Data and Systems Security Clause Samples

Data and Systems Security. Fiserv shall (1) implement, maintain, and enforce data and systems security in respect of Fiserv Systems; and (2) maintain and enforce in respect of (a) Northern Trust Systems that Fiserv is responsible for as part of Designated Services; and (b) Northern Trust Data, in each case on-line security standards and procedures at least as rigorous as those in effect at Northern Trust Service locations as of the Effective Date.

Data and Systems Security. As part of the Services, CSC agrees that it shall follow the latest steps and security precautions practiced in the software industry designed to prevent or stop the unauthorized access to, or sabotage of, the Services Systems that are used by CSC to perform the Services. CSC shall immediately notify Customer of any unauthorized use of, or unauthorized access to, the Customer Data or Services Systems. CSC agrees to conform to CSC's data and software security policies that are substantially comparable to Customer's Customer Data and System Security Policies set out in Schedule B hereto provide such Schedule B policies are applicable to the Services being provided by CSC for Customer pursuant to a relevant Exhibit or Work Assignment.

Data and Systems Security. ▇▇▇▇▇▇ has documented information security program policies and procedures for ePHI are in place to guide personnel in the prevention, detection, containment, and correction of security violations. Responsibility for the development and implementation of information security policies and procedures is formally assigned to the compliance officer and the responsibilities of the compliance officer have been defined. • New employee and contractor user access requests for physical and logical access to systems containing ePHI are documented on a standard access request form and require the approval of HR prior to access being granted. Predefined security groups are utilized to assign role-based access privileges and segregate access within the network domain. Access to server rooms that contain systems infrastructure with ePHI data is controlled via biometric and PIN readers, and is restricted to authorized personnel. • Employees are required to complete security awareness training and sign an acknowledgement form, upon hire and on an annual basis thereafter, to confirm their understanding and obligation to comply with company data protection and security policies. • Web and SFTP servers utilize TLS and SSH encryption, respectively, for communication sessions over unsecured public networks. Data containing ePHI is stored in an encrypted format. Security monitoring applications are in place and configured to capture and analyze information system event logs including, but not limited to: o Failed logon events o Network perimeter and intrusion events o System state and configuration modifications

Data and Systems Security. (a) Fiserv shall (1) implement, maintain, and enforce data and systems security in respect of Fiserv Systems; and (2) maintain and enforce in respect of (a) any Northern Trust Systems that Fiserv is responsible for as part of Designated Services; and (b) any Northern Trust Data, in each case on-line security standards and procedures at least as rigorous as those in effect at the Original Service Location as of the Effective Date. (b) In the event Northern Trust Data is transmitted over an unsecured electronic network, the information must be either (1) encrypted using a commercially reasonable security technology that, at a minimum, is equivalent to 128-bit RC4 encryption technology (or its equivalent at the time) or (2) transmitted via a secure session that utilizes a commercially reasonable security technology that provides a level of security that, at a minimum, is equivalent to 128-bit RC4 encryption technology. (c) Fiserv shall encrypt any Northern Trust Data on portable media, including without limitation laptop computers, CD-ROMs, and thumb drives, in the event that such media is used or sent out of any Fiserv Service Location. The obligation set forth in the immediately preceding sentence applies to portable media used by any Fiserv Agent. Fiserv shall also notify the Northern Trust Relationship Manager promptly of any security breach or acquisition of Northern Trust Data by an unauthorized person. (d) In addition to the requirements set forth in Section 17.2 of this Agreement, Fiserv shall maintain the confidentiality of any nonpublic personal information obtained from Northern Trust in connection with the provision of the Services according to the standards established by 15 U.S.C. Section 6802 and any regulations issued in accordance thereto, subject to any statutory and regulatory exceptions. Fiserv shall also maintain appropriate measures designed to meet the objectives of the guidelines establishing information security standards as adopted by federal bank regulatory agencies, as well as any standards established by the Securities and Exchange Commission. Fiserv acknowledges that such standards currently require that reasonable measures be implemented to (1) ensure the security and confidentiality of any Northern Trust’s consumer customer information in Fiserv’s possession or control; (2) protect against any anticipated threat or hazards to the security or integrity of Northern Trust’s consumer customer information; (3) protect against unauth...

Data and Systems Security. Depositor agrees to implement and maintain appropriate security measures to safeguard the security of images and data in Depositor’s possession or control from unauthorized access or disclosure. In no event shall Depositor take precautions any less stringent than those employed to protect its own proprietary and confidential information. On request, Depositor shall provide Credit Union with information regarding Depositor's internal controls and security procedures. If Credit Union believes that Depositor's controls, security measures, and procedures are inadequate to safeguard the item images and data maintained by Depositor, Credit Union may require Depositor to establish additional controls, security measures, and procedures. Depositor agrees to indemnify, defend, and hold Credit Union harmless from and against any disclosure of or unauthorized access to any other party’s confidential information (such as checking account number and financial institution) maintained by Depositor. Depositor agrees to notify Credit Union of any such disclosure, or of any penetration of Depositor's systems or information security measures by unauthorized parties.