Common use of Information and Data Security Clause in Contracts

Information and Data Security. As may be applicable, Vendor will maintain and enforce reasonable industry standard information security and physical security procedures in compliance with federal and state laws and regulation to protect the privacy and security of OHI’s personal information, including OHI customer’s personal information and PHI, should such information be accessible by or to Vendor via the Products. In the event the Products contains software, (i) Vendor will monitor its software and systems that contain OHI’s information for vulnerabilities, risks and threats and implement software updates and patches within thirty (30) days of the update or patch’s release, and (ii) Vendor hereby grants to OHI an irrevocable, perpetual, paid-up, worldwide, nonexclusive license to use the Software for such purposes. In addition, Vendor will take all reasonable precautions to prevent the transmission of any computer virus, malware, or other malicious code to OHI’s resources or system. To the extent that Vendor personnel is provided (a) a login ID, password or other authentication credential; or (b) OHI identification cards or other physical security access (collectively, “Credentials”), Vendor acknowledges that any Credentials issued to it are OHI’s personal information, and Vendor will not share, disclose or use the Credentials in any unauthorized manner. Vendor agrees that it is responsible for the actions of any personnel using the Credentials issued. Vendor will promptly return any Credentials to OHI upon request or when network or physical access is no longer required.

Information and Data Security. As may be applicable, Vendor will maintain and enforce reasonable industry standard information security and physical security procedures in compliance with federal and state laws and regulation to protect the privacy and security of OHI’s personal information, including OHI customer’s personal information and PHI, should such information be accessible by or to Vendor via the ProductsCapital. In the event the Products Capital contains software, (i) Vendor will monitor its software and systems that contain OHI’s information for vulnerabilities, risks and threats and implement software updates and patches within thirty (30) days of the update or patch’s release, and (ii) Vendor hereby grants to OHI an irrevocable, perpetual, paid-up, worldwide, nonexclusive license to use the Software for such purposes. In addition, Vendor will take all reasonable precautions to prevent the transmission of any computer virus, malware, or other malicious code to OHI’s resources or system. To the extent that Vendor personnel is provided (a) a login ID, password or other authentication credential; or (b) OHI identification cards or other physical security access (collectively, “Credentials”), Vendor acknowledges that any Credentials issued to it are OHI’s personal information, and Vendor will not share, disclose or use the Credentials in any unauthorized manner. Vendor agrees that it is responsible for the actions of any personnel using the Credentials issued. Vendor will promptly return any Credentials to OHI upon request or when network or physical access is no longer required.