Common use of Computer Systems and Technology Clause in Contracts

Computer Systems and Technology. (i) The computer, information technology and data processing systems, facilities and services used by CBTC and Essex Bank, including all software, hardware, networks, communications facilities, platforms and related systems and services (collectively, the “CBTC Systems”), are reasonably sufficient for the conduct of the respective businesses of CBTC and Essex Bank as currently conducted and (ii) the CBTC Systems are in good working condition to effectively perform all computing, information technology and data processing operations necessary for the operation of the respective businesses of CBTC and Essex Bank as currently conducted. To the knowledge of CBTC, since December 31, 2017, no third party has gained unauthorized access to any CBTC Systems owned or controlled by CBTC and Essex Bank, and CBTC and Essex Bank have taken commercially reasonable steps and implemented commercially reasonable safeguards to ensure that the CBTC Systems are secure from unauthorized access and free from any disabling codes or instructions, spyware, Trojan horses, worms, viruses or other software routines that permit or cause unauthorized access to, or disruption, impairment, disablement, or destruction of, software, data or other materials. Each of CBTC and Essex Bank has implemented backup and business continuity policies, procedures and systems with disaster recovery practices consistent with generally accepted industry standards applicable to CBTC and Essex Bank and sufficient to reasonably maintain the operation of the respective business of CBTC and Essex Bank in all material respects. Each of CBTC and Essex Bank has implemented and maintains commercially reasonable measures and procedures designed to reasonably mitigate the risks of cybersecurity breaches and attacks. (ii) Since December 31, 2017, each of CBTC and Essex Bank has (A) complied in all material respects with all applicable laws that govern the receipt, collection, compilation, use, storage, processing, sharing, safeguarding, security, disposal, destruction, disclosure or transfer of the personal information of customers or other individuals and similar laws governing data privacy, and with all of its internal privacy and data security policies and guidelines, including with respect to the collection, storage, transmission, transfer, disclosure, destruction and use of personally identifiable information and (B) taken commercially reasonable measures to ensure that all personally identifiable information in its possession or control is protected against loss, damage, and unauthorized access, use, modification, or other misuse. To the knowledge of CBTC, since December 31, 2017, there has been no loss, damage, or unauthorized access, use, modification, or other misuse of any such information by CBTC, Essex Bank or any other Person.