Common use of Access to Information Systems Clause in Contracts

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC . For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Portal at: (DXC-Data & Network Security Schedule-DNSS). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. (Intentionally Omitted). Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurred.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Portal at: (DXC-Data & Network Security Schedule-DNSS). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 11.1 (Intentionally Omitted). . 11.2 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. writing.‌ 11.3 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. . 11.4 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ Breach. 11.5 DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurred.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY SECURITY 1.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Supplier Portal at: (DXC-Data & Network Security Schedule-DNSSxxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 1.2 (Intentionally Omitted). . 1.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. . 1.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. Products.‌ 1.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurredBreach.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an a DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY SECURITY‌‌‌‌‌‌‌‌‌‌‌ 11.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Portal at: (DXC-Data & Network Security Schedule-DNSS). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 11.2 (Intentionally Omitted). . 11.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. writing.‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. . 11.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ Breach. 11.6 DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurred.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY SECURITY 1.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Portal at: (DXC-Data & Network Security Schedule-DNSS). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 1.2 (Intentionally Omitted). . 1.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. . 1.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. . 1.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurredBreach.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an a DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY SECURITY‌‌‌‌‌‌‌‌‌‌‌ 11.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Supplier Portal at: (DXC-Data & Network Security Schedule-DNSSxxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 11.2 (Intentionally Omitted). . 11.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. writing.‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. . 11.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ Breach. 11.6 DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurred.

Access to Information Systems. Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC ’ DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems. 11 INFORMATION SECURITY SECURITY‌ 11.1 Supplier shall implement and maintain security measures to protect DXC Data, Services and Products in accordance with the Data & Network Security Schedule ("DNSS") as set forth herein on the DXC Supplier Portal at: (DXC-Data & Network Security Schedule-DNSSxxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf). The DNSS forms part of the Agreement. Capitalized terms not specifically defined in this Agreement or in this section “Information Security”, shall have the meaning set forth in the DNSS. . 11.2 (Intentionally Omitted). . 11.3 Supplier shall only Process DXC Data and access information systems to the extent and in a manner necessary to provide the Services, software or Products, in accordance with this Agreement and any SOW, this section “Information Security” and the “DNSS”. Any access to or use of DXC information systems or Processing of DXC Data by or on behalf of Supplier for any other purpose, not explicitly authorized in writing by DXC, shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove DXC Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of DXC Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the DXC Data or provide Services or Products in accordance with such Applicable Laws, this Agreement and any SOW, this section “Information Security” and the “DNSS, then Supplier shall immediately notify DXC in writing. writing.‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect DXC Data against Security Breach and to provide secure Services or Products. . 11.5 All Notifications, whether related to Security Breach, Product security, vulnerability or non-compliance, shall be made to the DXC Security Incident Response and Control Center via (a) email to: XXXXX@xxx.xxx and (b) telephonically to 0 (000) 000 0000 Americas and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with notification within 24 hours after Supplier becomes aware of a Security Breach.‌ Breach. 11.6 DXC reserves the right to audit, inspect, and make copies or extracts (“Audit”) of Supplier’s records and processes which evidences Supplier’s performance under, and compliance with, this Agreement (including without limitation and to the extent permitted by applicable laws, all materials pertaining to drug tests and background checks of all personnel and subcontractors assigned to DXC), at any time within 7 days prior notice to Supplier. As applicable, such Audit may also apply to Supplier’s data processing facilities, affiliates, subcontractors and data files as reasonably necessary to confirm Supplier’s compliance with the provisions of this Agreement. Such Audits shall be arranged by discussion with the Supplier and shall be subject to the Supplier’s security policies. Additionally, Supplier will make its employees, officers, and directors available for meetings with DXC or its representatives if DXC has reasonable grounds for believing that the Supplier has not complied with this Agreement. If an Audit reveals that Supplier is in material breach of its obligations under this Agreement, Supplier shall reimburse DXC for all costs of the Audit, including without limitation the costs of any third-party auditors engaged by DXC, the costs of DXC’s internal employee auditors for actual working time and travel expenses incurred.