SaaS Services 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information.
6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers.
6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld.
6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored.
6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer.
6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request.
6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data.
6.8 We provide secure Data transmission paths between each of your workstations and our servers.
6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access.
6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Use of the Services 1.1 We will make the Oracle services listed in Your order (the “Services”) available to You pursuant to this Agreement and Your order. Except as otherwise stated in this Agreement or Your order, You have the non- exclusive, worldwide, limited right to use the Services during the period defined in Your order, unless earlier terminated in accordance with this Agreement or Your order (the “Services Period”), solely for Your internal business operations. You may allow Your Users (as defined below) to use the Services for this purpose, and You are responsible for their compliance with this Agreement and Your order.
1.2 The Service Specifications describe and govern the Services. During the Services Period, we may update the Services and Service Specifications (with the exception of the Data Processing Agreement as described below) to reflect changes in, among other things, laws, regulations, rules, technology, industry practices, patterns of system use, and availability of Third Party Content (as defined below). Oracle updates to the Services or Service Specifications will not materially reduce the level of performance, functionality, security or availability of the Services during the Services Period of Your order.
1.3 You may not, and may not cause or permit others to: (a) use the Services to harass any person; cause damage or injury to any person or property; publish any material that is false, defamatory, harassing or obscene; violate privacy rights; promote bigotry, racism, hatred or harm; send unsolicited bulk e-mail, junk mail, spam or chain letters; infringe property rights; or otherwise violate applicable laws, ordinances or regulations; (b) perform or disclose any benchmarking or availability testing of the Services; (c) perform or disclose any performance or vulnerability testing of the Services without Oracle’s prior written approval, or perform or disclose network discovery, port and service identification, vulnerability scanning, password cracking or remote access testing of the Services; or (d) use the Services to perform cyber currency or crypto currency mining ((a) through (d) collectively, the “Acceptable Use Policy”). In addition to other rights that we have in this Agreement and Your order, we have the right to take remedial action if the Acceptable Use Policy is violated, and such remedial action may include removing or disabling access to material that violates the policy.
Use of the Service 12.1 When using the Service you must comply with:
(a) our CRA, including clause 4 of the General Terms, and this clause 12; and
(b) any rules, including any acceptable use conditions, imposed by any third party whose content or services you access using the Service or whose Network on which your data transmits.
12.2 Any use of the Service at the Premises is your responsibility. The terms of our CRA apply to you and also to anyone else who uses the Service (regardless of whether you give them permission to do so or not).
12.3 You must ensure that any software you use in relation to the Service is properly licensed.
12.4 The use of a Local Area Network (LAN) for personal use is permitted, however the set-up and configuration of a LAN connected to the modem is not supported by customer service.
12.5 All IP addresses provided by us for your use remain our property. Most Services include a dynamic IP address. A new IP address is usually allocated whenever the computer and modem are rebooted. The IP address remains until the next time the computer and modem are switched off. Where provided, you may configure your computer or modem to connect using a static IP address.
12.6 We may at any time adjust aspects of the Service for security or Network management reasons, including, without limitation:
(a) deleting transitory data that has been stored on our servers for longer than 90 days;
(b) deleting stored email messages that are older than 90 days;
(c) rejecting any incoming email messages and attachments that exceed 30 Megabytes (including encapsulation);
(d) delivering access and content via proxy servers;
(e) limiting the number of addresses to whom an outgoing email can be sent;
(f) refusing to accept incoming email messages to mailboxes that have exceeded the email storage limit;
(g) managing the Network to prioritise certain types of Internet traffic over others; and
(h) blocking or filtering specific Internet ports.
12.7 You are responsible for providing any security or privacy measures for your computer networks and any data stored on those networks or accessed through the Service. We will not be liable to you in respect of any loss, damage, costs or expenses incurred by you in connection with your failure to provide that security.
12.8 You may request additional users on the Service in accordance with the Pricing Schedule.
12.9 You must take reasonable steps to ensure that others do not gain unauthorised access to the Service through your account. We recommend that you do not disclose your password to others and that you change your password regularly.
12.10 We may monitor use of the Service to investigate a breach (or suspected breach) of the Fair Use Policy or upon the request of an authorised authority.
12.11 Where you provide your own wireless computer connection device, you are responsible for any loss caused by an unauthorised interception of the Service.
Manager’s Use of the Services of Others The Manager may (at its cost except as contemplated by Paragraph 4 of this Agreement) employ, retain or otherwise avail itself of the services or facilities of other persons or organizations for the purpose of providing the Manager or the Corporation or Fund, as appropriate, with such statistical and other factual information, such advice regarding economic factors and trends, such advice as to occasional transactions in specific securities or such other information, advice or assistance as the Manager may deem necessary, appropriate or convenient for the discharge of its obligations hereunder or otherwise helpful to the Corporation or Fund, as appropriate, or in the discharge of Manager's overall responsibilities with respect to the other accounts which it serves as investment manager.
Use of the Software TO THE EXTENT OF A CONFLICT BETWEEN THE PROVISIONS OF THE FOREGOING DOCUMENTS, THE ORDER OF PRECEDENCE SHALL BE (1)THE SIGNED CONTRACT, (2) THE CLICK-ACCEPT AGREEMENT OR THIRD PARTY LICENSE AGREEMENT, AND
Limitation on Services Except in cases of Emergency Services or Urgent Care, or as otherwise provided under this Certificate, services are available only from Participating Providers and HMO shall have no liability or obligation whatsoever on account of any service or benefit sought or received by a Member from any Physician, Hospital, Skilled Nursing Facility, home health care agency, or other person, entity, institution or organization unless prior arrangements are made by HMO.
ADS Services Up to U.S. $5.00 per 100 ADSs (or fraction thereof) held on the applicable record date(s) established by the Depositary. Person holding ADSs on the applicable record date(s) established by the Depositary.
Service Limitations The FCC requires that Provider provide E911 Service to all Customers who use Provider Services within the United States. Sections 13.2-13.8 apply to all Customers who use Provider Services within the United States. Section 13.9 applies to all Customers.
Sub-adviser’s Use of the Services of Others The Sub-Adviser may (at its cost except as contemplated by Section 5 of this Agreement) employ, retain, or otherwise avail itself of the services or facilities of other persons or organizations for the purpose of obtaining such statistical and other factual information, such advice regarding economic factors and trends, such advice as to occasional transactions in specific securities, or such other information, advice, or assistance as the Sub-Adviser may deem necessary, appropriate, or convenient for the discharge of its obligations hereunder or otherwise helpful to the Sub-Adviser, as appropriate, or in the discharge of Sub-Adviser's overall responsibilities with respect to the other accounts that it serves as investment manager or counselor, provided that the Sub-Adviser shall at all times retain responsibility for making investment recommendations with respect to the Fund.
Limitations on Services (a) The Parties recognize that certain responsibilities and obligations are imposed by federal and state securities laws and by the applicable rules and regulations of stock exchanges, the National Association of Securities Dealers, Inc., in-house "due diligence" or "compliance" departments of Licensed Securities Firms, etc.; accordingly, the Employee agrees that he will not:
(1) Release any financial or other material information or data about XStream without the prior written consent and approval of XStream's General Counsel or Securities Counsel;
(2) Conduct any meetings with financial analysts without informing XStream's General Counsel and board of directors in advance of the proposed meeting and the format or agenda of such meeting.
(b) In any circumstances where the Employee is describing the securities of XStream to a third party, the Employee shall disclose to such person any compensation received from XStream to the extent required under any applicable laws, including, without limitation, Section 17(b) of the Securities Act of 1933, as amended.
(c) In rendering his services, the Employee shall not disclose to any third party any confidential non-public information furnished by XStream or otherwise obtained by it with respect to XStream, except on a need to know basis, and in such case, subject to appropriate assurances that such information shall not be used, directly or indirectly, in any manner that would violate state or federal prohibitions on insider trading of XStream's securities.
(d) The Employee shall not xxxx xxx xxxxxx which would in any way adversely affect the reputation, standing or prospects of XStream or which would cause XStream to be in violation of applicable laws. ARTICLE THREE ------------- COMPENSATION ------------
