that require safeguards at least as protective as these Professional Services Security Measures.
- Subcontractor must assess approved third parties before onboarding and periodically thereafter based on the risk of the Services, the data involved, and the third party's access.
- On request, Subcontractor must identify approved critical third parties, countries of origin, and key technology dependencies that support the Services.
- Subcontractor must evaluate technology and product supply chain risks that could affect the Services and must notify OpenAI of material disruptions, vulnerabilities, or emerging threats affecting those dependencies.
- Subcontractor must protect Confidential Data in transit using TLS 1.3 or higher, SSH 2, IPsec, or equivalent cryptographic protection. Subcontractor must disable SSLv3, TLS versions lower than TLS 1.3 for Systems used for the Services.
- Subcontractor must encrypt Confidential Data at rest on persistent media, including databases, object stores, file systems, endpoints, removable media, and backups, using AES-256 or equivalent cryptographic protection.
- Subcontractor must manage cryptographic keys through a dedicated key management system or equivalent process. Key access must be limited to authorized personnel and service accounts, and keys must be rotated at least annually and upon suspected compromise.
- Unless the Agreement or Data Handling Plan requires a different period, Subcontractor must retain Confidential Data for seven years and must securely dispose of Confidential Data after the retention period expires.
- Subcontractor must retain and delete Customer Data according to the Data Handling Plan or no longer than necessary to provide the Services or approved by OpenAI or the Customer.
- Subcontractor must securely dispose of Confidential Data so that the data cannot reasonably be read, reconstructed, or recovered.
- Before disposal, reassignment, or return of electronic media, Subcontractor must erase the media using NIST SP 800-88 or an equivalent industry-standard method, including secure overwrite, cryptographic erasure, degaussing, or physical destruction as appropriate.
- Subcontractor must document disposal of media and records containing Confidential Data and provide disposal evidence to OpenAI on request.
- Subcontractor must regularly monitor and test the effectiveness of controls used to protect Confidential Data, and Systems used for the Services.
- Subcontractor must engage qualified third parties to perform penetration testing against Systems used for the Services, relevant internal corporate networks, and internet-facing infrastructure. Unless OpenAI approves a different timeframe in writing, Subcontractor must remediate Critical penetration test findings within 15 days, High findings within 30 days, and Moderate findings within 90 days.
- Subcontractor must obtain periodic independent assessments of its Information Security Program, such as a SOC 2 Type 2 report, ISO/IEC 27001 certification, or equivalent independent review, and must provide the relevant report or certification to OpenAI on request.
- Subcontractor must notify OpenAI before making any material change that could reduce the effectiveness of controls protecting Confidential Data.
- During the term of the Agreement and for one year after termination, OpenAI or its designated auditor may, on reasonable notice and during normal business hours, review Subcontractor's documentation, evidence, and facilities to verify compliance with these Professional Services Security Measures.
- OpenAI's verification rights are limited to information reasonably necessary to assess compliance and are subject to appropriate confidentiality obligations.
- Subcontractor must use commercially reasonable efforts to complete security questionnaires and provide evidence requested by OpenAI for customer assurance, audit, security, privacy, or incident response purposes.
- Should Subcontractor become aware of any deviations or gaps in the implementation of these Professional Services Security Measures it must notify OpenAI without delay and develop a remediation plan. The remediation plan is subject to approval by OpenAI.
- Subcontractor represents and warrants that neither Subcontractor nor any individual assigned to the Services is a Covered Person, as defined in Executive Order 14117, Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern, and its implementing regulations.
- Subcontractor represents and warrants that it will not knowingly provide a Covered Person or a Country of Concern with access to government-related data or bulk U.S. sensitive personal data covered by the Executive Order or its implementing regulations.
- Subcontractor must promptly notify OpenAI if any representation in this section becomes inaccurate.
- Subcontractor must not engage in a Covered Data Transaction with a Country of Concern or Covered Person involving OpenAI Covered Data.
- If Subcontractor engages in a Restricted Transaction involving OpenAI Covered Data, Subcontractor must provide OpenAI with all information reasonably necessary for OpenAI to assess the transaction and any required safeguards.
- Subcontractor must promptly notify OpenAI of any government, law enforcement, or regulatory request for Confidential Data, unless legally prohibited. To the extent legally permitted, Subcontractor must seek OpenAI's written instructions before disclosing the data and must challenge unlawful or overbroad requests.
- Confidential Data means all information that Subcontractor receives, collects, accesses, stores, processes, transmits, or generates from or on behalf of OpenAI or a Customer in connection with the Services, including contractual, procurement, billing, staffing, data handling, Personal Data, Confidential Information and Customer Data.
- Covered Data has the meaning given to that term in Executive Order 14117 and its implementing regulations.
- Covered Data Transaction has the meaning given to that term in Executive Order 14117 and its implementing regulations.
- Covered Person has the meaning given to that term in Executive Order 14117 and its implementing regulations.
- Customer means the OpenAI customer that receives or benefits from the Services.
- Customer Data means prompts, completions, files, inputs, outputs, embeddings, fine-tuned model data, model weights, instructions, metadata, configurations, and other data owned, provided by, generated for, or derived from a Customer in connection with the Services.
- Data Handling Plan means the written plan for handling Customer Data during an engagement.
- Data Protection Laws means all privacy, data protection, data security, and breach notification laws and regulations that apply to the Services or to Customer Data or Confidential Data.
- Information Security Program means Subcontractor's written administrative, technical, and physical safeguards for protecting information and Systems.
- OpenAI Covered Data means Confidential Data that is subject to Executive Order 14117 or its implementing regulations.
- Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an identified or identifiable person, household, device, or similar legally protected identifier.
- Processing means any operation or set of operations performed on data, including collection, access, use, storage, transmission, disclosure, alteration, retention, deletion, or destruction.
- Restricted Transaction has the meaning given to that term in Executive Order 14117 and its implementing regulations.
- Security Incident means any actual or reasonably suspected unauthorized access to, acquisition of, disclosure of, alteration of, loss of, destruction of, or compromise to Customer Data, Confidential Data, Customer Systems, OpenAI Systems, or Systems used for the Services.
- Services means the professional services, implementation services, consulting services, support services, or other services provided by Subcontractor under the Agreement or applicable statement of work.
- Subcontractor Code of Conduct means the OpenAI Supplier Code of Conduct, as updated from time to time.
- Systems means software, hardware, networks, devices, endpoints, servers, cloud resources, applications, scripts, automation, databases, storage, and other technology resources used to provide the Services or to access, process, transmit, or store Confidential Data.