Common use of Maintaining a Secure Environment Clause in Contracts

Maintaining a Secure Environment. 1. To protect the accuracy and integrity of Personally-Identifiable Information, all such data stored in electronic form must be backed up regularly (no less often than weekly), and the backups stored in secure, environmentally-controlled, limited-access facilities. 2. Company must use commercially-reasonable efforts to install any security-related fixes identified by its hardware or software vendors, if the security threat being addressed by the fix is one that significantly threatens the privacy or integrity of any Personally-Identifiable Information covered by this Agreement. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems. 3. Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other commercially-reasonable course of action to preserve the privacy and integrity of any Personally-Identifiable Information. 4. Company must immediately notify the Intuit Security SPOC (see below) if it knows or suspects that Personally-Identifiable Information has been compromised or disclosed to unauthorized persons, or if there has been any meaningful or substantial deviation from the requirements of this Exhibit. 5. Notwithstanding the minimum standards set forth in this Exhibit, Company must use commercially-reasonable efforts to monitor and periodically incorporate reasonable industry-standard security safeguards.

Maintaining a Secure Environment. 1. To protect the accuracy and integrity of Personally-Identifiable Information, all such data stored in electronic form must be backed up regularly (no less often than weekly), and the backups stored in secure, environmentally-environmentally- controlled, limited-access facilities. 2. Company must use commercially-reasonable efforts to install any security-related fixes identified by its hardware or software vendors, if the security threat being addressed by the fix is one that significantly threatens the privacy or integrity of any Personally-Personally Identifiable Information covered by this Agreement. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems.and 3. Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other commercially-reasonable course of action to preserve the privacy and integrity of any Personally-Identifiable Information. 4. Company must immediately notify the Intuit Security SPOC (see below) if it knows or suspects that Personally-Personally- Identifiable Information has been compromised or disclosed to unauthorized persons, or if there has been any meaningful or substantial deviation from the requirements of this Exhibit. 5. Notwithstanding the minimum standards set forth in this Exhibit, Company must use commercially-reasonable efforts to monitor and periodically incorporate reasonable industry-standard security safeguards.