Common use of Information Technology; Data Security Clause in Contracts

Information Technology; Data Security. (a) Except as would no reasonably be expected to be material to the Business, taken as a whole, (i) all IT Assets (x) are configured in accordance with, and perform in compliance with generally accepted industry security standards, and (y) are maintained by reasonably competent personnel, in accordance with standards set by the manufacturers or otherwise in accordance with generally accepted standards prudent in the industry, for proper operation, monitoring and use, (ii) all IT Assets are in good working condition to effectively perform all information technology operations necessary to conduct the Business and (iii) the Transferred Entities have not experienced, within the past three (3) years, any disruption to, or interruption in, the conduct of the Business attributable to a defect, bug, breakdown or other failure or deficiency of the IT Assets that has not been remediated in all material respects. Each Transferred Entity has taken commercially reasonable measures to provide for the back-up and recovery of the data and information necessary to the conduct of the Business (including such data and information that is stored on magnetic or optical media in the ordinary course) without material disruption to, or material interruption in, the conduct of the Business. No Transferred Entity is in breach of any Business Material Contract in any material respect relating to any IT Assets and, to the Knowledge of Seller, no Transferred Entity is aware of any event that, with the passage of time or the giving of notice, or both, would constitute a material breach of any Business Material Contract relating to any IT Assets. (b) Each Transferred Entity takes commercially reasonable efforts designed to protect the confidentiality, integrity and security of its Personal Data, Business Technology, and the IT Assets against any unauthorized use, access, interruption, modification or corruption. Each Transferred Entity has implemented and maintained an information security program with respect to the Business that (i) complies and has at all times in the past three (3) years complied in all material respects with all applicable Data Protection Laws; (ii) identifies internal and external risks to the security of any proprietary or confidential information in its possession, including Personal Data; (iii) monitors and is designed to protect Personal Data, Business Technology and all IT Assets against any unauthorized use, access, interruption, modification or corruption; (iv) implements, monitors, and maintains administrative, organizational, technical, and physical safeguards and controls with respect to the risks described above in (ii) and (iii); and (v) maintains incident response and notification procedures, including in the case of any breach of security compromising Personal Data. Each Transferred Entity has implemented and has at all times in the past three (3) years maintained a commercially reasonable information security program designed to ensure that third parties collecting or handling Personal Data on behalf of a Transferred Entity with respect to the Business provide similar safeguards in compliance with applicable Data Protection Laws. (c) Except as would not reasonably be expected to be material to the Business, taken as a whole, (i) each Transferred Entity has taken commercially reasonable measures to secure all Business Technology prior to selling, distributing, deploying or making it available and has implemented a program to apply critical or high-risk patches and updates to that Business Technology, (ii) without limitation to the foregoing, each Transferred Entity, as applicable, has performed commercially reasonable penetration tests and vulnerability scans of all Business Technology, and (iii) the Transferred Entities have taken commercially reasonable steps to remediate any critical or high risk vulnerability identified by any such tests or scans. (d) Except as would not reasonably be expected to be material to the Business, taken as a whole, in the past three (3) years there has been no data security breach of any Business Technology or IT Assets, or unauthorized acquisition, access, use or disclosure of any Personal Data, owned, transmitted, used, stored, received, or controlled by or on behalf of any Transferred Entity. Except as would not reasonably be expected to be material to the Business, taken as a whole, in the past three (3) years each Transferred Entity has, with respect to the Business, performed a commercially reasonable security risk assessment and taken commercially reasonable steps to remediate any critical or high risk threats and deficiencies identified in those security risk assessments.

Information Technology; Data Security. (a) Except as would no not reasonably be expected to be material to the Businessbusiness of the Purchaser Entities, taken as a whole, (i) all material Purchaser IT Assets (xi) are configured in accordance with, and perform in compliance with generally accepted industry security standards, and (yii) are maintained by reasonably competent personnel, in accordance with standards set by the manufacturers or otherwise in accordance with generally accepted standards prudent in the industry, for proper operation, monitoring and use. Except as would not reasonably be expected to be material to the business of the Purchaser Entities, (ii) taken as a whole, any and all Purchaser IT Assets are in good working condition to effectively perform all information technology operations necessary to conduct the Business and (iii) business of the Transferred Purchaser Entities. The Purchaser Entities have not experienced, within the past three (3) years, any material disruption to, or material interruption in, the conduct of the Business business of the Purchaser Entities attributable to a defect, bug, breakdown or other failure or deficiency of the Purchaser IT Assets that has not been remediated in all material respects. Each Transferred Except as would not reasonably be expected to be material to the business of the Purchaser Entities, taken as a whole, each Purchaser Entity has taken commercially reasonable measures to provide for the back-up and recovery of the data and information necessary to the conduct of the Business business of the Purchaser Entities (including such data and information that is stored on magnetic or optical media in the ordinary course) without material disruption to, or material interruption in, the conduct of the Businessbusiness of the Purchaser Entities. No Transferred Purchaser Entity is in material breach of any Business Purchaser Material Contract in any material respect relating to any Purchaser IT Assets and, to the Knowledge of SellerPurchaser, no Transferred Purchaser Entity is aware of any event that, with the passage of time or the giving of notice, or both, would constitute a material breach of any Business Purchaser Material Contract relating to any Purchaser IT Assets. (b) Each Transferred Except as would not reasonably be expected to be material to the business of the Purchaser Entities, taken as a whole, each Purchaser Entity takes commercially reasonable efforts designed to protect the confidentiality, integrity and security of its Personal Data, Business Purchaser Technology, and the Purchaser IT Assets against any unauthorized use, access, interruption, modification or corruption. Each Transferred Purchaser Entity has implemented and maintained maintains an information security program with respect to the Business that business of the Purchaser Entities that, in all material respects, (i) complies and has at all times in the past three (3) years complied in all material respects with all applicable Data Protection Laws; (ii) identifies internal and external risks to the security of any proprietary or confidential information in its possession, including Personal Data; (iii) monitors and is designed to protect Personal Data, Business Purchaser Technology and all Purchaser IT Assets against any unauthorized use, access, interruption, modification or corruption; and (iv) implements, monitors, and maintains administrative, organizational, technical, and physical safeguards and controls with respect to the risks described above in (ii) and (iii); and (v) maintains incident response and notification procedures, including in the case of any breach of security compromising Personal Data. Each Transferred Purchaser Entity has implemented and has at all times in the past three (3) years maintained a commercially reasonable maintains an information security program designed to ensure that third parties collecting or handling Personal Data on behalf of a Transferred Purchaser Entity with respect to the Business business of the Purchaser Entities provide similar safeguards in compliance in all material respects with applicable Data Protection Laws. (c) Except as would not reasonably be expected to be material to the Businessbusiness of the Purchaser Entities, taken as a whole, (i) each Transferred Purchaser Entity has taken commercially reasonable measures to secure all Business Purchaser Technology prior to selling, distributing, deploying or making it available and has implemented a program to apply critical or high-risk patches and updates to that Business Purchaser Technology, (ii) without limitation to the foregoing, each Transferred Purchaser Entity, as applicable, has performed commercially reasonable penetration tests and vulnerability scans of all Business Purchaser Technology, and (iii) the Transferred Purchaser Entities have taken commercially reasonable steps to remediate in all material respects any critical or high risk vulnerability identified by any such tests or scans. (d) Except as would not reasonably be expected to be material to the Businessbusiness of the Purchaser Entities, taken as a whole, in the past three one (31) years year, there has been no data security breach of any Business Purchaser Technology or Purchaser IT Assets, or material unauthorized acquisition, access, use or disclosure of any Personal Data, owned, transmitted, used, stored, received, or controlled by or on behalf of any Transferred Purchaser Entity. Except as would not reasonably be expected to be material to the Businessbusiness of the Purchaser Entities, taken as a whole, in the past three one (31) years year, each Transferred Purchaser Entity has, with respect to the Businessbusiness of the Purchaser Entities, performed a commercially reasonable security risk assessment and taken commercially reasonable steps to remediate in all material respects any critical or high risk threats and deficiencies identified in those security risk assessments.