Common use of Communications and Operations Clause in Contracts

Communications and Operations. Supplier shall: (i) perform regular backups sufficient to restore services to CUSTOMER within the agreed upon recovery times (or, if no specific recovery times have been agreed to by the parties, within a commercially reasonable period of time); (ii) encrypt all backup media containing CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information in accordance with the CUSTOMER Supplier Information Protection Guidelines set forth below; (iii) not store or replicate any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information outside of Supplier’s premises without obtaining the prior written consent of CUSTOMER; (iv) not transmit, transfer or provide any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information to any third party, or provide any third party with access to any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, without obtaining the prior written consent of CUSTOMER; (v) if any activities described in the previous clauses (iii) and (iv) are approved by CUSTOMER, maintain an inventory of the third parties and/or locations outside of Supplier’s premises that store or replicate any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the third parties that receive or receive access to CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the purpose for storing, replicating, providing or providing access to such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the manner in which such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information was transmitted or otherwise provided to such third party, the transmission and encryption/protection method or protocol (where applicable) used in transmitting or otherwise providing such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, a description of the CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information that was transmitted or otherwise provided to such third party, the name of the CUSTOMER employee that approved such arrangement and the date such approval was obtained; (vi) when erasing or destroying CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, employ data destruction procedures that meet or exceed the Department of Defense Standard for Secure Data Sanitization (DOD 5220.22M). Supplier shall promptly erase or destroy any or all CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information upon written request from CUSTOMER; (vii) follow the CUSTOMER Supplier Information Protection Guidelines set forth below, including those pertaining to encryption, when transmitting or transporting CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information; (viii) use hard drive encryption for all laptops on which any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information is stored or that are used by Supplier’s personnel to access any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, and such encryption shall be in accordance with the CUSTOMER Supplier Information Protection Guidelines set forth below; (ix) maintain up to date malware detection and prevention on Supplier’s servers and/or end user platforms that transmit, access, process or store CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information; (x) maintain a hardened Internet perimeter and secure infrastructure using firewalls, antivirus, anti-malware, intrusion detection systems, and other protection technologies as is commercially reasonable; and (xi) implement regular patch management and system maintenance for all of Supplier’s systems that transmit, access, process or store CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information.

Communications and Operations. Supplier shall: (ia) perform regular backups sufficient to restore services Ser- vices of the Supplier to CUSTOMER within the agreed upon recovery times (or, if no specific recovery recov- ery times have been agreed to by the parties, within a commercially reasonable period of time); (iib) encrypt all backup media containing CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information in accordance with the CUSTOMER CUS- TOMER Supplier Information Protection Guidelines set forth below; (iiic) not store or replicate any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information outside of Supplier’s premises without obtaining the prior written consent of CUSTOMER; (ivd) not transmit, transfer or provide any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information to any third party, or provide any third party with access to any CUSTOMER Confidential Con- fidential Information and CUSTOMER’s client’s Confidential Con- fidential Information, without obtaining the prior written writ- ten consent of CUSTOMER; (ve) if any activities described in the previous clauses (iiic) and (ivd) are approved by CUSTOMER, maintain an inventory of the third parties and/or locations outside of Supplier’s premises that store or replicate any CUSTOMER Confidential Information and CUSTOMERCUS- TOMER’s client’s Confidential Information, the third parties that receive or receive access to CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the purpose for storing, replicatingrep- licating, providing or providing access to such CUSTOMER CUS- TOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the manner in which such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information was transmitted or otherwise provided to such third party, the transmission and encryption/protection method or protocol (where applicable) used in transmitting or otherwise providing such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, a description of the CUSTOMER Confidential Confi- dential Information and CUSTOMER’s client’s Confidential Confi- dential Information that was transmitted or otherwise provided to such third party, the name of the CUSTOMER CUS- TOMER employee that approved such arrangement and the date such approval was obtained; (vif) when erasing or destroying CUSTOMER Confidential Confiden- tial Information and CUSTOMER’s client’s Confidential Confiden- tial Information, employ data destruction procedures that meet or exceed the Department of Defense Standard for Secure Data Sanitization (DOD 5220.22M). Supplier shall promptly erase or destroy any or all CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information upon written request from CUSTOMER; (viig) follow the CUSTOMER Supplier Information Protection Protec- tion Guidelines set forth below, including those pertaining per- taining to encryption, when transmitting or transporting transport- ing CUSTOMER Confidential Information and CUSTOMERCUS- TOMER’s client’s Confidential Information; (viiih) use hard drive encryption for all laptops on which any CUSTOMER Confidential Information and CUSTOMERCUS- TOMER’s client’s Confidential Information is stored or that are used by Supplier’s personnel to access any CUSTOMER Confidential Information and CUSTOMERCUS- TOMER’s client’s Confidential Information, and such encryption shall be in accordance with the CUSTOMER CUS- TOMER Supplier Information Protection Guidelines set forth below; (ixi) maintain up to date malware detection and prevention preven- tion on Supplier’s servers and/or end user platforms that transmit, access, process or store CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information; (xj) maintain a hardened Internet perimeter and secure infrastructure using firewalls, antivirus, anti-malware, intrusion detection systems, and other protection technologies as is commercially reasonable; and (xik) implement regular patch management and system maintenance for all of Supplier’s systems that transmittrans- mit, access, process or store CUSTOMER Confidential Confiden- tial Information and CUSTOMER’s client’s Confidential Confiden- tial Information.

Communications and Operations. Supplier shall: (i) perform regular backups sufficient to restore services to CUSTOMER within the agreed upon recovery times (or, if no specific recovery times have been agreed to by the parties, within a commercially reasonable period of time); (ii) encrypt all backup media containing CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information in accordance with the CUSTOMER Supplier Information Protection Guidelines set forth below; (iii) not store or replicate any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information outside of Supplier’s premises without obtaining the prior written consent of CUSTOMER; (iv) not transmit, transfer or provide any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information to any third party, or provide any third party with access to any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, without obtaining the prior written consent of CUSTOMER; (v) if any activities described in the previous clauses (iii) and (iv) are approved by CUSTOMER, maintain an inventory of the third parties and/or locations outside of Supplier’s premises that store or replicate any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the third parties that receive or receive access to CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the purpose for storing, replicating, providing or providing access to such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, the manner in which such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information was transmitted or otherwise provided to such third party, the transmission and encryption/protection method or protocol (where applicable) used in transmitting or otherwise providing such CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, a description of the CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information that was transmitted or otherwise provided to such third party, the name of the CUSTOMER employee that approved such arrangement and the date such approval was obtained;obtained;‌ (vi) when erasing or destroying CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, employ data destruction procedures that meet or exceed the Department of Defense Standard for Secure Data Sanitization (DOD 5220.22M). Supplier shall promptly erase or destroy any or all CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information upon written request from CUSTOMER; (vii) follow the CUSTOMER Supplier Information Protection Guidelines set forth below, including those pertaining to encryption, when transmitting or transporting CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information; (viii) use hard drive encryption for all laptops on which any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information is stored or that are used by Supplier’s personnel to access any CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information, and such encryption shall be in accordance with the CUSTOMER Supplier Information Protection Guidelines set forth below; (ix) maintain up to date malware detection and prevention on Supplier’s servers and/or end user platforms that transmit, access, process or store CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information; (x) maintain a hardened Internet perimeter and secure infrastructure using firewalls, antivirus, anti-malware, intrusion detection systems, and other protection technologies as is commercially reasonable; and (xi) implement regular patch management and system maintenance for all of Supplier’s systems that transmit, access, process or store CUSTOMER Confidential Information and CUSTOMER’s client’s Confidential Information.