Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such information, SunTrust will have the right to conduct remote or on-site audits of FMC, at SunTrust’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten (10) Business Days prior written notice to FMC. Testing conducted will be performed only on ports of application hosts, operating systems, and web server software utilized in the course of performing Services for SunTrust. Testing will emulate tactics used by outside attackers with and without knowledge of specific applications, and with malicious intent, however, no such tactic shall interrupt services (e.g., denial of service attacks). Testing will not include the following actions or methods: changes to assigned user passwords; telephone modem probes and scans (active and passive); intentional viewing of email content, internet caches, and/or cookie files; or DoS attacks (smurf, land, SYN flood, etc.). Such audits and reviews may be performed by SunTrust, its agent, or an independent third party bound by a nondisclosure provision substantially similar to that set forth above in this Agreement, and may include reasonable testing of the Security Systems, including periodic vulnerability scans. Upon request, SunTrust shall provide to FMC the results of, and any data obtained from, such vulnerability assessment. Any such information security tests will be scheduled by mutual agreement of the Parties. FMC will provide SunTrust with such reasonable assistance and information as may be necessary for the performance of such testing. SunTrust will use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust to perform the audit. SunTrust will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third party. To the extent that any system data or information is obtained by SunTrust in the course of such assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.
Appears in 2 contracts
Samples: Loan Program Agreement (First Marblehead Corp), Loan Program Agreement (First Marblehead Corp)
Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such information, SunTrust will have the right to request or conduct remote or on-site audits of FMC, at SunTrust’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten (10) Business Days prior written notice to FMC. Testing conducted will be performed only The Parties shall mutually agree on ports the scope, scale and type of application hosts, operating systems, and web server software utilized in the course of performing Services for SunTrusttesting. Testing will emulate tactics used by outside attackers with and without knowledge of specific applications, and with malicious intent, however, no such tactic shall interrupt services (e.g., denial of service attacks). Testing will not include the following actions or methods: changes to assigned user passwords; telephone modem probes and scans (active and passive); intentional viewing of email content, internet caches, and/or cookie files; or DoS attacks (smurf, land, SYN flood, etc.). Such The audits and reviews may be performed by SunTrust, its agent, or an independent third party identified and contracted by FMC and subject to reasonable approval of SunTrust bound by a nondisclosure provision substantially non-disclosure provisions similar to that set forth above those in this Agreement, and may shall include reasonable testing of the Security Systems, including periodic vulnerability scans. Upon request, SunTrust shall provide The Parties will schedule the testing at a mutually agreeable time and will cooperate in structuring the tests so as to FMC the results of, and any data obtained from, such vulnerability assessment. Any such information security tests will be scheduled by mutual agreement of the Parties. FMC will provide SunTrust with such reasonable assistance and information as may be necessary for the performance of such testing. SunTrust will use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust to perform the audit. SunTrust will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third partyparty and may instead provide a summary of results describing any identified vulnerability or risk and proposing remedial action. To the extent that any system data or information is obtained by SunTrust in the course of such an assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.
Appears in 1 contract
Audit Scope. Solely with respect to SunTrust Lender Proprietary Information and Consumer Information, to assess the effective protection of such information, SunTrust Lender will have the right to conduct remote or on-site audits of FMC, at SunTrustLender’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten thirty (1030) Business Days days’ prior written notice to FMC. Lender acknowledges and agrees that, Lender may conduct no more than one (1) audit permitted by this Article 14 and/or Article 10 of this Agreement during any calendar year. Testing conducted will be performed only on ports of application hosts, operating systems, and web server software utilized in the course of performing Services for SunTrustLender. Testing will emulate tactics used by outside attackers with and without knowledge of specific applications, and with malicious intent, however, no such tactic shall interrupt services (e.g., denial of service attacks). Testing will not include the following actions or methods: changes to assigned user passwords; telephone modem probes and scans (active and passive); intentional viewing of email content, internet caches, and/or cookie files; or DoS attacks (smurf, land, SYN flood, etc.). Such audits and reviews may be performed by SunTrustLender, its agentPersonnel, agents, or an independent third party party, provided that any such person is bound by a nondisclosure provision substantially similar to or agreement no less protective of FMC and/or FMER and its Proprietary Information and Consumer Information that set forth above in this Agreement. Lender shall be responsible for ensuring that any of its Personnel, agents, or independent third parties satisfy each of the requirements in the preceding sentence prior to conducting and at all times during the conduct of any such audit, and may include reasonable testing of the Security Systems, including periodic vulnerability scansfor such Persons’ compliance with this Article 14 and Article 10 at all such times. Upon request, SunTrust Lender shall provide to FMC the results of, and any data obtained from, such vulnerability assessment. Any such information security tests will be scheduled by mutual agreement of the Parties. FMC will provide SunTrust with such reasonable assistance and information as may be necessary for the performance of such testing. SunTrust Lender will use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust Lender to perform the audit. SunTrust Lender will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third party. To the extent that any system data or information is obtained by SunTrust Lender or any of its Personnel, agents or other representatives or other independent third parties in the course of such assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust Lender shall treat it in accordance with Article 1412. In no event shall SunTrust Lender or any of its Personnel, agents, representatives or independent third parties retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust Lender nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.
Appears in 1 contract