Common use of Information Security Plan Clause in Contracts

Information Security Plan. (1) Contractor acknowledges that ETF is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as ETF’s internal security program for information and systems protection. (2) Contractor will establish, maintain and comply with an information security plan (Information Security Plan), which will contain, at a minimum, such elements as those set forth in this Agreement. (3) Contractor’s Information Security Plan will be designed to: a. Ensure the privacy, security, integrity, availability, and confidentiality of Confidential Information; b. Protect against any anticipated threats or hazards to the security or integrity of such information; c. Protect against unauthorized access to or use of such information that could result in harm or inconvenience to the person that is the subject of such information; d. Reduce risks associated with Contractor having access to ETF Information Resources; and e. Comply with all applicable legal and regulatory requirements for data protection. (4) On at least an annual basis, Contractor will review its Information Security Plan, update and revise it as needed, and make available to ETF upon request. At ETF’s request, Contractor will make modifications to its Information Security Plan or to the procedures and practices thereunder to conform to ETF’s security requirements as they exist from time to time. If there are any significant modifications to Contractor’s Information Security Plan, Contractor will notify ETF within a reasonable period of time, not to exceed two weeks. Any significant modification

Information Security Plan. (1) Contractor acknowledges that ETF is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as ETF’s internal security program for information and systems protection. (2) Contractor will establish, maintain and comply with an information security plan (Information Security Plan), which will contain, at a minimum, such elements as those set forth in this Agreement. (3) Contractor’s Information Security Plan will be designed to: a. Ensure the privacy, security, integrity, availability, and confidentiality of Confidential Information; b. Protect against any anticipated threats or hazards to the security or integrity of such information; c. Protect against unauthorized access to or use of such information that could result in harm or inconvenience to the person that is the subject of such information; d. Reduce risks associated with Contractor having access to ETF Information Resources; and e. Comply with all applicable legal and regulatory requirements for data protection. (4) On at least an annual basis, Contractor will review its Information Security Plan, update and revise it as needed, and make available submit it to ETF upon request. At ETF’s requestUpon mutual agreement, Contractor will make modifications to its Information Security Plan or to the procedures and practices thereunder to conform to ETF’s security requirements as they exist from time to time. If there are any significant modifications to Contractor’s Information Security PlanPlan involving dropping or diminishing security controls which ultimately provide less confidentiality, integrity or availability for any and of ETF data, Contractor will notify ETF within a reasonable period of time, not to exceed two weeks. Any significant modificationmodification must include the same or a higher framework or information security standard maturity level than what currently exists in the Plan.

Information Security Plan. (1) Contractor acknowledges that ETF is required to comply with information security standards for the protection of Confidential Information as required by law, regulation and regulatory guidance, as well as ETF’s internal security program for information and systems protection. (2) Contractor will establish, maintain and comply with an information security plan (Information Security Plan), which will contain, at a minimum, such elements as those set forth in this Agreement. (3) Contractor’s Information Security Plan will be designed to: a. Ensure the privacy, security, integrity, availability, and confidentiality of Confidential Information; b. Protect against any anticipated threats or hazards to the security or integrity of such information; c. Protect against unauthorized access to or use of such information that could result in harm or inconvenience to the person that is the subject of such information; d. Reduce risks associated with Contractor having access to ETF Information Resources; and e. Comply with all applicable legal and regulatory requirements for data protection. (4) On at least an annual basis, Contractor will review its Information Security Plan, update and revise it as needed, and make available submit it to ETF upon request. At ETF’s request, Contractor will make modifications to its Information Security Plan or to the procedures and practices thereunder to conform to ETF’s security requirements as they exist from time to time. If there are any significant modifications to Contractor’s Information Security Plan, Contractor will notify ETF within a reasonable period of time, not to exceed two weeks. Any significant modificationtwo