Common use of Security and Privacy Clause in Contracts

Security and Privacy. 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securit y_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. ‌ 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing.writing.‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS.DNSS.‌ 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products.Products.‌ 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. 11.1 12.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 12.2 (Intentionally Omitted). 11.3 12.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 12.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 12.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach. .

Security and Privacy. ‌ 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_S ecurity_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach. .

Security and Privacy. 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. Portal (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdf) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing. 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. ‌ 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier PortalPortal (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdf). (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)) These terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing.writing‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.

Security and Privacy. ‌ 11.1 Supplier will implement and maintain privacy and security measures to protect DXC Data, Services and Products in accordance with the Data Network Security Schedule ("DNSS") herein below. Additionally, these terms may be updated from time to time, and any such update may be reflected on the Supplier Portal. (xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Secur ity_Schedule-DNSS.pdf)) These xxxx://xxxxxx0.xxx.xxxxxxxxxx/contact_us/downloads/Data_Network_and_Securi ty_Schedule-DNSS.pdfThese terms may be modified from time to time. Any terms not defined within this document will rely on the definition in the DNSS. 11.2 (Intentionally Omitted). 11.3 Supplier shall only Process Data and access information systems to the extent and manner necessary to provide the Services, software or Products, in accordance with DXC’s instructions as set out in this Agreement. Any access to or use of DXC information systems or Processing of Data by or on behalf of Supplier for any other purpose shall be deemed a material breach of the Agreement by Supplier. Supplier shall not sell, rent, transfer, distribute, disclose, copy, alter, or remove Data, DXC information system, or Product unless authorized in writing by DXC. Supplier shall ensure all Processing of Data and provisioning of Services and Products complies with all Applicable Laws. If Supplier cannot Process the Data or provide Services or Products in accordance with such Applicable Laws and these terms then Supplier shall immediately notify DXC in writing.writing.‌ 11.4 Supplier shall develop, implement and maintain a comprehensive information security program with information security industry standard safeguards, such as ISO 27001/2, to protect Data against Security Breach and to provide secure Services or Products. 11.5 All Notifications, whether related to Security Breach, Inquiry, Product security vulnerability or non-compliance, shall be made to the DXC Cyber Defense Center via (a) email to: XXXXX@xxx.xxx in the event of a Security Incident and (b) telephonically to 0 (000) 000 0000 AMS and /or +00 0 0000 0000 International. Supplier shall use commercially reasonable efforts to provide DXC with Notification within 12 hours after Supplier becomes aware of a Security Breach.