to Transfer Agency and Service Agreement between DST Asset Manager Solutions, Inc. and TIAA-CREF Funds
Exhibit (h)(28)
AMENDMENT
to
Transfer Agency and Service Agreement
between
DST Asset Manager Solutions, Inc.
and
This amendment, effective as of July 1, 2020 (the “Effective Date”), is made by the parties to the Transfer Agency and Service Agreement entered into on September 1, 2009, as amended (the “Agreement”), between the TIAA-CREF Funds (collectively, the “Funds” and individually, the “Fund”) by and on behalf of each of their Portfolios, individually and not jointly, as listed on Schedule A to the Agreement and DST Asset Manager Solutions, Inc. (formerly known as Boston Financial Data Services, Inc.) (the “Transfer Agent” or “DST”). Capitalized terms used in this amendment without definition shall have the respective meanings given to such terms in the Agreement.
WHEREAS, pursuant to the Agreement, the Funds have each appointed the Transfer Agent as transfer agent, dividend disbursing agent and agent in connection with certain other activities, as set forth in the Agreement, of each Fund and its Portfolios; and
WHEREAS, the Funds and the Transfer Agent desire to amend certain provisions of the Agreement.
NOW, THEREFORE, in consideration of the foregoing and the mutual covenants and agreements hereinafter contained, the sufficiency of which is hereby acknowledged, the Funds and the Transfer Agent hereby agree to amend the Agreement pursuant to the terms thereof, as follows:
1. Term. The Initial Term set forth in Section 13.1 of the Agreement is hereby redefined as the period extending from the Effective Date to May 10, 2025 (the “Extension Period”).
2. Fees. The Fee Schedule attached to the Agreement as Schedule 3.1, as modified by amendment from time to time (the “Current Fee Schedule”) is deleted in its entirety and the new Schedule 3.1 (the “2020 Fee Schedule”) attached hereto is inserted in lieu thereof and shall supercede and replace the “Current Fee Schedule” entirely from and after the Effective Date.
3. Print/Mail. The parties acknowledge that Transfer Agent is no longer performing or subcontracting print/mail services to a third party for the printing contemplated under the Agreement, but instead the Funds have directly engaged a separate print vendor(s) to provide such services. As such, any references in the Agreement to Transfer Agent preparing and mailing any items, including but not limited to Shareholder reports, prospectuses, Shareholder statements and confirmations, and applicable tax forms (1099, 1042, etc.) (“Shareholder Documents”) shall be modified to reflect Transfer Agent preparing and providing, in electronic format, to the Funds’ print vendor(s) of choice “print/read” files of such Shareholder Documents to enable the print vendor(s) to print and mail the Shareholder Documents to Shareholders and to the Funds for electronic delivery of
Shareholder daily statements, confirmations and tax forms (1099Div/B, etc.), and any future enhancement for electronic delivery of additional items as agreed upon between the Funds and the Transfer Agent. Transfer Agent’s composition of such Shareholder Documents is outlined in Appendix A, attached hereto, and is subject to the fees outlined therein. Not in limitation of the generality of the foregoing, the following sections are amended as follows:
a. | Section 1.1(p) is hereby deleted in its entirety and the following is inserted in lieu thereof: |
(p) Prepare and deliver to the Funds’ print vendor(s) of choice for print/mail, and to the Funds for e-delivery to Shareholders, electronic files related to (i) daily confirmations of transactions, quarterly statements, maintenance confirms, tax forms and other ad hoc mailings as designated by the Fund, and (ii) account statements for periods designated by the Fund.
b. | Section 1.2(a) is hereby deleted in its entirety and the following is inserted in lieu thereof: |
(a) Other customary services. Perform the customary services of a transfer agent, dividend disbursing agent, and, as relevant, agent in connection with accumulation, open account or similar plan (including without limitation any periodic investment plan or periodic withdrawal program), including but not limited to: maintaining all Shareholder accounts, preparing Shareholder meeting lists, sending electronic files to the Funds’ print vendor(s) of choice for the mailing of Shareholder proxies, Shareholder reports and prospectuses to current Shareholders, withholding taxes on U.S. resident and non-resident alien accounts, preparing and filing U.S. Treasury Department Forms 1099 and other appropriate forms required with respect to dividends and distributions by federal authorities for all Shareholders, sending electronic files to the Funds’ print vendor(s) of choice for confirmation forms and statements of account to Shareholders for all purchases and redemptions of Shares and other confirmable transactions in Shareholder accounts, sending electronic files to the Funds’ print vendor(s) of choice for activity statements for Shareholders and providing Shareholder account information, as well as sending files to the Funds for those transactions delivered via e-delivery.
c. | Print/Mail service levels in Schedule 12.3 are deleted in their entirety. |
4. Section 1.3, Site Visits and Inspections; Regulatory Examinations, is hereby amended to include the following immediately after the third (3rd) sentence:
“Transfer Agent or Transfer Agent personnel shall promptly take action at its expense to correct those matters or items identified in any such inspection or audit that require correction, to the extent and in such manner as mutually agreed (provided, however, any item identified in a SSAE 18 Audit will be addressed in accordance with the management response).”
5. Data Security.
a. | The second sentence of Section 7.7(a) is deleted in its entirety and the following is inserted in lieu thereof: |
“The Transfer Agent, upon its knowledge of any material violation of any such established security protocols, shall notify, by telephone (with facsimile or email confirmation), the Funds, as soon as practicable, but in any event within six (6) hours following discovery of such violation.”
b. | The current Schedule 7.7 Information Protection is hereby deleted in its entirety and Schedule 7.7 Information Protection attached hereto is inserted in lieu thereof. |
6. Disaster Recovery.
a. | Section 7.8 is hereby deleted in its entirety and the following is inserted in lieu thereof: |
7.8 BUSINESS CONTINUITY
(A) Transfer Agent shall maintain throughout the Term business continuity, disaster recovery, and backup capabilities (the “Plan(s)”) that are designed to permit Transfer Agent to perform its obligations hereunder with minimal disruptions or delays and within the recovery time objective of the Plans. The Plans shall also provide for the recovery from disruptions to Transfer Agent’s sites, technology and staff, including pandemic planning or other impacts that could result in mass protracted absenteeism.
(B) An executive summary of Transfer Agent’s Plan evidencing viable recovery strategies for all Transfer Agent personnel is set forth in Schedule 7.8. If applicable, an updated executive summary shall be provided to the Funds on or before each anniversary date of the Effective Date of the Agreement during the Term.
(C) Transfer Agent will test the Plan at regular intervals (no less frequently than annually) and provide the Funds with a summary of the documented results of the business continuity/disaster recovery tests that relate to the Services provided hereunder within thirty (30) days of test completion and shall include the demonstrated recovery time capability, and if housing Funds Confidential Information, the recovery point capability as evidenced in the test. In addition, at least once per year, Transfer Agent will provide a minimum of ninety (90) days advance written notice of testing to allow the Funds to participate in and/or monitor Transfer Agent’s test exercises for the Plans.
(D) If Transfer Agent is required to activate a Plan due to an unplanned disruption, then (i) the Plan provides for a recovery time objective target of Transfer Agent processes in all material respects in order
to perform the Services of four (4) hours (or less); and (ii) if Transfer Agent is storing Fund Confidential Information, then the Plan provides for a recovery point objective of thirty (30) minutes (or less) and Transfer Agent shall notify the Funds of the Plan activation as soon as possible after the disruption occurs. The parties understand that the Automated Work Distributor (“AWD”) application will not be recovered within the four (4) hour recovery time objective time frame specified above, but can support the recovery point objective of thirty (30) minutes or less.
(E) In the event that the Funds must invoke its own Disaster Recovery Plan, the Transfer Agent will cooperate with the Funds to provide back-up support to assist the Funds with the implementation of its Disaster Recovery Plan within 48 hours following the time of a disaster declaration by the Funds, and the Funds shall reimburse or cause to be reimbursed the Transfer Agent for any reasonable reimbursable and other fees and expenses in providing such services.
b. | Section 7.10 is hereby hereby deleted in its entirety and the reference of “Intentionally Deleted” is inserted in lieu thereof. |
7. Schedule A (Funds). Schedule A to the Agreement is hereby replaced with the attached new Schedule A (Funds).
8. Schedule 12.3 (Performance Measurement Standards). Schedule 12.3 to the Agreement is hereby replaced with the attached new Schedule 12.3.
9. Schedule 12.4(a) (Insurance). Schedule 12.4(a), Insurance Requirements, of the Agreement shall be deleted in its entirely and replaced with Schedule 12.4(a) attached hereto.
10. Recitals Incorporated; Definitions. The foregoing recitals are true and correct and by this reference are incorporated herein. All capitalized terms not otherwise defined herein shall have the meanings set forth in the Agreement. For clarity, references to SAS-70 or SSAE 16 in the Agreement, as amended (if any) shall be updated to Statement on Standards for Attestation Engagements No. 18 (SSAE 18), report on controls at a Service Organization or successor report issued by DST AMS’ certified public accountants.
11. Business Day. Transfer Agent acknowledges that each Fund determines its net asset value per Share, or Share price, on each day that the NYSE or its affiliated exchanges, NYSE Arca Equities or NYSE American (collectively, the “NYSE Exchanges”), are open for trading (each such day a “Fund Business Day”) as of the latest close of the regular (or core) trading session of any of the NYSE Exchanges (normally 4:00 p.m. Eastern Time or such earlier time that is the latest close of a regular (or core) trading session of any of the NYSE Exchanges). The Funds do not price their Shares on days that are not a Fund Business Day. Notwithstanding the above, nothing in the Agreement or this Amendment shall obligate Transfer Agent to perform any services or operate outside of normal NYSE hours (irrespective of NYSE Arca Equities or NYSE American hours) without further discussion and additional fees.
12. Continuing Provisions of the Agreement. Except as otherwise specifically set forth in this Amendment, all other terms of the Agreement shall remain unchanged and continue in full force and effect.
13. Counterpart Signatures. This Amendment may be executed in any number of counterpart signatures with the same effect as if the parties had all signed the same document. All counterpart signatures shall be construed together and shall constitute one agreement.
IN WITNESS WHEREOF, the parties hereto have caused this Amendment to be executed in their names and on their behalf by and through their duly authorized officers, as of the day and year first above written.
DST ASSET MANAGER SOLUTIONS, INC. | TIAA-CREF FUNDS, ON BEHALF OF EACH OF ITS PORTFOLIOS | ||
By: /s/ Xxxxx Xxxxxx | By: /s/ Xxxx Xxxxxx | ||
Name: Xxxxx Xxxxxx | Name: Xxxx Xxxxxx | ||
Title: Authorized Representative | Title: Principal Executive Officer and President |
APPENDIX A
Composition Services
This Appendix expressly incorporates by reference and is subject to the Agreement. Unless specifically stated otherwise, all terms, covenants and conditions described in the Agreement are incorporated herein by reference as if the same had been described herein in full. In the event of a conflict between the terms set forth in this Appendix and the Agreement, the terms of this Appendix shall govern.
1. | Definitions |
Unless otherwise defined herein, all capitalized terms shall have the meaning set forth in the Agreement.
“Development Documents” means any of the following documents: System Requirements Document, Project Development Estimate, Project Requirements Document or any other mutually agreed to document describing the development activities.
“Document” means the equivalent electronic rendition of a single customer communication as identified herein or in the Development Documents, including, but not limited to statement, check image, report, trade confirmation, or tax document.
“Document Type” means the types of Documents set forth in Development Documents for which the Services will be provided.
“Format” means DST will structure the input data provided by the Funds’ recordkeeping system so as to present the information organized and arranged according to the Funds’ requirements as detailed in the Development Documents.
“Image” means the equivalent of impression that would be applied to one side of a single sheet in a simplex print-processing environment.
“Services” means the services described in this Composition Services Schedule.
2. | Description of Services |
2.1 | DST will provide the following Services: |
a. | Data Processing –Documents: DST will process, format and index the Funds’ data in a design and format to support the electronic presentment and delivery of Documents or delivery of such Documents to (i) one or more print vendor(s) of the Funds’ choice or (ii) to the Funds for electronic presentment and delivery. The Services will include: (i) composition and electronic creation of all Document Types (as defined below); (ii) creating, archiving, and maintaining electronic Images of each composed and created Document Type; and (iii) making available Document Types to one or more print vendor(s) or electronic presentment vendor(s} of the Funds’ choice. |
b. | Development of New Document Type Templates . As part of the Services, DST shall create and maintain the format, design and content for each Document Type (each, a |
6 |
“Document Type Template”) in accordance with the Funds’ requirements. The Funds may request DST to create new Document Type Templates and/or to modify a Document Type Template (each, a “Document Type Template Development/Modification Request”). DST shall create and/or modify Document Type Templates and the Funds shall evaluate and either accept or reject such Document Type Templates in accordance with the process set forth in Annex 1 attached hereto. Once created and approved by the Funds, all Document Type Templates shall be maintained by DST in accordance with this Composition Services Schedule.
c. | USPS Move Update Requirements. DST is responsible for updating the addresses in its mailing lists no more than ninety-five (95) days prior to the mailing date or as otherwise required by the USPS (“Move Update Requirements”). DST shall provide the Funds with a document, as requested by the Funds from time to time, evidencing such compliance. |
2.3 | Development Documents |
The Development Documents describe all requirements for customization of the Services, the web site, and other systems and software utilized in connection with performance of the Services. The Funds will comply with the terms of the Development Documents that describe any project assistance that may be required for completion of deliverables described in the Development Documents. The Services may also include such additional services and/or customization of the Services as may be mutually agreed upon by the Parties from time to time. Each such additional service and/or customization, together with such additional pricing, fees, expenses, terms and conditions, all as mutually agreed by the Parties, shall be detailed in separate Development Documents that will be annexed to and made a part of this Appendix.
3. | Delivery of Data for Processing, Schedules and Data Requirements |
The Funds will transmit the data not already on a DST system necessary for DST to complete its Services via a mutually agreed upon method and on an agreed upon schedule.
Delivery of the Funds’ data (to the extent not already on a DST System) to the DST production facility will be via the format, protocols and formatting instructions set forth in the agreed upon Development Documents and the Funds’ data will fulfill the requirements identified in the Development Documents.
DST will have no responsibility for delays or errors resulting from the Funds’ failure to provide the Funds’ data (to the extent not already on a DST System) correctly. The Funds may, at their option, transmit such Funds’ data before the Funds have made a final accuracy check. Therefore, DST will hold all production until a written or electronic release has been issued by the Funds. Should retransmissions be necessary or a release be issued that is later rescinded, the Funds shall pay DST the applicable processing fees for any work performed prior to rescission at the rates set forth in the Pricing Attachment.
4. | Obligations and Conditions of Services |
4.1 | DST assumes no responsibility for the business results achieved from use of the Services or errors or interruptions caused by third parties (other than third parties for whom DST is responsible under the Agreement), including but not limited to (i) failures attributable to |
7 |
user errors or misuse of the Services, (ii) failures to use corrections supplied by DST, or (iii) modifications by the Funds or any third party. DST makes no warranty with respect to the performance of third parties such as web portals, automated clearing houses, financial institutions, and other internet service providers and telecommunication carriers, or as to the reliability, security or performance of the internet.
4.2 | Each party will promptly notify the other party of any suspected fraudulent activity of which the original party may become aware during the Extension Period. The Funds will only use the payment services for the purposes contemplated herein and in accordance with the policies and procedures provided by DST. |
4.3 | Each party will notify the other party in writing immediately if it becomes aware of any claim of loss or liability by a third person related to a Service. |
5. | Fees |
DST will perform the Composition Services in exchange for the fees set forth in the fees Exhibit attached hereto as Exhibit A.
6. | Term and Termination |
This Appendix shall be effective upon the Effective Date and shall be coterminous with the Agreement unless either Party provides written notice of intent not to renew at least one hundred and eighty (180) days prior to the expiration date of the Extension Period.
In the event that the Funds, upon termination or expiration of this Appendix, request DST to provide the Funds with return data files to support an equivalent solution, additional fees may apply.
8 |
SERVICE SCHEDULE – EXHIBIT A
FEE SCHEDULE*
[Omitted fee schedule]
9 |
Annex 1
Document Type Template Creation/Modification Process
1. At any time during the Extension Period, the Funds may submit a Document Type Template Development/Modification Request to DST. Each Document Type Template Development/Modification Request will be in writing and will set out the Funds’ reasonable requirements related thereto.
2. DST will submit to the Funds: (i) as soon as reasonably possible after receiving a Document Type Template Development/Modification Request, but in no event more than five (5) Business Days after receipt of complete requirements, a written proposal for performance of the Development Request (“Document Type Development Request Proposal”), which shall include the following: (1) a description of the tasks to be performed by DST; (2) the applicable specifications; (3) the completion date for each task and for each deliverable; (4) the specific resources to be provided by DST by project discipline for the performance of the Document Type Development Request; and (5) the applicable fees due to DST.
3. If the Funds accept a Document Type Development Request Proposal, DST will perform the Document Type Development Request in accordance with the agreed upon terms and requirements set forth in such Document Type Development Request Proposal and the terms and conditions of this Composition Services Schedule (collectively, the “Development/Modification Terms”).
10 |
SCHEDULE A
Funds
Bond Index Fund |
Core Bond Fund |
Core Impact Bond Fund |
Core Plus Bond Fund |
Emerging Markets Equity Fund |
Emerging Markets Equity Index Fund |
Emerging Markets Debt Fund |
Equity Index Fund |
5–15 Year Laddered Tax-Exempt Bond Fund |
Green Bond Fund |
Growth & Income Fund |
High-Yield Fund |
Inflation-Linked Bond Fund |
International Bond Fund |
International Equity Fund |
International Equity Index Fund |
International Opportunities Fund |
Large-Cap Growth Fund |
Large-Cap Growth Index Fund |
Large-Cap Value Fund |
Large-Cap Value Index Fund |
Mid-Cap Growth Fund |
Mid-Cap Value Fund |
Money Market Fund |
Quant International Equity Fund |
Quant International Small-Cap Equity Fund |
Quant Large-Cap Growth Fund |
Quant Large-Cap Value Fund |
Quant Small-Cap Equity Fund |
Quant Small/Mid-Cap Equity Fund |
Real Estate Securities Fund |
Short-Duration Impact Bond Fund |
Short-Term Bond Fund |
Short-Term Bond Index Fund |
Small-Cap Blend Index Fund |
Social Choice Equity Fund |
Social Choice International Equity Fund |
Social Choice Low Carbon Equity Fund |
S&P 500 Index Fund |
Lifecycle Retirement Income Fund |
Lifecycle 2010 Fund |
Lifecycle 2015 Fund |
Lifecycle 2020 Fund |
Lifecycle 2025 Fund |
Lifecycle 2030 Fund |
Lifecycle 2035 Fund |
11 |
Lifecycle 2040 Fund |
Lifecycle 2045 Fund |
Lifecycle 2050 Fund |
Lifecycle 2055 Fund |
Lifecycle 2060 Fund |
Lifecycle Index Retirement Income Fund |
Lifecycle Index 2010 Fund |
Lifecycle Index 2015 Fund |
Lifecycle Index 2020 Fund |
Lifecycle Index 2025 Fund |
Lifecycle Index 2030 Fund |
Lifecycle Index 2035 Fund |
Lifecycle Index 2040 Fund |
Lifecycle Index 2045 Fund |
Lifecycle Index 2050 Fund |
Lifecycle Index 2055 Fund |
Lifecycle Index 2060 Fund |
Lifestyle Income Fund |
Lifestyle Conservative Fund |
Lifestyle Moderate Fund |
Lifestyle Growth Fund |
Lifestyle Aggressive Growth Fund |
Managed Allocation Fund |
12 |
SCHEDULE 3.1
FEES AND EXPENSES
Effective: July 1, 2020 – May 10, 2025
[Omitted fee schedule]
13 |
SCHEDULE 7.7
Information Protection
This Appendix is made subject to the terms of the Agreement, and to the extent the terms hereunder conflict with the terms of the Agreement, the terms of this Appendix shall prevail. The requirements of this Appendix are applicable if and to the extent that DST creates, has access to, or receives from or on behalf of Funds any Fund Confidential Information in electronic format.
1. Definitions. Capitalized terms have the same meaning as set forth in the Agreement unless specifically defined below:
1.1 | “Fund Confidential Information” has the meaning set forth in the Agreement. |
1.2 | “DST Security Assessment” has the meaning set forth in Section 3.6. |
1.3 | “Mitigate” means DST’s deployment of security controls as necessary, in its discretion, which are reasonably designed to reduce the adverse effects of threats and reduce risk exposure. |
1.4 | “Remediation” or “Remediate” means that DST has resolved a Security Exposure or Security Incident, such that the vulnerability no longer poses a risk to Fund Confidential Information. |
1.5 | “Security Exposure” means an identified vulnerability that may be utilized to compromise Fund Confidential Information. |
1.6 | “Security Incident” means the confirmed unauthorized disclosure of Fund Confidential Information. |
2. General Requirements.
2.1 | Security Program. DST shall maintain a comprehensive information security program under which DST documents, implements and maintains the physical, administrative, and technical safeguards reasonably designed and implemented to: (a) comply with U.S. laws applicable to DST’s business and (b) protect the confidentiality, integrity, availability, and security of Fund Confidential Information. Such program shall align with the National Institute of Security and Technology (“NIST”) security framework. |
2.2 | Policies and Procedures. DST shall maintain a Written Information Security Policy (“WISP”) that is reasonably designed and implemented to identify, prevent, detect, contain, and correct security violations of measures taken to protect the confidentiality, integrity and availability of Fund Confidential Information. The WISP, which may be in a single or multiple documents, must be reviewed and formally approved by DST management on an annual basis. The WISP should be reviewed more frequently if changes are required based on risk assessments or whenever there is a material change in business practices, threat landscape, or regulatory requirements that may reasonably implicate the security or integrity of records containing Fund Confidential Information. |
DST’s WISP must address, at a minimum, all security requirements as listed in this Schedule 7.7, as amended from time to time. DST shall make the WISP policy available to, and allow review by, Funds however the parties acknowledge that the WISP is guided by control standards which can only be viewed onsite upon the reasonable request of Funds |
14 |
(not more frequently than once per year). DST will not make any changes to the controls in the WISP which will materially negatively impact the security of Funds data.
At a minimum, the WISP will:
(i) establish and operate an information security function that is responsible for defining and overseeing the WISP, assign specific data security responsibilities and accountabilities to specific individual(s) designed to ensure effective management of information security and appropriate separation of duties within the organization, and employ qualified information security personnel sufficient to manage DST’s cybersecurity risks;
(ii) include a documented process by which exceptions to the WISP are reviewed and processed that addresses, at a minimum, the process for the prioritization, approval, and remediation, or risk acceptance, of controls that have not been adopted or implemented. DST will not allow any exceptions to the WISP as it pertains to Funds data without the agreement of Funds;
(iii) require accountability by DST personnel to immediately report suspected violations of the WISP to DST management. All DST personnel must formally acknowledge the WISP before they are granted access to Fund Confidential Information, and the WISP must document disciplinary measures for violations of the WISP;
(iv) describe acceptable use of DST’s assets, including computing systems, networks, and messaging. DST is responsible for ensuring that a resource inventory is kept current for all systems under DST’s control. It is the responsibility of DST to have an asset management policy which is communicated to DST personnel and other third parties. The asset management policy must be maintained and reviewed by management;
(v) provide authentication rules for the format, content and usage of passwords for end users, administrators, and systems. More specifically these policies will include:
(a) a password policy with a reasonably secure method of assigning and selecting passwords, or the use of unique identifier technologies, such as biometrics or token devices that cover all systems that store, access, transmit or process Fund Confidential Information. Passwords cannot be vendor supplied default passwords. This policy shall define standards for controlling password length, strength and change frequency;
(b) a policy requiring DST personnel to maintain the confidentiality of system passwords, keys, and passcodes designed to ensure Fund Confidential Information is not accessed without authorization. Passwords used for the protection of Fund Confidential Information must not be hard-coded into any scripts; |
(c) a policy restriction against DST personnel reusing at least the last twelve (12) previous passwords; |
(d) controls to lock accounts when no more than five (5) invalid login attempts are made; |
(e) a documented process to reset passwords that requires verification of user identity prior to password reset; and |
(f) a requirement for system sessions to automatically timeout, and in the case of systems that store, access, transmit or process Fund Confidential Information, that such timeout shall occur after no more than fifteen (15) minutes; |
(vi) describe logging and monitoring of DST’s production environment, including logging and monitoring of physical and logical access to DST’s networks and systems that process or store Fund Confidential Information;
(vii) include an incident response process;
15 |
(viii) enforce commercially reasonable practices for user authentication by employing a formal and documented process to grant access to facilities, systems, networks, and applications that contain Fund Confidential Information. This process must minimally include documented independent approval based on business need, and the initial password must be delivered in a secure manner and require change upon first logon;
(ix) restrict access to records and files containing Fund Confidential Information to only those DST personnel who need such information to perform the Services;
(x) restrict remote access, storage, or transmission to Fund Confidential Information. All remote access must be formally authorized by DST and must be protected using multi-factor authentication;
(xi) document a process to recertify access to facilities, systems, networks and applications regularly. This should include a documented review of access rights to confirm that access is still appropriate based on business needs. This review should occur at least annually or more frequently depending on risk and industry standards;
(xii) assign unique user IDs that are reasonably designed to maintain the integrity of the security of the access control to each person with computer access. Any shared accounts in use must be controlled such that the account is checked out and checked back in by a single individual (e.g. vaulting);
(xiii) include a formal risk management program which includes risk assessments performed at least annually, that defines internal and external threats, as well as the controls designed and implemented to mitigate these threats. Through its risk management program, DST must validate the effectiveness of these controls and document residual risk. The risk assessment must be performed on all systems, applications, and facilities transmitting, processing, or storing Fund Confidential Information include events and possible threats that could impact DST’s people, systems, and facilities. Additionally, the risk assessment program must include analysis of DST policy compliance. This risk assessment must be approved by DST management and communicated to DST personnel. DST must formally document roles and responsibilities for the risk assessment, including an owner to maintain and review the program;
(xiv) include self-assessments of internal controls in the area of information security for purposes of verifying compliance with their respective information security program, as well as with any legal, regulatory or industry requirements. The assessment should also be designed to ensure the WISP is operating in a manner reasonably calculated to prevent unauthorized access to, or use of, Fund Confidential Information, and result in upgrading information security safeguards as necessary to limit risks;
(xv) limit the amount of Fund Confidential Information collected to that reasonably necessary to accomplish the Services, limiting the time such information is retained to that reasonably necessary to perform the Services, regulatory requirements, and limiting access to those persons who are reasonably required to access or handle the Fund Confidential Information in order to perform the Services; and
(xvi) provide an adequate framework of controls reasonably designed to safeguard Fund Confidential Information.
2.3 | Subcontractors. To the extent that any subcontractor engaged by DST to provide services under the Agreement has access to, or receives from or on behalf of Funds any Fund Confidential Information in electronic format, DST shall enter into a written agreement with such subcontractor, which agreement shall contain provisions regarding maintaining the confidentiality of the Fund Confidential Information which are substantially compliant with, and at least as protective as, those terms set forth in the Agreement (including this Exhibit), to the extent the terms of the Agreement and this Appendix would be relevant to the subcontractor’s services provided. |
16 |
(i) Subcontractor List. DST must maintain an up-to-date list of subcontractors that access, store, transmit, or use Fund Confidential Information.
(ii) Monitoring Subcontractors. For subcontractors who collect, transmit, share, store, control, process, manage or access Fund Confidential Information, DST is responsible for assessing and monitoring subcontractor control environments to meet reasonable security standards commensurate with the level of access and service provided by such subcontractor. DST must review and monitor the security practices and processes of its subcontractors on a regular basis, including, but not limited to, performing periodic audits on the security adequacy and compliance of the subcontractor. Where applicable and consistent with the services provided, any Statement on Standards for Attestation Engagements 18 (SSAE18) reports or similar report will be reviewed by DST at least annually. DST, upon prior written request, will provide evidence of DST’s oversight of any DST personnel. This may include, but is not limited to, documents related to DST’s vendor management program. |
2.4 | IT Change and Configuration Management. DST shall employ its own reasonable processes, for change management, code inspection, repeatable builds, separation of development and production environments, and testing plans. Code inspections will include a comprehensive process reasonably designed and implemented to identify vulnerabilities and malicious code. In addition, DST shall ensure that processes are documented and implemented for purposes of vulnerability management, patching, and verification of system security controls prior to their connection to production networks. |
2.5 | Firewall Management. Firewall management processes must be documented and meet industry standards. Any files containing Fund Confidential Information on a system connected to the internet must be protected with up to date, industry standard, firewall protections and operating system security patches designed to maintain integrity and security of the Fund Confidential Information. |
2.6 | Network Access. DST must implement controls designed to prevent unauthorized devices from physically connecting to the internal network or to detect and alert an administrator (e.g. Network Access Control device (NAC)). DST must scan for rogue wireless access points on a regular basis. |
2.7 | Physical and Environmental Security. DST shall: (i) restrict entry to DST’s area(s) where Fund Confidential Information is stored, accessed, or processed solely to DST’s personnel or DST authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety. |
2.8 | DST Employee Training and Access. DST shall: (i) train its employees on the acceptable use and handling of Fund Confidential Information; (ii) train its employees upon hiring on the WISP, the proper use of systems impacting Fund Confidential Information, and internal and external threats as identified in the risk assessment specified in Section 2.2(xiii) above and the expected procedures defined in the WISP to mitigate these threats; (iii) provide annual security education for its employees and maintain a record of employees that have completed such education; (iv) provide specialized security training to developers with roles and responsibilities in the development of applications interacting with Fund Confidential Information or systems; and (v) implement a formal user registration and de-registration procedure for granting and revoking access to DST’s information systems and services; and upon termination of any of DST’s employees, DST shall revoke such employee’s access to DST’s domain following termination of such individual and revoke such individual’s access to Fund Confidential Information within no more than twenty-four (24) hours of involuntary termination and within two (2) Business Days after voluntary termination hours and in accordance with DST’s internal policies and procedures. All privileged accounts with access to Fund Confidential Information that are known by the user must undergo a password change. |
2.9 | Change Notifications. DST may, in its sole discretion, revise DST information security policies and procedures based on internal company security and compliance related risk |
17 |
assessment decisions, provided such revisions do not materially degrade the controls associated with DST’s information security services provided to Funds as of the date of execution of this Exhibit.
2.10 | Data Classification, DST must assign a classification rating that indicates the level of protection that should be applied when Fund Confidential Information is stored, processed, accessed, or transmitted. This includes identifying paper, electronic and other records, computing systems, and storage media, including laptops and portable devices used to store Fund Confidential Information, except where the WISP provides for the handling of all records as if they all contained Fund Confidential Information. |
2.11 | Data Loss Prevention. DST must implement a data loss prevention program to monitor and control the data in and out of networks containing Fund Confidential Information. DST must restrict the ability of DST personnel to exfiltrate Fund Confidential Information by implementing reasonably appropriate security controls designed to mitigate the risks. This includes preventative controls (e.g. proxy rules, filtering products, blocking and/or monitoring, etc.) in place to prevent client information from being sent externally by DST without encryption. |
2.12 | Encryption Standards. DST will define in its WISP minimum standards for data encryption. DST will employ approved industry standards designed to ensure that applicable requirements are implemented to protect the data. DST must: |
(i) encrypt Fund Confidential Information while in transit across public networks; |
(ii) encrypt Fund Confidential Information at rest on portable computing devices including laptops, electronic media (including removable media), and electronic storage devices. Use of removable media (floppy disk, recordable CD/DVD, USB drive, etc.) to store Fund Confidential Information must be prohibited without a business need and explicitly authorized internally. DST allows AES256 encryption on the mainframe disk controllers; however, encryption at the database layer is not implemented; and |
(iii) document procedures for managing encryption keys. Access to encryption keys must be restricted to named administrators governed by an access management program with at least annual review. Encryption keys must be protected in storage, and must not be stored on the same systems that perform the encryption / un-encryption. |
2.13 | Data Retention. DST shall destroy all Fund Confidential Information at Funds’ request, but in any event following completion of the applicable services provided under the Agreement except to the extent: (a) required by U.S. law; (b) expressly required or permitted by Funds in writing; (c) to the extent necessary to comply with the Funds’ or DST’s legal or regulatory obligations; or (d) as otherwise permitted in accordance with the Agreement. Electronic media that is not physically destroyed must be irrevocably erased or degaussed, such that the media is no longer readable for any purpose. DST must develop and document information destruction processes that meet industry standards and must be used in all cases when Fund Confidential Information is no longer needed. DST shall keep records of all Fund Confidential Information destruction completed and provide such records to Funds upon demand or contract termination . |
2.14 | Segregation of Funds Data. DST shall use generally accepted security management controls designed to ensure that none of DST’s other clients have access to Fund Confidential Information. |
2.14 | Bring Your Own Device. DST shall ensure security controls, including, mobile device management (MDM), virtual sandbox, remote wipe capabilities and encryption must be in place if Fund Confidential Information can be stored, accessed, transmitted to or from, or used on a personal device. DST must have policies to ensure DST personnel maintain the security of these devices including requirements around timely updating and patching, password management, current anti-virus/anti-malware and prevention of “jailbreaking” or “rooting” personal devices. |
18 |
3. | Due Diligence Supporting Materials; Security Assessment. |
3.1 | Due Diligence Supporting Materials. In response to the Funds’ due diligence efforts, DST will provide copies of its: (i) BITS Full Standard Information Gathering questionnaire; (ii) if applicable, once annually, the SOC 1, Type II report, prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on Controls at a Service Organization; (iii) information security policy and control standards summary; and (iv) network penetration vendor attestation letter. DST will be reasonably available to answer any additional questions of Funds, up to forty (40) hours per year that are not already addressed by providing the documentation set forth within this Section 3.1 and would not require DST, in its sole good faith discretion, to disclose information that it deems highly sensitive. |
3.2 | Monitoring Systems. DST shall monitor its systems and its procedures for (i) security incidents; (ii) unauthorized use of or access to Fund Confidential Information; and (iii) violations external and internal and suspicious activities and network systems isuseDST shall maintain audit and logging capabilities that will enable DST to effectively detect, respond to and investigate a data security incident. |
3.3 | Intelligence Services. DST shall monitor industry-standard information channels for newly identified system vulnerabilities and emerging risks regarding the technologies and Services provided to Funds. DST shall use the information gained to improve DST’s WISP and promptly fix or patch any identified security problem. |
3.4 | Intrusion Detection and Prevention. DST shall maintain software, hardware, intrusion detection system, personnel and other resources to ascertain whether a penetration attempt is being made against any part of DST’s network, mainframe, server or other infrastructure or facilities used by DST to process, store or transport Fund Confidential Information. This includes deploying intrusion detection /intrusion prevention controls to block, monitor, and alert DST’s incident response team of security incidents that may require escalation to, and response from, DST’s incident response personnel on a 24 hour per day, 7 days per week, 365 days per year basis. |
3.5 | Anti-virus Protection. All servers, workstations and laptop computers must have industry standard, up to date, virus detection or integrity software installed and active. This software must (i) be configured to continuously monitor the systems and files for characteristics of viruses, worms, spyware, and Trojan Horses; (ii) be capable of generating detailed audit logs; and (iii) be installed in auto-protect, full-time, or real-time mode. DST’s anti-virus, spam, and spyware protection products must be updated at least once a week. When possible, updates must be installed as part of an automated network process (e.g., via login scripting). |
3.6 | DST Security Assessment. As part of DST’s Security Assessment, DST will: |
(i) conduct vulnerability scans and penetration assessments, including activities performed by management and contracted third parties, at least once annually on internal and external systems and applications that may receive, access, process or store Fund Confidential Information at DST’s expense. The penetration test must be performed by an independent third party, or if the penetration test is performed by DST, then it must be performed by a party independent from the team implementing security controls. The scope of the vulnerability and penetration testing must include all production information resources and contingency plans and any other information resources within DST’s organization that interact with, or provide access to, Fund Confidential Information or systems. DST will provide Funds with a letter confirming the testing has been performed. Funds are not permitted to conduct penetration testing or other code scanning on DST’s environment and software;
(ii) evaluate the results of the vulnerability scans and Remediate Security Exposures deemed material by DST’s personnel as reasonably appropriate, taking into account facts and circumstances surrounding such issues;
19 |
(iii) Mitigate Security Exposures discovered and deemed material by DST’s personnel within a reasonably appropriate time period. .
(iv) employ automated mechanisms no less than annually to detect the presence of unauthorized software on DST information systems. This must update the list of information system vulnerabilities scanned within every three hundred sixty-five (365) days or when new vulnerabilities are identified and reported. Vulnerability scanning tools and techniques must be employed that promote interoperability among tools and automate parts of the vulnerability management process by using standards for enumerating platforms, software flaws, and improper configurations and formatting, as well as making transparent, checklists and test procedures that measure vulnerability impact; and
(v) provide reasonably detailed results for vulnerability and penetration testing relating solely to Funds clients to Funds or a Funds representative. A reasonably detailed summary of results will include: (i) the date the original test was performed; (ii) the name of the company that performed the test if a third party was used; and (iii) the scope of the test, including authenticated or unauthenticated testing. |
3.7 | Patching and Addressing Security Problems. DST shall fix or patch any identified security problem as soon as reasonably possible after DST becomes aware of the security problem or when vulnerability disclosures are made publicly available, whichever is sooner. This obligation extends to all devices that comprise DST’s systems, including application software, databases, servers, firewalls, routers and switches and hubs, as well as to all of DST’s other practices for handling Fund Confidential Information. |
3.8 | Malware and Virus Definitions. DST must maintain up-to-date versions of system security agent software, including (i) malware protection; (ii) up-to-date patches and virus definitions; and (iii) the ability to receive the most current security updates on a regular basis. |
4. | Security Incident Response. |
4.1 | Mitigation and Remediation of Security Incidents. DST will Mitigate or Remediate any Security Incident in accordance with its internal security policies and procedures. |
4.2 | Security Incident Response. DST shall maintain formal processes that are (i) approved by management; (ii) communicated to all DST personnel; (iii) assigned an owner to perform review and maintenance; and (iv) reasonably designed and implemented to detect, identify, report, respond to, Mitigate, and Remediate Security Incidents in a timely manner. The program must document processes and plans in the case of a security incident and shall require documenting responsive actions taken in connection with any incident involving a security incident or breach of security, mandatory post incident review of events, and any actions taken to make changes in business practices relating to protection of Fund Confidential Information. |
4.3 | Security Incident Notification. DST shall promptly notify Funds but in no event later than 48 hours following confirmed Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Fund Confidential Information (to the extent it can be ascertained), how DST was affected by the Security Incident, and its response to such Security Incident. |
4.4 | Security Incident Investigation. DST shall reasonably cooperate with the Funds’ investigation and response to each Security Incident. DST acknowledges and agrees that records of system activity and of Fund Confidential Information handling may be evidence (subject to appropriate chain of custody procedures) in the event of a security incident or breach of Fund Confidential Information. Upon Funds’ request, and at Funds’ expense, DST shall deliver copies of such records to Funds for use in any legal or regulatory proceeding or in any governmental investigation. Further, in the case of a security incident or breach of Fund Confidential Information, and at Funds’ request, DST shall hire an independent third party to (i) determine the scope of the incident or breach and impacted records; and (ii) suggest appropriate post incident changes to DST’s WISP and controls. The report from the independent third party will be provided to Funds promptly following deliver to DST. |
20 |
5. | Fund Confidential Information Outside the United States |
Storage, access, transmission or use of Fund Confidential Information from a location outside the U.S. must be conducted from a secure workspace (“Secure Workspace”) as provided below. The Secure Workspace shall include the requirements set forth in the “Secure Workspace Requirements” Section of this Schedule 7.7 set forth below.
SECURE WORKSPACE REQUIREMENTS
1 | Card key access or equivalent must be implemented for the Secure Workspace where Fund Confidential Information will be access, stored, transmitted or used. |
2 | Only assigned resources are granted access to the Secure Workspace. |
3 | DST resources assigned to the Funds account and access, store, transmit, or use Fund Confidential Information work only in the Secure Workspace. |
4 | All third parties entering the Secure Workspace, are issued a visitor badge and are escorted by DST resources. |
5 | Closed Circuit TV (CCTV) camera is installed at the entrance of the Secure Workspace and recordings are stored and available for thirty (30) days. |
6 | Monitoring is configured to detect movement of people and equipment moving in and out of the Secure Workspace. |
7 | Secure Workspace is built to ensure that there is no physical visibility into the environment from unauthorized individuals. |
8 | Solid partitions are built into any false ceiling in the Secure Workplace. |
9 | Any entrance doors to the Secure Workplace are constructed from a solid material (wood or steel) and are not hollow-core. |
10 | Windows that are a part of the external building and visible from the ground are frosted (if the work space is visible externally). |
11 | No personal devices are allowed in the Secure Workspace (cell phones, smartphones, cameras, recorders, PDAs, external storage devices, etc.). |
12 | External connections for all computers in the Secure Workspace must pass through DST’s firewall. |
13 | All computers in the Secure Workspace are provided by DST and communicate with Funds via approved Funds virtual desktop image (“VDI”) only. |
14 | All computers in the Secure Workspace that connect to DST via VDI must be configured so that cut & paste, save local or save to DST network device, printing, and connection to any external storage devices (USB, CD, external drive, printer, etc.) are disabled. |
15 | All computers in the Secure Workspace that connect to DST via VDI must be configured so that they cannot connect directly to the public internet (i.e. no modem, cable, DSL, wireless, etc.) while connected to the Funds network. |
16 | All computers in the Secure Workspace that connect to DST via VDI must be configured to limit access outside the Secure Workplace. |
21 |
SCHEDULE 7.8
TRANSFER AGENT’S PLAN EXECUTIVE SUMMARY
Confidential
May 31, 2019
22 |
The SS&C Data Center Executive Summary is an overview of the recovery processes for SS&C’s Winchester Data Center (WDC) infrastructure. The Executive Summary does not represent SS&C’s Corporate Business Continuity Plans. The Dedicated GCM team is responsible for the development, administration, exercising and improvement of the GCM program. All staff members maintain Certified Business Continuity Professional (CBCP) certifications from Disaster Recovery Institute International (DRII). The GCM team reports to the Chief Risk Officer who is a direct report to the President of the company.
The Winchester Data Center is the primary facility for the majority of SS&C’s data processing infrastructure. SS&C also maintains an alternate data center, commonly referred to as the Bridgeton Recovery Center (BRC).
The Recovery Center is equipped with the hardware and software designed to achieve certain Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) if a disaster disables the Winchester Data Center. Recovery Time Objectives begin after SS&C declares a disaster at the Winchester Data Center. The specific RTO and RPO depend on the application being recovered.
Initial Response to Emergency Situations
WDC personnel take action designed to protect employees and organizational assets. They evaluate the emergency and make a preliminary estimate of damages and downtime. The BRC is placed on alert and the following information is then provided to the Global Crisis Management Response Team (GCMRT):
• | Time disaster occurred |
• | Location of disaster |
• | Type of disaster |
• | Injuries |
• | Estimate of damage |
• | Estimate of downtime |
• | Recommendation to declare a disaster or repair |
Declaration of Disaster
If a situation warrants a disaster declaration, the GCMRT will recommend data center failover to SS&C’s Chief Risk Officer, who in consultation with SS&C’s Chief Technology Officer, will make a recommendation to SS&C’s President. SS&C’s President will make the ultimate decision for disaster declaration, its timing, and failover to the recovery center. Upon declaration, the GCMRT will coordinate and synchronize the execution of the following actions and maintain reporting through SS&C’s Crisis Communication protocols:
2 |
23 |
• | Notify SS&C’s BRC to begin recovery operations |
• | Execute manual or automated associate notification procedures |
• | Communicate with client relationship managers and associates following SS&C’s internal guidelines |
• | Provide status reports as defined at declaration |
• | Upon declaration, SS&C may run primary data processing from the BRC for an extended period |
Winchester Data Center and Bridgeton Recovery Center
SS&C completed construction of its WDC in 1986 and acquired the BRC in 2003. The WDC and BRC are located approximately 250 miles apart in urban business parks near Kansas City (WDC) and St. Louis (BRC). Both facilities have the ability to monitor the other facility’s energy systems, environment systems, data systems, security systems, and personnel at all times.
The WDC and the BRC have dedicated personnel supporting data processing functions and equipment available at all times. The WDC and the BRC each contain approximately 70,000 square feet of raised computer floor. Each data center is physically separated from adjacent buildings by roadways, parking areas, or fields. Both facilities’ primary structures are made with poured-in-place concrete. The WDC and the BRC facilities undergo weekly, monthly, quarterly, and annual maintenance.
Facility Information
Energy Supply
Each data center obtains power from local utilities. WDC receives its electricity through a dual feed from one substation and the BRC receives its electricity through a single feed from one substation. Both facilities are located in the Eastern Interconnected System. However, the data centers are located in separate North American Electric Reliability Council (NERC) regions within the power grid. WDC resides in the Southwest Power Pool and the BRC resides in the Mid-America Interconnected Network.
Uninterruptible Power Supply (UPS)
Each data center contains multiple UPS systems rated at N+1 or greater. Engineering staff monitors these systems regularly and tests each system annually.
Generator
The data centers are equipped with generators and sufficient fuel to provide power for data processing, cooling, and facilities equipment for more than seven days without refueling under normal conditions. Facility support at WDC tests the N+2 rated system weekly and at the BRC monthly.
3 |
24 |
Power Distribution
The data centers each contain redundant switchgear, PDU, and transformers rated at N+N.
Cooling Equipment
The data centers’ cooling systems retain a rating of N+N.
Fire Suppression
Fine detection systems constantly monitor both data centers. In case of fire, two detectors must trigger to activate the fire detection system. Only then does the system fill the sprinkler piping and spray out water from the activated sprinkler head in the data center. SS&C associates monitor fire protection systems.
Acts of Nature
Tornado
The WDC was built to withstand 250-270 MPH wind speeds and the related pressurization, which are consistent to an EF-5 tornado. This structural integrity surrounds both the data center and environmental support facilities.
Flood
The WDC is located on a ridge several miles from the nearest flood plain. Historically neither the data center nor its surrounding area has been affected by flooding.
The BRC is located within the Earth City Levee District. The 1,891-acre district is protected from flooding by an interrelated flood control system.
Earthquake
The WDC was built to meet seismic zone ratings based on distance from known faults. The data center is rated to withstand the effects of known fault areas in the Midwest based on historical fault information.
Network Recovery
SS&C has designed a multiple-carrier solution for data connectivity to the BRC. Network carriers provide diverse fiber connections between the WDC and the BRC. This network design allows for redundant connectivity to mirror and backup application data. SS&C accomplishes this connectivity by using high-speed channel extension and IP technology. SS&C does not encrypt data transferred within SS&C’s internal network.
4 |
25 |
Telecommunications
The data centers use redundant circuits between facilities, redundant support equipment, redundant Point of Presence (POP)/Central Office (CO) connections, and diverse paths within the buildings for data and voice systems. Data center UPS supports data and voice equipment during an outage.
Client Connectivity
SS&C recovers client connectivity at the BRC according to the following processes:
• | SS&C Supported Connectivity —SS&C has designed its Wide Area Network (WAN) to allow the redirection of client connections from the WDC to the BRC. SS&C accomplishes this through established commands. |
• | Client Provided —SS&C has implemented a secured network infrastructure at the BRC, which allows client-provided connectivity. Customers who provide their own network connectivity to the WDC are responsible for providing connectivity into the BRC. |
Recovery Information
SS&C uses various forms of data back-up and recovery designed to meet product RTO and RPO. SS&C backs up and recovers data and systems according to contracted product availability. Due to a wide range of client and application specific requirements, this document does not contain the list of SS&C recovered products. Client service representatives can provide specific product recovery.
The following section covers the types of data processing used to back up and recover each of the platforms supported at the WDC. It also covers the two main recovery plans (4-Hour and 24-Hour RTOs) supported at the BRC. The name of the program reflects the RTO to which it relates.
Mainframe Software
For applications under the 4-Hour RTO, SS&C uses a mirroring process to backup applications and client data. This process controls data mirroring asynchronously between storage devices at WDC and the BRC. The RPO of 0-30 minutes can vary depending on the production data change rate. A higher change rate causes a longer delay in applying the changes at the BRC. The highest change rate occurs during the nightly cycle. Batch processing normally restarts at the last completed step, so the RPO should not be negatively affected. During online activity, the change rate is lower, so the RPO is at its shortest. As with all failures, work in progress is lost. The BRC personnel perform a system restart with the goal of providing system availability within 4 hours of declaration of a disaster.
For applications under the 24-Hour RTO, SS&C uses a Virtualized Tape System (VTS) to backup application and client data. The RPO for application and client data is 24 hours. A sync point is taken on a daily basis by backing up the data to a VTS. This sync point occurs after nightly
5 |
26 |
processing has completed. The BRC personnel perform a system restart with the goal of providing system availability within 24 hours of declaration of a disaster.
E-Commerce Software
SS&C uses a replication tool for the recovery of the E-Commerce environment. The replication tool controls data-mirroring processes asynchronously between storage devices at WDC and the BRC. The RPO of 0-30 minutes can vary from time to time depending on the production data change rate. A higher change rate causes a longer delay in applying the changes at the BRC. As with all failures, work in progress is lost. The BRC personnel perform a system restart with the goal of providing system availability within four hours of the declaration of a disaster.
Compute Software
SS&C uses a replication tool for the recovery of the Compute environment. The replication tool controls data-mirroring processes asynchronously between storage devices at WDC and the BRC. The RPO of 0-30 minutes can vary from time to time depending on the production data change rate.
A higher change rate causes a longer delay in applying the changes at the BRC. As with all failures, work in progress is lost. The BRC personnel perform a system restart with the goal of providing system availability within four hours of the declaration of a disaster.
Mainframe, E-Commerce, or Compute Hardware
Where required, SS&C associates and vendors install upgrades, patches, and any adjustments on BRC devices in accordance with production change control processes.
Recovery Exercises
SS&C’s Data Center Recovery plan exercises the recovery of products according to RTO and RPO. SS&C labels recovery exercises “4-Hour” and “24-Hour”, which indicates the RTOs exercised. SS&C has created the following exercise duration periods to accommodate product recovery, pre-nightly testing, nightly processing, and post-nightly testing:
• | 4-Hour RTO exercises—24-hour period |
• | 24-Hour RTO exercises—48-hour period |
System support, product support, and applicable business units participate during scheduled exercises. SS&C exercises components associated with product recovery during a 4-hour or 24-hour RTO exercise, including but not limited to the following:
• | Operating systems |
• | Databases |
6 |
27 |
• | Applications |
• | Networks |
• | Hardware |
All 4-Hour and 24-Hour RTO recovery programs consist of the following types of exercises:
• | Internal Exercises — Provide SS&C additional opportunities to validate recovery objectives. |
• | External Exercises — Provide clients an opportunity to view, manipulate, and use recovered products according to their pre-defined recovery objectives, including network. |
Each 4-Hour and 24-Hour RTO recovery exercise is scheduled multiple times per year, with two opportunities for client participation.
7 |
28 |
Xxxxxxxx Xxxx |
Director, Global Crisis Management |
xxxxxx@xxxxxxxxxx.xxx |
x0 (000) 000-0000 |
|
29 |
SCHEDULE 12.3
Performance Measurement Standards
[Omitted performance measurement standards]
30 |
SCHEDULE 12.4(a)
Insurance Requirements
During the term of the Agreement to which this Schedule is attached Transfer Agent shall maintain the following insurance coverages and amounts:
a) | Worker’s Compensation – Statutory Limits |
Employer’s Liability: |
- | $1,000,000 Per Accident | |
- | $1,000,000 Disease each Employee |
- | $1,000,000 Disease Policy Limit |
b) | Commercial General Liability: |
• | Bodily Injury and Loss of Property Damage, including loss of use |
- | $1,000,000 each occurrence / $2,000,000 in the aggregate |
• | Products and Completed Operations – $2,000,000 in the aggregate | |
• | Personal Injury | |
• | Damage to Premises Rented By Transfer Agent – Any One Occurrence $300,000 |
c) | Umbrella/Excess Liability Insurance covering the excess over the limits specified for all employer’s liability and commercial general liability coverages noted in a) and b) above with minimum limits of $5,000,000 each occurrence and in the aggregate. |
d) | Professional Liability Insurance (Errors & Omissions and Cyber Coverage) in an amount not less than $5,000,000 per claim and in the annual aggregate. The cyber coverage shall cover network security and privacy risks, including coverage for unauthorized access, breach of privacy perils, and wrongful disclosure of information. Such insurance will be renewed so as to provide continuous coverage during the term of this Agreement and for a period of at least twelve (12) months following the completion of Services. |
e) | Crime / Fidelity Coverage in an amount not less than $1,000,000 per claim and in the annual aggregate. |
f) | OTHER REQUIREMENTS: |
1. | Transfer Agent will be required to furnish a certificate of insurance to Funds within thirty (30) days of the Effective Date. In addition, Transfer Agent shall furnish a copy of all new certificates of insurance annually within sixty (60) Business Days after renewal of each certificate. All certificates should be sent to: |
Teachers Insurance and Annuity Association of America
XXXX.XXX@xxxxxx.xx.xxxx-xxxx.xxx
2. | Transfer Agent shall name the Funds, its subsidiaries, directors, officers, and employees as an additional insured as their interests may appear on the following policies: Commercial General Liability. |
3. | The policies listed in a and b above shall be endorsed to provide a waiver of subrogation in favor of the Funds. |
4. | The insurers providing the coverages set forth herein must be acceptable to the Funds, licensed in the State New York, and maintain a rating of not less than A-/VII in the A.M. Best Insurance Rating Guide financial strength rating. |
31 |
5. | Coverage will be primary and non-contributory with respect to any insurance or self-insurance programs maintained by the Funds. |
32 |