Common use of Data Security Program Clause in Contracts

Data Security Program. ACS shall at all times maintain in effect a comprehensive data security program that includes reasonable and appropriate technical, organizational and physical security measures designed to protect against the destruction, loss, unauthorized access and/or alteration of data, including Symetra Data, in ACS’ possession, and which shall be: (a) no less rigorous than those measures maintained (or required to be maintained) by Symetra as of the Restatement Date (or required or implemented by Symetra in the future); (b) no less rigorous than those measures maintained by ACS for its own information of a similar nature; (c) no less rigorous than those measures that generally are implemented by providers of outsourcing services; and (d) compliant with all Symetra policies and procedures with which Symetra advises ACS it is required to comply (provided that ACS’ compliance with any such Symetra policies and procedures that are implemented and/or modified following the Restatement Date shall be effected through the Change Management Procedures), including those relating to the privacy, security, preservation and retention of data. The content and implementation of such data security program and associated technical, organizational and security measures shall be fully documented by ACS in the Service Delivery Reference Manual. From time to time, but not less frequently than annually, ACS proactively shall provide to Symetra information regarding industry-leading security best practices and ACS’ recommendations for implementing any of such practices. If Symetra wants to implement any of such practices, the Parties shall do so in accordance with the Change Management Procedures.