Common use of Safety and Security Procedures Clause in Contracts

Safety and Security Procedures. (a) FIS shall maintain and enforce, at the FIS Service Locations, safety and security procedures that are at least (i) compliant with Regulations and the Fidelity Information Security Policy in accordance with FIS'S obligations under Section 3.13, (ii) equal to industry standards for such FIS Service Locations, and (iii) as rigorous as those procedures in effect at the FIS Service Locations as of the Effective Date. FIS shall investigate and remedy any Security Incident (as defined below) at the FIS Service Locations, if applicable, in accordance with the provisions of this Section. (b) At the FIS Service Locations, FIS shall maintain and comply with safeguards against the destruction, loss or alteration of FNT Data (the "Data Safeguards") which are at least (i) compliant with the requirements of Section 3.13, (ii) equal to generally accepted insurance industry standards, and (iii) as rigorous as those procedures used in protection of its own similar data as of the Effective Date. The safeguards shall include (1) FNT Data back up and storage which is separate from that of other FIS customers, and (2) upon request, reports of appropriate logs of the internal FIS firewall(s), FIS leveraged firewalls used to deliver FNT services or FIS-managed, FNT-dedicated firewalls which separate the FNT segment from other FIS segments (except that FIS reserves the right to mask certain sensitive information (e.g., FIS internal or other FIS customer IP addresses)). All changes to the firewall rule sets which will affect the delivery of the Services shall be made in accordance with Change Control Procedures. FNT shall be permitted to conduct, or to cause FIS to engage a third party (who is not a competitor and is mutually agreeable to FIS) to conduct, at FNT's expense and no more frequently than once a year, a review of FIS'S information security management, the FIS firewall rule sets for the internal FIS firewall(s) which separate the FNT segment from other FIS segments or leveraged firewalls used to deliver FNT services (except that FIS reserves the right to mask certain sensitive information (e.g., FIS internal or other FIS customer IP addresses)), FIS-managed, FNT-dedicated firewalls and any other security procedures implemented at the FIS Technology Centers (as set forth in Exhibit E) with respect to the Systems at the FIS Technology Centers upon reasonable notice (which shall be no less than ten (10) days notice for such reviews by auditors and inspectors designated by FNT and upon request, regardless of advance notice (a) to the extent FNT is required to conduct a more immediate review for compliance with law and (b) for more immediate reviews by FNT regulators) and so as to not disrupt FIS business operations. Such access shall be provided to FNT in accordance with FIS'S security and audit guidelines (i.e., access will be provided at the applicable FIS Service Location with the assistance of FIS personnel and shall include the opportunity to review but not copy the logs). FIS shall cooperate fully with any FNT investigation of a Security Incident. Such collaboration shall include permitting FNT access to internal audit data and logs of communications traffic pertinent to the Security Incident, provided that FIS shall not be required to disclose any information regarding other customers of FIS. (c) FIS shall maintain in effect at all times, and promulgate, within FIS and FIS Subcontractors performing Services, a Security Incident response plan, describing procedures for FIS to follow in the event of any actual (i) unauthorized use, access, disclosure, theft, manipulation and/or reproduction of FNT Data, and/or (ii) security breach of the Systems associated with the accessing, processing, storage, communication and/or transmission of FNT Data (a "Security Breach") or if FIS or FNT has a reasonable cause to believe that such a Security Breach has occurred or will occur (collectively, a "Security Incident"). This Security Incident Response Plan will include a documented escalation procedure and a process for notifying FNT immediately upon FIS'S becoming aware of a Security Incident without regard to incident point of origination. Communication to FNT as to a Security Incident should, in the first instance, be directed to the FNT Relationship Manager within one (1) hour of FIS'S awareness thereof, in a manner and timeframe consistent with California's Security Breach Notification Act and any other applicable law and/or regulation. (d) Subject to appropriate protections of third party confidential information, FNT may elect, with FIS'S cooperation, to observe any FIS investigation associated with any such Security Incident and FIS will, in any event, keep FNT informed of all progress and actions taken in response to each Security Incident. FNT in its sole discretion will determine whether to provide notification to customers, employees or agents concerning a breach or potential breach of security or any other type or form of Security Incident. Furthermore, FNT, and not FIS, will determine the need for and will have the sole authority to initiate disclosure to appropriate government authorities in the event of a security breach, unless such disclosure by FIS is mandated by applicable law or regulation. (e) FIS agrees to maintain on all Systems associated with access, processing, storage, communication and/or transmission of FNT Data, a continuous monitoring program to enable early detection of any known or suspected instance of unauthorized use, access, disclosure, theft, manipulation, reproduction and/or possible Security Incident. (f) To the extent that any of the Services are provided from a location other than an FIS Service Location, including but not limited to locations or facilities provided by FNT to FIS for the purposes of providing the Services (a "FNT Location"), FIS shall comply with those safety and security procedures that are in effect at such FNT Location and of which FIS is aware or reasonably should be aware. To the extent FNT's personnel are present at the FIS Service Location in connection with the performance of the Services, FNT shall comply with those safety and security policies and procedures imposed by FIS at FIS Service Locations of which FNT is aware or reasonably should be aware.

Safety and Security Procedures. (a) FIS shall maintain and enforce, at the FIS Service Locations, safety and security procedures that are at least (i) compliant with Regulations and the Fidelity Information Security Policy in accordance with FIS'S 's obligations under Section 3.13, (ii) equal to industry standards for such FIS Service Locations, and (iii) as rigorous as those procedures in effect at the FIS Service Locations as of the Effective Date. FIS shall investigate and remedy any Security Incident (as defined below) at the FIS Service Locations, if applicable, in accordance with the provisions of this Section. (b) At the FIS Service Locations, FIS shall maintain and comply with safeguards against the destruction, loss or alteration of FNT FNF Data (as defined in Section 12.1) (the "Data Safeguards") which are at least (i) compliant with the requirements of Section 3.13, (ii) equal to generally accepted insurance industry standards, and (iii) as rigorous as those procedures used in protection of its own similar data as of the Effective Date. The safeguards shall include (1) FNT FNF Data back up and storage which is separate from that of other FIS customers, and (2) upon request, reports of appropriate logs of the internal FIS firewall(s), FIS leveraged firewalls used to deliver FNT FNF services or FIS-managed, FNTFNF-dedicated firewalls which separate the FNT FNF segment from other FIS segments (except that FIS reserves the right to mask certain sensitive information (e.g.i.e., FIS internal or other FIS customer IP addresses)). All changes to the firewall rule sets which will affect the delivery of the Services shall be made in accordance with Change Control Procedures. FNT FNF shall be permitted to conduct, or to cause FIS to engage a third party (who is not a competitor and is mutually agreeable to FIS) to conduct, at FNTFNF's expense and no more frequently than once a year, a review of FIS'S 's information security management, the FIS firewall rule sets for the internal FIS firewall(s) which separate the FNT FNF segment from other FIS segments or leveraged firewalls used to deliver FNT FNF services (except that FIS reserves the right to mask certain sensitive information (e.g.i.e., FIS internal or other FIS customer IP addresses)), FIS-managed, FNTmanaged FNF-dedicated firewalls and any other security procedures implemented at the FIS Technology Centers (as set forth in Exhibit E) with respect to the Systems at the FIS Technology Centers upon reasonable notice (which shall be no less than ten (10) days notice for such reviews by auditors and inspectors designated by FNT FNF and upon request, regardless of advance notice (a) to the extent FNT FNF is required to conduct such a more immediate review for compliance with law and (b) for more immediate such reviews by FNT FNF regulators) and so as to not disrupt FIS business operations. Such access shall be provided to FNT FNF in accordance with FIS'S ' Master Services Agreement security and audit guidelines (i.e., access will be provided at the applicable FIS Service Location with the assistance of FIS personnel and shall include the opportunity to review but not copy the logs). FIS shall cooperate fully with any FNT FNF investigation of a Security Incident. Such collaboration shall include permitting FNT FNF access to internal audit data and logs of communications traffic pertinent to the Security Incident, provided that FIS shall not be required to disclose any information regarding other customers of FIS. (c) FIS shall maintain in effect at all times, and promulgate, within FIS and FIS Subcontractors performing Services, a Security Incident response plan, describing procedures for FIS to follow in the event of any actual (i) unauthorized use, access, disclosure, theft, manipulation and/or reproduction of FNT FNF Data, and/or (ii) security breach of the Systems associated with the accessing, processing, storage, communication and/or transmission of FNT FNF Data (a "Security Breach") or if FIS or FNT FNF has a reasonable cause to believe that such a Security Breach has occurred or will occur (collectively, a "Security Incident"). This Security Incident Response Plan will include a documented escalation procedure and a process for notifying FNT FNF immediately upon FIS'S 's becoming aware of a Security Incident without regard to incident point of origination. Communication to FNT FNF as to a Security Incident should, in the first instance, be directed to the FNT FNF Relationship Manager within one (1) hour of FIS'S 's awareness thereof), in a manner and timeframe consistent with California's Security Breach Notification Act and any other applicable law and/or regulation. (d) Subject to appropriate protections of third party confidential information, FNT FNF may elect, with FIS'S 's cooperation, to observe any FIS investigation associated with any such Security Incident and FIS will, in any event, keep FNT FNF informed of all progress and actions taken in response to each Security Incident. FNT FNF in its sole discretion will determine whether to provide notification to customers, employees or agents concerning a breach or potential breach of security or any other type or form of Security Incident. Furthermore, FNTFNF, and not FIS, will determine the need for and will have the sole authority to initiate disclosure to appropriate government authorities in the event of a security breach, unless such disclosure by FIS is mandated by applicable law or regulation. (e) FIS agrees to maintain on all Systems associated with access, processing, storage, communication and/or transmission of FNT FNF Data, a continuous monitoring program to enable early detection of any known or suspected instance of unauthorized use, access, disclosure, theft, manipulation, reproduction and/or possible Security Incident. (f) To the extent that any of the Services are provided from a location other than an FIS Service Location, including but not limited to locations or facilities provided by FNT FNF to FIS for the purposes of providing the Services (a "FNT FNF Location"), FIS shall comply with those safety and security procedures that are in effect at such FNT FNF Location and of which FIS is aware or reasonably should be aware. To the extent FNTFNF's personnel are present at the FIS Service Location in connection with Master Services Agreement the performance of the Services, FNT FNF shall comply with those safety and security policies and procedures imposed by FIS at FIS Service Locations of which FNT FNF is aware or reasonably should be aware.

Safety and Security Procedures. (a) FIS shall maintain and enforce, at the FIS Service Locations, safety and security procedures that are at least (i) compliant with Regulations and the Fidelity Information Security Policy in accordance with FIS'S ’s obligations under Section 3.13, (ii) equal to industry standards for such FIS Service Locations, and (iii) as rigorous as those procedures in effect at the FIS Service Locations as of the Effective Date. FIS shall investigate and remedy any Security Incident (as defined below) at the FIS Service Locations, if applicable, in accordance with the provisions of this Section. (b) At the FIS Service Locations, FIS shall maintain and comply with safeguards against the destruction, loss or alteration of FNT Data (the "“Data Safeguards"”) which are at least (i) compliant with the requirements of Section 3.13, (ii) equal to generally accepted insurance industry standards, and (iii) as rigorous as those procedures used in protection of its own similar data as of the Effective Date. The safeguards shall include (1) FNT Data back up and storage which is separate from that of other FIS customers, and (2) upon request, reports of appropriate logs of the internal FIS firewall(s), FIS leveraged firewalls used to deliver FNT services or FIS-managed, FNT-dedicated firewalls which separate the FNT segment from other FIS segments (except that FIS reserves the right to mask certain sensitive information (e.g., FIS internal or other FIS customer IP addresses)). All changes to the firewall rule sets which will affect the delivery of the Services shall be made in accordance with Change Control Procedures. FNT shall be permitted to conduct, or to cause FIS to engage a third party (who is not a competitor and is mutually agreeable to FIS) to conduct, at FNT's ’s expense and no more frequently than once a year, a review of FIS'S ’s information security management, the FIS firewall rule sets for the internal FIS firewall(s) which separate the FNT segment from other FIS segments or leveraged firewalls used to deliver FNT services (except that FIS reserves the right to mask certain sensitive information (e.g., FIS internal or other FIS customer IP addresses)), FIS-managed, FNT-dedicated firewalls and any other security procedures implemented at the FIS Technology Centers (as set forth in Exhibit E) with respect to the Systems at the FIS Technology Centers upon reasonable notice (which shall be no less than ten (10) days notice for such reviews by auditors and inspectors designated by FNT and upon request, regardless of advance notice (a) to the extent FNT is required to conduct a more immediate review for compliance with law and (b) for more immediate reviews by FNT regulators) and so as to not disrupt FIS business operations. Such access shall be provided to FNT in accordance with FIS'S ’s security and audit guidelines (i.e., access will be provided at the applicable FIS Service Location with the assistance of FIS personnel and shall include the opportunity to review but not copy the logs). FIS shall cooperate fully with any FNT investigation of a Security Incident. Such collaboration shall include permitting FNT access to internal audit data and logs of communications traffic pertinent to the Security Incident, provided that FIS shall not be required to disclose any information regarding other customers of FIS. (c) FIS shall maintain in effect at all times, and promulgate, within FIS and FIS Subcontractors performing Services, a Security Incident response plan, describing procedures for FIS to follow in the event of any actual (i) unauthorized use, access, disclosure, theft, manipulation and/or reproduction of FNT Data, and/or (ii) security breach of the Systems associated with the accessing, processing, storage, communication and/or transmission of FNT Data (a "“Security Breach"”) or if FIS or FNT has a reasonable cause to believe that such a Security Breach has occurred or will occur (collectively, a "“Security Incident"”). This Security Incident Response Plan will include a documented escalation procedure and a process for notifying FNT immediately upon FIS'S ’s becoming aware of a Security Incident without regard to incident point of origination. Communication to FNT as to a Security Incident should, in the first instance, be directed to the FNT Relationship Manager within one (1) hour of FIS'S ’s awareness thereof, in a manner and timeframe consistent with California's ’s Security Breach Notification Act and any other applicable law and/or regulation. (d) Subject to appropriate protections of third party confidential information, FNT may elect, with FIS'S ’s cooperation, to observe any FIS investigation associated with any such Security Incident and FIS will, in any event, keep FNT informed of all progress and actions taken in response to each Security Incident. FNT in its sole discretion will determine whether to provide notification to customers, employees or agents concerning a breach or potential breach of security or any other type or form of Security Incident. Furthermore, FNT, and not FIS, will determine the need for and will have the sole authority to initiate disclosure to appropriate government authorities in the event of a security breach, unless such disclosure by FIS is mandated by applicable law or regulation. (e) FIS agrees to maintain on all Systems associated with access, processing, storage, communication and/or transmission of FNT Data, a continuous monitoring program to enable early detection of any known or suspected instance of unauthorized use, access, disclosure, theft, manipulation, reproduction and/or possible Security Incident. (f) To the extent that any of the Services are provided from a location other than an FIS Service Location, including but not limited to locations or facilities provided by FNT to FIS for the purposes of providing the Services (a "“FNT Location"”), FIS shall comply with those safety and security procedures that are in effect at such FNT Location and of which FIS is aware or reasonably should be aware. To the extent FNT's ’s personnel are present at the FIS Service Location in connection with the performance of the Services, FNT shall comply with those safety and security policies and procedures imposed by FIS at FIS Service Locations of which FNT is aware or reasonably should be aware.