Risk Assessments a. Risk Assessment - DST shall, at least annually, perform risk assessments that are designed to identify material threats (both internal and external) against Fund Data, the likelihood of those threats Schedule 10.2 p.2 occurring and the impact of those threats upon DST organization to evaluate and analyze the appropriate level of information security safeguards (“Risk Assessments”).
b. Risk Mitigation - DST shall use commercially reasonable efforts to manage, control and remediate threats identified in the Risk Assessments that it believes are likely to result in material unauthorized access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of Fund Data, consistent with the Objective, and commensurate with the sensitivity of the Fund Data and the complexity and scope of the activities of DST pursuant to the Agreement.
c. Security Controls Testing - DST shall, on approximately an annual basis, engage an independent external party to conduct a review (including information security) of DST’s systems that are related to the provision of services. DST shall have a process to review and evaluate high risk findings resulting from this testing.
