Common use of Business Continuity Plan Clause in Contracts

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this Agreement, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries of Custodian’s disaster recovery and business resiliency/continuity plans (“DR Plans”) pertinent to the services provided hereunder, which shall address Custodian’s ability to render services under this Agreement during and after a significant business disruption, including the availability to Custodian of back-up services and redundancies, will be provided to the Funds. Custodian reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise Custodian’s ability to maintain services in accordance with this Agreement. Upon written request of the Funds, Custodian agrees to report to the Funds on its business continuity policy which may include an annual presentation on its business continuity procedures. Custodian’s DR Plans shall be tested no less than annually with the ability of the Funds to participate in the testing unless impracticable. The Custodian shall provide the Funds with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds or their designee upon Custodian becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a material business disruption associated with the services outlined in this Agreement, Custodian agrees to cooperate with the Funds or their designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian will promptly complete a root cause analysis report and email it to the Funds or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian will implement to ensure the disruption does not re-occur.

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in Upon written request by a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this AgreementFund, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries summaries of Custodian’s disaster recovery and business resiliency/continuity plans (“DR PlansBusiness Continuity Plan”) pertinent to the services provided hereunder, which shall address Custodian’s ability to render services under this Agreement during and after a Force Majeure Event or other significant business disruption, including the availability to Custodian of back-up services and redundancies, will be provided to the Funds. Custodian reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise Custodian’s ability to maintain services in accordance with this Agreementa Fund. Upon written request of the Fundsa Fund, Custodian agrees to report to the Funds a Fund on its business continuity policy which may include an annual presentation on its business continuity proceduresBusiness Continuity Plan. Custodian’s DR Plans Business Continuity Plan shall be tested no less than annually with the ability of the Funds to participate in the testing unless impracticableannually. The Custodian shall provide the Funds a Fund with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds a Fund or their its designee upon Custodian becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a Force Majeure Event or other material business disruption associated with the services outlined in this Agreement, Custodian agrees to cooperate with the Funds a Fund or their its designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian will promptly complete a root cause analysis report and email it to the Funds or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian will implement to ensure the disruption does not re-occurBusiness Continuity Plan.

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this Agreement, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries of CustodianBNY Mellon’s disaster recovery and business resiliency/continuity plans (“DR Plans”) pertinent to the services provided hereunder, which shall address CustodianBNY Mellon’s ability to render services under this Agreement during and after a significant business disruption, including the availability to Custodian BNY Mellon of back-up services and redundancies, redundancies will be provided to the FundsTrust. Custodian BNY Mellon reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise CustodianBNY Mellon’s ability to maintain services in accordance with this Agreement. Upon written request of the FundsTrust, Custodian BNY Mellon agrees to report to the Funds Trust on its business continuity policy which may include an annual presentation on its business continuity procedures. CustodianBNY Mellon’s DR Plans shall be tested no less than annually with the ability of the Funds Trust to participate in the testing unless impracticable. The Custodian BNY Mellon shall provide the Funds Trust with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian BNY Mellon agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds Trust or their its designee upon Custodian BNY Mellon becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a material business disruption associated with the services outlined in this Agreement, Custodian BNY Mellon agrees to cooperate with the Funds Trust or their its designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian BNY Mellon of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian BNY Mellon will promptly complete a root cause analysis report and email it to the Funds Trusts or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian BNY Mellon will implement to ensure the disruption does not re-occur.

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this Agreement, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries of CustodianBNY Mellon’s disaster recovery and business resiliency/continuity plans (“DR Plans”) pertinent to the services provided hereunder, which shall address CustodianBNY Mellon’s ability to render services under this Agreement during and after a significant business disruption, including the availability to Custodian BNY Mellon of back-up services and redundancies, redundancies will be provided to the FundsTrusts. Custodian BNY Mellon reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise CustodianBNY Mellon’s ability to maintain services in accordance with this Agreement. Upon written request of the FundsTrusts, Custodian BNY Mellon agrees to report to the Funds Trusts on its business continuity policy which may include an annual presentation on its business continuity procedures. CustodianBNY Mellon’s DR Plans shall be tested no less than annually with the ability of the Funds Trusts to participate in the testing unless impracticable. The Custodian BNY Mellon shall provide the Funds Trusts with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian BNY Mellon agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds Trusts or their designee upon Custodian xxxx XXX Xxxxxx becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a material business disruption associated with the services outlined in this Agreement, Custodian BNY Mellon agrees to cooperate with the Funds Trusts or their designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian BNY Mellon of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian BNY Mellon will promptly complete a root cause analysis report and email it to the Funds Trusts or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian BNY Mellon will implement to ensure the disruption does not re-occur.

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused Upon written request by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this AgreementFund, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries summaries of Custodian’s disaster recovery and business resiliency/continuity plans (“DR PlansBusiness Continuity Plan”) pertinent to the services provided hereunder, which shall address Custodian’s ability to render services under this Agreement during and after a Force Majeure Event or other significant business disruption, including the availability to Custodian of back-up services and redundancies, will be provided to the Funds. Custodian reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise Custodian’s ability to maintain services in accordance with this AgreementFund. Upon written request of the FundsFund, Custodian agrees to report to the Funds Fund on its business continuity policy which may include an annual presentation on its business continuity proceduresBusiness Continuity Plan. Custodian’s DR Plans Business Continuity Plan shall be tested no less than annually with the ability of the Funds to participate in the testing unless impracticableannually. The Custodian shall provide the Funds Fund with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds Fund or their its designee upon Custodian becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a Force Majeure Event or other material business disruption associated with the services outlined in this Agreement, Custodian agrees to cooperate with the Funds Fund or their its designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian will promptly complete a root cause analysis report and email it to the Funds or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian will implement to ensure the disruption does not re-occurBusiness Continuity Plan.

Business Continuity Plan. The Custodian shall provide internally, or shall enter into and shall maintain in effect with appropriate parties one or more agreements making reasonable provisions for emergency use of electronic data processing equipment to the extent appropriate equipment is available. In the event of equipment failures, the Custodian shall, at no additional expense to the applicable FundTrust, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this Agreement, the Custodian shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries of Custodian’s disaster recovery and business resiliency/continuity plans (“DR Plans”) pertinent to the services provided hereunder, which shall address Custodian’s ability to render services under this Agreement during and after a significant business disruption, including the availability to Custodian of back-up services and redundancies, will be provided to the FundsTrusts. Custodian reserves the right to edit or update its DR Plans as needed from time to time, without notice, so long as the changes do not materially compromise Custodian’s ability to maintain services in accordance with this Agreement. Upon written request of the FundsTrusts, Custodian agrees to report to the Funds Trusts on its business continuity policy which may include an annual presentation on its business continuity procedures. Custodian’s DR Plans shall be tested no less than annually with the ability of the Funds Trusts to participate in the testing unless impracticable. The Custodian shall provide the Funds Trusts with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds Trusts or their designee upon Custodian becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a material business disruption associated with the services outlined in this Agreement, Custodian agrees to cooperate with the Funds Trusts or their designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian of its obligation to implement the DR Plans and to provide the disaster recovery services contained therein. In the event of a service disruption, once normal service has been restored, Custodian will promptly complete a root cause analysis report and email it to the Funds Trusts or their designee. The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian will implement to ensure the disruption does not re-occur.

Business Continuity Plan. The Custodian shall, at no additional expense to the Fund, take reasonable steps to minimize service interruptions in the event of power or other mechanical failure, work stoppage, computer virus, national state or local disaster, governmental action, communication disruption or other event that may impair the Custodian’s performance of services hereunder and that is beyond the Custodian’s control. The Custodian will maintain a business continuity plan and will provide an executive summary of such plan upon reasonable request of the Fund. The Custodian will test the adequacy of its business continuity plan at least annually. Upon request by the Fund, the Custodian will provide the Fund with a letter assessing the most recent business continuity test results. In the event of a business disruption that materially impacts the Custodian’s provision of services under this Agreement, the Custodian will promptly notify the Fund of the disruption and the steps being implemented under the business continuity plan. The Custodian represents that its business continuity plan is appropriate for its business as a provider of fund administration services to investment companies registered under the 1940 Act. The Custodian shall provide internally, or shall also enter into and shall maintain in effect at all times during the term of this Agreement with appropriate parties one or more agreements making reasonable provisions provision, at a level the Custodian believes consistent with other similarly situated providers of administration and accounting services, for (i) periodic back-up of the computer files and data with respect to the Fund and (ii) emergency use of electronic data processing equipment to the extent appropriate equipment is availableprovide services under this Agreement. In the event If access or use of equipment failures, the Custodian shall, at no additional expense to the applicable Fund, take reasonable steps to minimize service interruptions. Provided BNY Mellon has acted with the reasonable care and due diligence of persons acting in a similar capacity and maintains the business continuity plan contemplated in this section of the Agreement and further provided such loss of data or service interruption caused by equipment failure is not caused by the Custodian’s failure to meet the Standard of Care set forth in Section 9.1 of this Agreement in the performance of its duties under this Agreementservices is interrupted, the Custodian appropriate backup shall have no liability with respect to the loss of data or service interruptions caused by equipment failure. Summaries of Custodian’s disaster recovery and business resiliency/continuity plans (“DR Plans”) pertinent to the services provided hereunder, which shall address Custodian’s ability to render services under this Agreement during and after be activated within a significant business disruption, including the availability to Custodian of back-up services and redundancies, will be provided to the Funds. Custodian reserves the right to edit or update its DR Plans as needed from commercially reasonable time to time, without notice, so long as the changes do not materially compromise Custodian’s ability to maintain services in accordance with this Agreement. Upon written request of the Funds, Custodian agrees to report to the Funds on its business continuity policy which may include an annual presentation on its business continuity procedures. Custodian’s DR Plans shall be tested no less than annually with the ability of the Funds to participate in the testing unless impracticable. The Custodian shall provide the Funds with summary results of such testing on an annual basis and, where unsuccessful tests or significant issues related to the services provided hereunder arise, provide sufficient evidence of remediation or resolution. Custodian agrees to maintain a log of all business continuity events and report material business continuity events affecting the services hereunder to the Funds or their designee upon Custodian becoming aware of any such event, as well as steps proposed in order to minimize any interruption to its services hereunder. In the event of a material business disruption associated with the services outlined in this Agreement, Custodian agrees to cooperate with the Funds or their designee in responding to, resolving, and/or recovering from the disruption. The occurrence of a Force Majeure Event will not relieve Custodian of its obligation to implement the DR Plans and to provide the disaster recovery services contained thereindisruptions. In the event of a service disruptiondisruption due to reasons beyond the Custodian’s control, once normal service has been restored, the Custodian will promptly complete use commercially reasonable efforts to mitigate the effects of such a root disruption. Upon reasonable request, the Custodian shall discuss with the Fund any business continuity plan of the Custodian and/or provide a high-level presentation summarizing such business continuity plan. (e) Effective as of the Effective Date, Section 20 of the Agreement shall be amended by replacing such section in its entirety with the following: 20 INFORMATION SECURITY. The Custodian will take commercially reasonable steps to safeguard sensitive or confidential Fund information, including Confidential Information as provided in Section 19 of this Agreement, to protect it from unauthorized disclosure, and to comply with state and federal laws and regulations regarding confidentiality, privacy, and security applicable to the Custodian (“Privacy and Security Laws”), including the following: (a) The Custodian will assign system access rights to its employees on a “need to know” or “least privilege” basis such that only employees that need access to certain information to perform their job are granted such access. The Custodian will cause analysis entitlement reviews to be conducted annually, and access right controls to be tested as part of its external auditor’s report on internal controls (e.g. SSAE-16 Type II SOC1 or similar report and email it any applicable successors thereto). (b) The Custodian will require its employees to participate in annual security awareness training appropriate to their job function. (c) The Custodian will develop, maintain and adhere to commercially reasonable internal control standards defining requirements for access control, application and system development, authentication, remote access, data classification, operational security, network security and physical security. Such policies and control standards will be closely aligned with generally recognized regulatory and security frameworks such as ISO, FFIEC, NIST and COBIT. The Custodian will cause such internal control standards to be regularly examined by its internal audit department and validated at least annually by both its internal audit department and an independent firm with the results outlined in an SSAE-16 Type II SOC1 or similar report and any applicable successors thereto. (d) The Custodian will use encryption technology that provides a commercially reasonable level of security that complies with applicable regulatory requirements for the electronic transmission of Fund data over public networks. (e) The Custodian will employ a commercially reasonable process for vulnerability management, including: (i) Internal and external network vulnerability scans conducted at least quarterly; (ii) Network and application layer penetration test conducted at least annually; (iii) System, application and source code scanning and analysis processes; (iv) A framework for remediation of findings is performed by a risk-based ranking of vulnerabilities and prioritization of critical and high patches; and (v) A process to identify newly discovered security vulnerabilities and update system and application standards to address new vulnerability issues. (f) The Custodian will deploy firewalls, filtering routers or other similar network segmentation devices between networks providing services anticipated by this Agreement and other networks to control network traffic and minimize exposure to a network compromise and will configure its firewalls, network routers, switches, load balancers, name servers, mail servers, and other network components in accordance with industry standard practices. (g) The Custodian will test the implementation of its information security measures by using an industry recognized third party that employs industry standard network, system, and application vulnerability scanning tools and/or penetration testing. The Custodian will also obtain, test, and apply relevant service packs, patches, and upgrades to the Funds or their designeesoftware and hardware components used to provide services under this Agreement. Vulnerability management will include, at a minimum, full application penetration tests by a qualified party, patch management to apply the latest security patches on a regular basis. (h) The report will include the cause of disruption, details of how the disruption was resolved, and follow-up actions Custodian will implement and maintain up-to-date commercially available virus and malicious code detection and protection product(s) capable of detecting, removing, and protecting against viruses and other forms of malicious software, including spyware and adware on its network used to provide services under this Agreement. (i) The Custodian will use commercially reasonable storage and disposal methods for Fund information/data, including paper shredders, CD/DVD shredders, and NIST standard multi-pass wipe magnetic disk software. (j) With respect to Fund data residing on the Custodian’s systems, the Custodian will: (i)Employ commercially reasonable security controls and tools to monitor information processing systems and log key events such as user activities (including root or administrative access), exceptions, successful and unsuccessful logins, access to audit logs, unauthorized information processing activities, suspicious activities and information security events; (ii) Regularly back up security logs to a central location, protected against tampering and unauthorized access; (iii) Retain security logs for at least one year; (iv) Perform frequent reviews of security logs associated with the Custodian’s network used to provide services under this Agreement and take necessary actions to protect against unauthorized access or misuse of Fund data; (v) Synchronize the clocks of all relevant information processing systems using an authoritative national or international time source; (vi) Incorporate date and time stamp into security log entries; (vii) Employ, monitor and keep up to date network intrusion detection systems, host-based intrusion detection systems, or intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises; and (viii) Respond appropriately to alerts reported by intrusion detection systems, host-based intrusion detection systems, or intrusion prevention systems. (k) The Custodian will adopt and implement commercially reasonable control standards to manage the information security and technology risks associated with its use of third-party service providers to store, transmit or process Fund data. Such standards will be designed to satisfy requirements of the FFIEC and other applicable regulatory bodies. (l) The Custodian shall (1) conduct reasonable due diligence to select and retain third party service providers and subcontractors that are capable of maintaining security consistent with this Agreement and complying with Privacy and Security Laws and other applicable legal requirements; (2) contractually require such service providers and subcontractors to maintain such security; and (3) regularly assess and monitor third party service provider’s and subcontractor’s compliance with the applicable security required in this Agreement and by law, including, without limitation Privacy and Security Laws. (m) As permitted by applicable law and in accordance with the Custodian’s policies, prior to hire, the Custodian shall conduct, or cause to be conducted, reasonable background checks of any Custodian employee or contractor that will have access to PII or Fund Confidential Information. The Custodian shall not permit any employee or contractor to have access to PII or Fund Confidential Information if such employee or contractor has been convicted of a crime that would bar such employee from working for a financial institution. (n) Upon notice to the Custodian, not more than once per year during the term of the Agreement or any time after a Security Breach, the Fund may undertake a due diligence of the Custodian’s information security controls, as it relates to this Agreement. Such due diligence shall be performed during regular business hours and at a time mutually agreed upon between the parties, no later than fifteen (15) days after the Fund’s initial request of such due diligence. Such due diligence may include requesting to view policies (which may be summaries thereof) or other relevant documentation, including any available and relevant third-party audit reports (e.g. SSAE 16 SOC2 reports), and conducting interviews with key security personnel. (o) In the event that the Custodian comes into possession of personally identifiable information of the Fund’s shareholders (“PII”) in the provision of services contemplated under this Agreement: (i) the Custodian will use PII only to provide such services; (ii) the Custodian will implement industry standard commercially reasonable measures that are designed to: (w) ensure the disruption does not re-occursecurity and confidentiality of PII in its possession or control; (x) protect against any anticipated threat or hazards to the security or integrity of PII; (y) protect against unauthorized access to or use of PII that could result in substantial harm or inconvenience to the Fund or any of the Fund’s shareholders; and (z) ensure that PII is disposed of properly; (iii) the Custodian will implement and maintain a formally documented security incident response plan that includes formation of an incident response team, categorization of incidents, and responsibility for receiving alerts and investigations; (iv) if the Custodian confirms that there has been an unauthorized use, exposure, access, disclosure, or loss of PII or other Confidential Information of the Fund or any of the Fund’s shareholders through a breach of the Custodian’s firewall or similar event through which a third party gains unauthorized access to the Custodian’s electronic systems (“Security Breach”), the Custodian will provide notice of such Security Breach to the Fund as soon as reasonably possible if required by law or regulation or if the Custodian reasonably determines that the Security Breach is likely to result in harm to the Fund or the Fund’s shareholders, and such notice shall be provided as required by law and without undue delay; (v) except as may be required by law or as may reasonably be deemed necessary by the Custodian, the Custodian will use commercially reasonable efforts to remedy any Security Breach as soon as possible; and (vi) as to any Security Breach for which the Custodian provides or is required to provide notice as set forth above, the Custodian (i) will provide the Fund with regular updates at agreed upon intervals regarding its investigation of such Security Breach, including what is known at that time, the cause, remedial steps and future plans to prevent a recurrence of the same or similar breach or suspicious activity and (ii) will reasonably cooperate with the Fund security investigation activities and with the preparation and transmittal of any notice or any action required by law, to be sent or done for customers or other affected third parties regarding such Security Breach. (f) Effective as of the Effective Date, Schedule C (Fee Schedule) of the Agreement shall be replaced in its entirety by the amended Schedule C (Fee Schedule), attached hereto. NTAC:3NS-20 5