Common use of Application Security Clause in Contracts

Application Security. Supplier shall provide, maintain, and support any of its software and systems provided or used in connection with the services or products under the Agreement and subsequent updates, upgrades, and bug fixes such that they are and remain secure from vulnerabilities, utilizing recognized and comparable industry practices or standards as set forth in paragraph 9 below. Data Security - Without limiting Supplier’s confidentiality obligations or other obligations to protect data and other information of Company or its Affiliates, including any Personal Information, under the Agreement or this DSA, Supplier shall store all Personal Information in accordance with industry best practices and in compliance with all applicable laws, and use security measures, including, but not limited to, encryption and firewalls, to protect such Personal Information from unauthorized disclosure or use. Such measures shall be no less rigorous than those measures maintained by Supplier for its own data of a similar nature. When Supplier stores Personal Information in a third-party’s offsite facility, Supplier must have complied with the terms of this DSA related to disclosing Personal Information to third parties or otherwise subcontracting services or products to third parties and shall only use a third party’s offsite storage facility that is otherwise reasonably acceptable to Company, without limiting the foregoing, the facility of a third party that is in full compliance with all of the provisions of this Appendix. Data storage - Any and all Personal Information will be stored, processed, and maintained solely on designated Supplier computing and storage resources, and that no Personal Information will at any time be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that device or storage medium is in use as part of the Supplier's designated backup and recovery processes and encrypted in accordance with paragraph 6 below. Supplier shall store all backup Personal Information as part of its designated backup and recovery processes. Data Transmission - Any and all electronic transmission or exchange of Personal Information with Company and/or any third parties shall take place via secure means (using HTTPS or SFTP or equivalent) and solely in accordance with paragraph 6 below. Data Encryption - Supplier agrees that any and all Personal Information stored on any portable or laptop computing device or any portable storage medium, including all company backup data, shall be kept in encrypted form, using a commercially supported encryption solution. Encryption solutions will be deployed with no less than a 128-bit key for symmetric encryption and a 2048 (or larger) bit key length for asymmetric encryption.

Application Security. Supplier shall provide, maintain, and support any of its software and systems provided or used in connection with the services or products under the Agreement and subsequent updates, upgrades, and bug fixes such that they are and remain secure from vulnerabilities, utilizing recognized and comparable industry practices or standards as set forth in paragraph 9 below. Data Security - Without limiting Supplier’s confidentiality obligations or other obligations to protect data and other information of Company or its Affiliates, including any Personal Information, under the Agreement or this DSAJCA, Supplier shall store all Personal Information in accordance with industry best practices and in compliance with all applicable laws, and use security measures, including, but not limited to, encryption and firewalls, to protect such Personal Information from unauthorized disclosure or use. Such measures shall be no less rigorous than those measures maintained by Supplier for its own data of a similar nature. When Supplier stores Personal Information in a third-party’s offsite facility, Supplier must have complied with the terms of this DSA JCA related to disclosing Personal Information to third parties or otherwise subcontracting services or products to third parties and shall only use a third party’s offsite storage facility that is otherwise reasonably acceptable to Company, without limiting the foregoing, the facility of a third party that is in full compliance with all of the provisions of this Appendix. Data storage - Any and all Personal Information will be stored, processed, and maintained solely on designated Supplier computing and storage resources, and that no Personal Information will at any time be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that device or storage medium is in use as part of the Supplier's designated backup and recovery processes and encrypted in accordance with paragraph 6 below. Supplier shall store all backup Personal Information as part of its designated backup and recovery processes. Data Transmission - Any and all electronic transmission or exchange of Personal Information with Company and/or any third parties shall take place via secure means (using HTTPS or SFTP or equivalent) and solely in accordance with paragraph 6 below. Data Encryption - Supplier agrees that any and all Personal Information stored on any portable or laptop computing device or any portable storage medium, including all company backup data, shall be kept in encrypted form, using a commercially supported encryption solution. Encryption solutions will be deployed with no less than a 128-bit key for symmetric encryption and a 2048 (or larger) bit key length for asymmetric encryption.

Application Security. Supplier shall provide, maintain, and support any of its software and systems provided or used in connection with the services or products under the Agreement and subsequent updates, upgrades, and bug fixes such that they are and remain secure from vulnerabilities, utilizing recognized and comparable industry practices or standards as set forth in paragraph 9 below. Data Security - Without limiting Supplier’s confidentiality obligations or other obligations to protect data and other information of Company or its Affiliates, including any Personal Information, under the Agreement or this DSADPA, Supplier shall store all Personal Information in accordance with industry best practices and in compliance with all applicable laws, and use security measures, including, but not limited to, encryption and firewalls, to protect such Personal Information from unauthorized disclosure or use. Such measures shall be no less rigorous than those measures maintained by Supplier for its own data of a similar nature. When Supplier stores Personal Information in a third-party’s offsite facility, Supplier must have complied with the terms of this DSA DPA related to disclosing Personal Information to third parties or otherwise subcontracting services or products to third parties and shall only use a third party’s offsite storage facility that is otherwise reasonably acceptable to Company, without limiting the foregoing, the facility of a third party that is in full compliance with all of the provisions of this Appendix. Data storage - Any and all Personal Information will be stored, processed, and maintained solely on designated Supplier computing and storage resources, and that no Personal Information will at any time be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that device or storage medium is in use as part of the Supplier's designated backup and recovery processes and encrypted in accordance with paragraph 6 below. Supplier shall store all backup Personal Information as part of its designated backup and recovery processes. Data Transmission - Any and all electronic transmission or exchange of Personal Information with Company and/or any third parties shall take place via secure means (using HTTPS or SFTP or equivalent) and solely in accordance with paragraph 6 below. Data Encryption - Supplier agrees that any and all Personal Information stored on any portable or laptop computing device or any portable storage medium, including all company backup data, shall be kept in encrypted form, using a commercially supported encryption solution. Encryption solutions will be deployed with no less than a 128-bit key for symmetric encryption and a 2048 (or larger) bit key length for asymmetric encryption.