Data Security and Computer Access Clause Samples
The Data Security and Computer Access clause establishes requirements and restrictions regarding the protection of data and the use of computer systems within a contractual relationship. Typically, it outlines the security measures that must be implemented to safeguard sensitive information, such as encryption, access controls, and regular monitoring, and may specify who is permitted to access certain computer systems or data. This clause serves to minimize the risk of data breaches, unauthorized access, and cyber threats, thereby ensuring the confidentiality, integrity, and availability of critical information.
Data Security and Computer Access. BNY Mellon shall comply with the information security obligations set forth in the separate Benefits Distribution Agreement, by and between the Parties or their Affiliates (or other agreement agreed upon by the Parties), provided that prior to such agreement taking effect, BNY Mellon shall comply with Exhibit 11 (collectively, “Data Safeguards”). The Data Safeguards shall apply to BNY Mellon’s receipt, processing, and handling of Voya Data to the extent (a) such Voya Data is in BNY Mellon’s possession or control, or (b) BNY Mellon is accessing Voya Data that is in Voya’s possession or control during the period of such access. BNY Mellon shall not modify the Data Safeguards in a manner that would be reasonably likely to adversely impact the security of Voya Data or Voya Systems without Voya’s consent.
Data Security and Computer Access. The roles and responsibilities of the Parties with respect to the security and control of Customer Data shall be set forth in Attachment 2-G to Exhibit 2. Supplier shall comply with Customer's information security policies, standards and procedures as set forth in Exhibit 12 (collectively, the "Data Safeguards"). Supplier shall modify the Services to comply with any changes in the Data Safeguards communicated to Supplier Party by Customer Party. Supplier shall perform such modification (and shall perform such modification as a Non-Chargeable Change, to the extent applicable, otherwise Customer shall pay for the performance of such modification pursuant to the Change Control Procedures and the issue escalation procedures set forth in Article 5 of Exhibit 9). If Supplier discovers or is notified of a failure to comply with the Data Safeguards, or of a breach or attempted breach of Customer's information security, Supplier Party shall promptly (but, in any event, within 24 hours): (1) notify Customer Party; and (2) if Supplier was responsible for the failure, breach or attempted breach, (a) investigate and cure such failure, breach or attempted breach and (b) provide satisfactory assurance to Customer Party that such failure, breach or attempted breach will not recur. Information relating to any such failure, breach or attempted breach shall be deemed the Confidential Information of Customer and shall not be disclosed by Supplier other than in accordance with this Agreement.