This is an archived version of our Samooha Offering Security Addendum dated March 6, 2024. View the current Data Clean Rooms Security Agreement here.
This Samooha Offering Security Addendum (the “Samooha Offering Security Addendum”) is incorporated into and made a part of the Snowflake Samooha Offering Terms between Snowflake and Customer that references this document (the “Agreement”). Any capitalized terms used but not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Samooha Offering Security Addendum, this Samooha Offering Security Addendum shall govern.
Snowflake utilizes infrastructure-as-a-service cloud providers as further described in the Agreement and/or Samooha Documentation (each, a “Cloud Provider”) and provides the Samooha Offering to Customer using a VPC/VNET and storage hosted by the applicable Cloud Provider (the “Cloud Environment”).
Snowflake maintains a comprehensive documented security program based on NIST 800-53 (or industry recognized successor framework), under which Snowflake implements and maintains physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Samooha Offering (the “Samooha Offering Security Program”), including, but not limited to, as set forth below. Snowflake regularly tests and evaluates its Samooha Offering Security Program, and may review and update its Samooha Offering Security Program as well as this Samooha Offering Security Addendum, subject to section 15.5 (Changes in Terms) of the Agreement.
1. System & Network Security
1.1. Access Controls.
1.1.1. All Snowflake personnel access to the Cloud Environment is via a unique user ID, consistent with the principle of least privilege, and requires a VPN, as well as multi-factor authentication and passwords meeting or exceeding PCI-DSS length and complexity requirements.
1.1.2. Snowflake personnel will not access Samooha-Processed Data or CMA Customer Data (as applicable) except (i) as reasonably necessary to provide the Samooha Offering under the Agreement or (ii) to comply with the law or a binding order of a governmental body
1.2. Endpoint Controls. For access to the Cloud Environment, Snowflake personnel use Snowflake-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint detection and response (EDR) tools to monitor and alert for suspicious activities and Malicious Code (as defined below), and (iii) vulnerability management in accordance with Section 1.7.3 (Vulnerability Management).
1.3. Separation of Environments. Snowflake logically separates production environments from development environments. The Cloud Environment is both logically and physically separate from Snowflake’s corporate offices and networks.
1.4. Firewalls / Security Groups. Snowflake shall protect the Cloud Environment using industry standard firewall or security groups technology with deny-all default policies to prevent egress and ingress network traffic protocols other than those that are business-required.
1.5. Hardening. The Cloud Environment shall be hardened using industry-standard practices to protect it from vulnerabilities, including by changing default passwords, removing unnecessary software, disabling or removing unnecessary services, and regular patching as described in this Samooha Offering Security Addendum.
1.6. Monitoring & Logging. Monitoring tools or services, such as host-based intrusion detection tools, are utilized to log certain activities and changes within the Cloud Environment. These logs are further monitored, analyzed for anomalies, and are securely stored to prevent tampering for at least one year.
1.7. Vulnerability Detection & Management.
1.7.1. Anti-Virus & Vulnerability Detection. The Cloud Environment leverages advanced threat detection tools with daily signature updates, which are used to monitor and alert for suspicious activities, potential malware, viruses and/or malicious computer code (collectively, “Malicious Code”). Snowflake has no obligation to monitor Samooha-Processed Data or CMA Customer Data (as applicable) for Malicious Code.
1.7.2. Penetration Testing & Vulnerability Detection. Snowflake regularly conducts penetration tests and engages one or more independent third parties to conduct penetration tests of the Samooha Offering at least annually. Snowflake also runs weekly vulnerability scans for the Cloud Environment using updated vulnerability databases.
1.7.3. Vulnerability Management. Vulnerabilities meeting defined risk criteria trigger alerts and are prioritized for remediation based on their potential impact to the Samooha Offering. Upon becoming aware of such vulnerabilities, Snowflake will use commercially reasonable efforts to address private and public (e.g., U.S.-CERT announced) critical and high vulnerabilities within 30 days, and medium vulnerabilities within 90 days. To assess whether a vulnerability is ‘critical’, ‘high’, or ‘medium’, Snowflake leverages the National Vulnerability Database’s (NVD) Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-CERT rating.
2. Administrative Controls
2.1. Personnel Security. Snowflake requires criminal background screening on its personnel as part of its hiring process, to the extent permitted by applicable law.
2.2. Personnel Training. Snowflake maintains a documented security awareness and training program for its personnel, including, but not limited to, onboarding and on-going training.
2.3. Personnel Agreements. Snowflake personnel are required to sign confidentiality agreements. Snowflake personnel are also required to sign Snowflake’s information security policy, which includes acknowledging responsibility for reporting security incidents.
2.4. Personnel Access Reviews & Separation. Snowflake reviews the access privileges of its personnel to the Cloud Environment at least quarterly, and removes access on a timely basis for all separated personnel.
2.5. Snowflake Risk Management & Threat Assessment. Snowflake’s risk management process is modeled on NIST 800-53 and ISO 27001. Snowflake’s security committee meets regularly to review reports and material changes in the threat environment, and to identify potential control deficiencies in order to make recommendations for new or improved controls and threat mitigation strategies.
2.6. External Threat Intelligence Monitoring. Snowflake reviews external threat intelligence, including U.S.-CERT vulnerability announcements and other trusted sources of vulnerability reports. U.S.-CERT announced vulnerabilities rated as critical or high are prioritized for remediation in accordance with Section 1.7.3 (Vulnerability Management).
2.7. Change Management. Snowflake maintains a documented change management program for the Samooha Offering.
2.8. Vendor Risk Management. Snowflake maintains a vendor risk management program for vendors that process Samooha-Processed Data or CMA Customer Data (as applicable) designed to ensure each vendor maintains security measures consistent with Snowflake’s obligations in this Samooha Offering Security Addendum.
3. Physical & Environmental Controls
3.1. Cloud Environment Data Centers. To ensure the Cloud Provider has appropriate physical and environmental controls for its data centers hosting the Cloud Environment, Snowflake regularly reviews those controls as audited under the Cloud Provider’s third-party audits and certifications. Each Cloud Provider shall have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks. Such controls, shall include, but are not limited to, the following:
3.1.1. Physical access to the facilities are controlled at building ingress points;
3.1.2. Visitors are required to present ID and are signed in;
3.1.3. Physical access to servers is managed by access control devices;
3.1.4. Physical access privileges are reviewed regularly;
3.1.5. Facilities utilize monitor and alarm response procedures;
3.1.6. Use of CCTV;
3.1.7. Fire detection and protection systems;
3.1.8. Power back-up and redundancy systems; and
3.1.9. Climate control systems.
3.2. Snowflake Corporate Offices. Snowflake’s technical, administrative, and physical controls for its corporate offices covered by its ISO 27001 certification, shall include, but are not limited to, the following:
3.2.1. Physical access to the corporate office is controlled at office ingress points;
3.2.2. Badge access is required for all personnel and badge privileges are reviewed regularly;
3.2.3. Visitors are required to sign in;
3.2.4. Use of CCTV at building ingress points;
3.2.5. Tagging and inventory of Snowflake-issued laptops and network assets;
3.2.6. Fire detection and sprinkler systems; and
3.2.7. Climate control systems.
4. Incident Detection & Response
4.1. Security Incident Reporting. If Snowflake becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Samooha-Processed Data or CMA Customer Data (as applicable) (a “Security Incident”), Snowflake shall notify Customer without undue delay after becoming aware. Snowflake’s notification shall be sent to the email provided by Customer to Snowflake for such purposes, and where no such email is provided, Customer acknowledges that the means of notification shall be at Snowflake’s reasonable discretion and Snowflake’s ability to timely notify shall be negatively impacted.
4.2. Investigation. In the event of a Security Incident as described above, Snowflake shall promptly take reasonable steps to contain, investigate, and mitigate any Security Incident. Any logs determined to be relevant to a Security Incident, shall be preserved for at least one year.
4.3. Communication and Cooperation. Snowflake shall provide Customer timely information about the Security Incident to the extent known to Snowflake, including, but not limited to, the nature and consequences of the Security Incident, the measures taken and/or proposed by Snowflake to mitigate or contain the Security Incident, the status of Snowflake’s investigation, a contact point from which additional information may be obtained, and the categories and approximate number of data records concerned. Notwithstanding the foregoing, Customer acknowledges that because Snowflake personnel may not have visibility to the content of Samooha-Processed Data or CMA Customer Data (as applicable), it may be unlikely that Snowflake can provide information as to the particular nature of the Samooha-Processed Data or CMA Customer Data (as applicable), or where applicable, the identities, number, or categories of affected data subjects. Communications by or on behalf of Snowflake with Customer in connection with a Security Incident shall not be construed as an acknowledgment by Snowflake of any fault or liability with respect to the Security Incident.
5. Customer Rights & Shared Security Responsibilities
5.1. Customer Penetration Testing. Customer may provide a written request for a penetration test of its Account or Cleanroom Managed Account (as applicable) (“Pen Test”) by submitting such request via a support ticket. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on details of such Pen Test, including the start date, scope and duration, as well as reasonable conditions designed to mitigate potential risks to confidentiality, security, or other potential disruption of the Samooha Offering or Snowflake’s business. Pen Tests and any information arising therefrom are deemed Snowflake’s Confidential Information. If Customer discovers any actual or potential vulnerability in connection with a Pen Test, Customer must immediately disclose it to Snowflake and shall not disclose it to any third-party.
5.2. Customer Audit Rights.
5.2.1. Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor“), access to (i) Snowflake’s most recently completed industry standard security questionnaire, such as a SIG or CAIQ and (ii) data flow diagrams for the Samooha Offering (collectively with Third-Party Audits, “Audit Reports”).
5.2.2. Customer may also send a written request for an audit of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of and security and confidentiality controls applicable to any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. Audit Reports, any audit, and any information arising therefrom shall be considered Snowflake’s Confidential Information.
5.2.3. Where the Auditor is a third-party (or Customer is using a third-party to conduct an approved Pen Test under Section 5.2.1), such third party may be required to execute a separate confidentiality agreement with Snowflake prior to any audit, Pen Test, or review of Audit Reports, and Snowflake may object in writing to such third party if in Snowflake’s reasonable opinion the third party is not suitably qualified or is a direct competitor of Snowflake. Any such objection by Snowflake will require Customer to appoint another third party or conduct such audit, Pen Test, or review itself. Any expenses incurred by an Auditor in connection with any review of Audit Reports, or an audit or Pen Test, shall be borne exclusively by the Auditor.
5.3 Shared Security Responsibilities. Without diminishing Snowflake’s commitments in this Samooha Offering Security Addendum, Customer agrees:
5.3.1. Snowflake has no obligation to assess the content, accuracy or legality of Samooha-Processed Data or CMA Customer Data (as applicable), including to identify information subject to any specific legal, regulatory or other requirement and Customer is responsible for making appropriate use of the Samooha Offering to ensure a level of security appropriate to the particular content of Samooha-Processed Data or CMA Customer Data (as applicable), pseudonymization of Samooha-Processed Data or CMA Customer Data, and backing-up Samooha-Processed Data or CMA Customer Data (as applicable);
5.3.2. Customer is responsible for managing and protecting its credentials, including but not limited to (i) ensuring that all Users keep credentials confidential and not share such information with unauthorized parties, (ii) promptly reporting to Snowflake any suspicious activities related to the Samooha Offering (e.g., a user credential has been compromised), and (iv) maintaining appropriate password uniqueness, length, complexity, and expiration.