Data Security Procedures. Subcontractor shall maintain appropriate policies and procedures to respond to incidents of unauthorized or suspected unauthorized access to or disclosure of Customer Data. Such policies and procedures shall equal or exceed the Advanta Data Security Standards and Payment Card Industry Standards. Subcontractor shall reasonably monitor, evaluate and adjust its information security system and procedures in response to relevant changes in technology, changes in the sensitivity of Customer Data and internal and external threats to information security and shall adopt such changes to its information security system and procedures as reasonably requested by Advanta. Subcontractor agrees to take appropriate actions to address any security breach involving such information. Subcontractor shall notify the Advanta General Program Manager promptly, and in any event as soon as reasonably possible after Subcontractor reasonably suspects or has concluded that any security incident or breach (which shall include any such breach caused by any employee of Subcontractor) has occurred or is about to occur that, in Subcontractor’s reasonable judgment, is likely to put any data, including any Customer Data, or network of Advanta at risk. Upon the occurrence of any such security incident or breach, (a) Subcontractor shall, as soon as practicable and at its sole expense, implement an action plan to correct the incident or breach and prevent the continuation of such security incident or breach, and shall promptly notify Advanta of the corrective action and measures taken and (b) Advanta may audit to determine whether the corrective action has been implemented and is effective. If there is any such security breach relating to Customer Data under Subcontractor’s ****** — Denotes material that has been omitted and filed separately with the Commission. control or the control of an entity with which Subcontractor has contracted, then Subcontractor shall pay the out of pocket expenses incurred by Advanta in responding to the security breach, including paying the cost of notifying customers that information about them was subject to a security breach. Any notice sent concerning a security breach shall be subject to the prior written approval of Advanta.
Appears in 1 contract
Data Security Procedures. Subcontractor Supplier shall maintain appropriate policies and procedures to respond to incidents of unauthorized or suspected unauthorized access to or disclosure of Customer Data. Such policies and procedures shall equal or exceed the Advanta Data Security Standards and Payment Card Industry Standards. Subcontractor Supplier shall reasonably monitor, evaluate and adjust its information security system and procedures in response to relevant changes in technology, changes in the sensitivity of Customer Data and internal and external threats to information security and shall adopt such changes to its information security system and procedures as reasonably requested by Advanta. Subcontractor Supplier agrees to take appropriate actions to address any security breach involving such information. Subcontractor Supplier shall notify the Advanta General Program Manager promptly, and in any event as soon as reasonably possible after Subcontractor Supplier reasonably suspects or has concluded that any security incident or breach (which shall include any such breach caused by any employee employee, third party service provider or subcontractor of Subcontractora Party) has occurred or is about to occur that, in SubcontractorSupplier’s reasonable judgment, is likely to put any data, including any Customer Data, or network of Advanta at risk. Upon the occurrence of any such security incident or breach, (a) Subcontractor Supplier shall, as soon as practicable and at its sole expense, implement an action plan to correct the incident or breach and prevent the continuation of such security incident or breach, and shall promptly notify Advanta ****** — Denotes material that has been omitted and filed separately with the Commission. of the corrective action and measures taken and (b) Advanta may audit to determine whether the corrective action has been implemented and is effective. If there is any such security breach relating to Customer Data under SubcontractorSupplier’s ****** — Denotes material that has been omitted and filed separately with the Commission. control or the control of an entity with which Subcontractor Supplier has contracted, then Subcontractor Supplier shall pay the out of pocket expenses incurred by Advanta the Parties in responding to the security breach, including paying the cost of notifying customers that information about them was subject to a security breach. Any notice sent concerning a security breach shall be subject to the prior written approval of Advanta.
Appears in 1 contract