Business Practice Commitments Sample Clauses

Business Practice Commitments. As further consideration for the settlement and releases provided herein, Shift Digital agrees to take reasonable measures to further secure personal information within its custody and control and to maintain such measures already taken. Specifically, Shift Digital agrees that it has or will implement the following: (1) ensure that the default setting for all Microsoft Azure data storage containers is private; (2) conduct frequent enterprise-wide automated scans across its cloud computing platform to confirm that the access settings of all data storage containers are correct; (3) conduct periodic manual reviews of all Microsoft Azure data storage containers to ensure they are set to the correct access settings; (4) maintain role-based security protocols that limit permission to create Microsoft Azure data storage containers to a small number of designated users; (5) encrypt all application data within its control in Microsoft Azure at-rest and in-transit; (6) use Microsoft Azure Security Center tools, such as constant vulnerability scans, to proactively monitor security threats; (7) conduct annual third-party penetration testing of its applications and address any vulnerabilities as appropriate; (8) commission annual third-party assessments of its security programs and practices and update its programs and practices to address threats and vulnerabilities; (9) engage an outside service provider for Virtual Chief Information Security Officer Services and work to build a dedicated data security team; and (10) further develop and formalize its data classification protocols, risk management operations, and incident response procedures.

Business Practice Commitments. Defendant will provide a confidential declaration to Settlement Class Counsel describing its information security improvements since the Security Incident and estimating the annual cost of those improvements. The cost of such improvements will be paid by Defendant separate and apart from all other settlement benefits.

Business Practice Commitments. 70. 23andMe, at its sole and separate expense, shall certify that it has adopted, paid for, and implemented and intends to maintain the following Business Practice Commitments related to information security to safeguard current users’ and Settlement Class Members’ Personal Information. The cost of the measures in this Section will not be paid from the Qualified Settlement Fund.

Business Practice Commitments. Metromile endeavors to take reasonable steps to secure personal information within its platform, including its online car insurance application process (“Online Quote Flow”). As part of those efforts, Metromile agrees that it has taken or will take the following measures (or measures that are better protective of customer data security). Metromile is responsible for all costs associated with implementing and maintaining these Business Practice Commitments, which costs are separate and apart from the Settlement Fund. 1) Set up mechanisms to block suspicious website traffic, including by configuring Metromile’s firewalls to block traffic from IP addresses exhibiting suspicious traffic patterns (e.g., abnormally repetitive quote requests from the same IP address). 2) Implement reCAPTCHA logging to block automated use of the Online Quote Flow. 3) Engage a third-party security auditor/penetration tester as well as internal security personnel to conduct penetration tests and audits on Metromile’s systems on a periodic basis, and address any problems or issues detected thereby on a risk- prioritized basis. 4) Periodically audit, test, and train Metromile’s security personnel regarding new or modified procedures corresponding with their job responsibilities. 5) Implement reasonably appropriate data segmentation by creating firewalls and access controls. 6) Conduct periodic computer system scanning and security checks. 7) Conduct periodic internal training and education to inform Metromile employees about the company’s security practices. 8) Protect endpoints with anti-malware software and local firewalls. The requirements of this ¶ 2.6 shall remain in place for three (3) years following the date the court approves the settlement.

Business Practice Commitments. For a period of 3 years following the execution of a formal settlement agreement, Defendant commits to pay for, implement and continue certain data-security enhancements and business practices. Due to their confidential and sensitive nature, those enhancements and practices are not being publicly disclosed herein but have been shared with Plaintiff’s Counsel, who agrees to maintain the confidentiality of that information. Nothing in this provision prohibits Order Express from changing vendors for the identified business practices so long as a comparable product/service is maintained. Defendant agrees to provide a declaration detailing its business practice changes implemented after the Ransomware Attack.

Business Practice Commitments. Xxxxxx agrees to adopt, implement, and/or continue the following business practices set forth below (“Business Practice Commitments”) for a period of three (3) years following the Effective Date: i. Establish a comprehensive Data Loss Prevention project, which includes processes and procedures for identification and audit access reviews of sensitive information within the Xxxxxx enterprise; ii. Establish an enterprise SIEM and UEBA solution; iii. Establish a dedicated team for SOC; iv. Operationalize an enterprise SIEM and UEMA solution; v. Implement Secure Configuration Monitoring (SCM) on “crown jewel” systems in the Xxxxxx environment; vi. Configure and implement hardened benchmarks for all servers in the Xxxxxx environment; vii. Implement Multi-Factor Authentication for Xxxxxx internet-facing systems and applications; viii. Provide quarterly Security Awareness Training (SAT) to all new and existing employees; ix. Implement hard disk encryption on Xxxxxx’x servers, clients, and Xxxxxx-issued phones; and x. Comply with Xxxxxx’x data protection and retention policies and all applicable laws regarding Xxxxxx’x commercially reasonable or necessary use of current or former employee PII/PHI data and/or the commercially reasonable disposal (e.g., deletion, offline storage, or other data segregation) of any former employee PII/PHI data that is no longer subject to Xxxxxx’x data protection and retention policies or any applicable laws.

Business Practice Commitments. Xxxxxx has implemented and will maintain certain reasonable data security-related measures as has been identified. Costs associated with these business practice commitments are paid by Xxxxxx separate and apart from other Settlement Benefits. The costs of the changes made by Defendant are approximately $800,000. Xxxxxx will continue to invest and maintain reasonable data security-related measures for the next two years.

Business Practice Commitments. Albertsons agrees to adopt, implement, and/or continue the following business practices set forth below (“Business Practice Commitments”) through December 31, 2025, subject to the terms and conditions of this Section: Revise communications protocols and requirements Enhance contracts and notification requirements for third-party vendors Strengthen associate education and awareness campaigns Deploy and configure modern machine-learning based email protection Maintain endpoint protection for Windows, Linux and critical assets Maintain security controls around identity management services Migrate sensitive edge data from non-centralized file servers to cloud Maturing of data security practices The Parties acknowledge that technical and business requirements for securing information evolve and change dynamically. In the event that technological or industry developments, or intervening changes in law, business practices, or business structure, render specific Business Practice Commitments obsolete or make compliance by Albertsons with them unreasonable, unnecessary, or impractical, Albertsons may modify its business practices as necessary to ensure appropriate data security practices are being followed. All costs associated with implementing the Business Practice Commitments will be borne by Albertsons separate and apart from the Settlement Fund. Within thirty (30) days of the execution of this Settlement Agreement, Albertsons agrees to provide a confidential, non-public declaration, which is to be treated as attorneys’ eyes only, providing additional detail regarding the Business Practice Commitments set forth above. Albertsons will also include in that non-public, confidential declaration information about its use of multi-factor authentication. Within fourteen (14) days of the execution of this Settlement Agreement, Albertsons agrees to provide to Plaintiffs’ counsel the estimated cost of implementing the Business Practice Commitments identified above.

Business Practice Commitments. 71. Business Practice Commitments. RadNet agrees to adopt and implement certain business practice commitments described below (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date. These Business Practice Commitments are specific business practice commitments and remedial measures and are described as follows: 1.1 RadNet, having engaged a third-party cybersecurity consultant agrees to adopt and implement certain business practices and remedial measures set forth below (“Business Practice Commitments”) for a period of three (3) years following the Effective Date. These Business Practice Commitments are specific commitments and remedial measures designed to include continuous threat assessment processes to maintain RadNet’s security posture, and to provide protection against threats now and in the future, specifically with respect to current and former employee and job applicant PII, and include the following: a. Endpoint protection: Ensure implementation of endpoint security measures, including appropriate implementation of endpoint security applications, patching mechanisms, logging and alerting.

Business Practice Commitments. Artech, having engaged a third-party cybersecurity consultant, agrees to adopt, implement, and/or continue certain business practices set forth below (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date. These Business Practice Commitments are designed to maintain Artech’s security posture, and to provide protection against threats now and in the future, specifically with respect to current and former employee and job applicant Personal Information, and include the following: a. Defendant has conducted baseline penetration testing through a well-established third- party IT security vendor, and will continue to conduct substantially-equivalent penetration testing at least annually. Defendant has included sufficient funds in its IT security budget to accomplish annual penetration testing as outlined in this subparagraph for 2021, and will reauthorize sufficient funds in its IT budget for each subsequent year through 2024 to utilize the same or any comparably-priced improved testing technology as may be available. b. Defendant shall continue to ensure that anti-malware software resides on all its servers, and that its VPN appliance is updated as soon as practicable after security updates become available, but in no instance less often than monthly. c. Defendant is implementing a company-wide encryption protocol wherein all Personal Information is segregated by its employees and encrypted daily. d. Defendant is testing its IT security for NIST compliance, and has achieved compliance with many NIST requirements, with the remainder to be addressed through SIEM software. Defendant will provide a declaration or certification of such compliance on or before December 21, 2022. e. Defendant is currently evaluating several Security Information and Event Management (“SIEM”) software options, and shall deploy SIEM software on or before December 31, 2022. f. Defendant currently provides IT security and Personal Information training to all of its personnel during onboarding, and on a quarterly basis thereafter, which will continue. This training includes directions about how to handle suspicious communications and documents, and encourages personnel to report any concerns about Defendant’s information security systems. g. Defendant has developed and implemented a formal written Personal Information policy, which it will continue to maintain with appropriate updates. h. Defendant is developing a suite of testing and auditi...