Annual Review of Information Security Program. On at least an annual basis, SS&C will review its Information Security Program, and update and revise it as needed. SS&C may provide Client with SS&C’s written due diligence questionnaire on an annual basis (which will be in lieu of all other questionnaires that may be requested) and (SS&C will have the right to deny) upon approval by SS&C will respond to all reasonable requests in a reasonable timeframe upon 30-45 day written notice with Client paying for time spent by SS&C’s personnel to respond. Client may also request on an annual basis a copy of SS&C’s non-confidential policies and procedures, applicable SOC reports procured by SS&C, a penetration test attestation, and SS&C’s SIG. At no time will SS&C be required to reveal any details or information that could reasonably be expected to jeopardize the security or integrity of any SS&C system or the confidentiality or security of any other client’s data.