DST Employee Training and Access. DST shall: (i) train its employees on the acceptable use and handling of the Funds’ Confidential Information; (ii) train its employees upon hiring on the WISP, the proper use of systems impacting Fund Confidential Information, and internal and external threats as identified in the risk assessment specified in Section 2.2(xiii) above and the expected procedures defined in the WISP to mitigate these threats; (iii) provide annual security education for its employees and maintain a record of employees that have completed such education; (iv) provide specialized security training to developers with roles and responsibilities in the development of applications interacting with Fund Confidential Information or systems; and (v) implement a formal user registration and de-registration procedure for granting and revoking access to DST’s information systems and services; and upon termination of any of DST’s employees, DST shall revoke such employee’s access to DST’s domain following termination of such individual and revoke such individual’s access to Fund Confidential Information within no more than twenty-four (24) hours of involuntary termination and within two (2) business days after voluntary termination hours and in accordance with DST’s internal policies and procedures. All privileged accounts with access to Fund Confidential Information that are known by the user must undergo a password change.
Appears in 11 contracts
Samples: Transfer Agency and Service Agreement (Nuveen Investment Trust V), Transfer Agency and Service Agreement (Nuveen Investment Trust Iii), Transfer Agency and Service Agreement (Nuveen Multistate Trust I)
DST Employee Training and Access. DST shall: (i) train its employees on the acceptable use and handling of the Funds’ Fund Confidential Information; (ii) train its employees upon hiring on the WISP, the proper use of systems impacting Fund Confidential Information, and internal and external threats as identified in the risk assessment specified in Section 2.2(xiii) above and the expected procedures defined in the WISP to mitigate these threats; (iii) provide annual security education for its employees and maintain a record of employees that have completed such education; (iv) provide specialized security training to developers with roles and responsibilities in the development of applications interacting with Fund Confidential Information or systems; and (v) implement a formal user registration and de-registration procedure for granting and revoking access to DST’s information systems and services; and upon termination of any of DST’s employees, DST shall revoke such employee’s access to DST’s domain following termination of such individual and revoke such individual’s access to Fund Confidential Information within no more than twenty-four (24) hours of involuntary termination and within two (2) business days Business Days after voluntary termination hours and in accordance with DST’s internal policies and procedures. All privileged accounts with access to Fund Confidential Information that are known by the user must undergo a password change.
Appears in 2 contracts
Samples: Transfer Agency and Service Agreement (Tiaa-Cref Life Funds), Transfer Agency and Service Agreement (Tiaa-Cref Funds)
