Common use of Maintaining a Secure Environment Clause in Contracts

Maintaining a Secure Environment. 1. To protect the accuracy and integrity of Confidential Information, all such data must be backed up regularly (no less often than weekly), and the backups stored in secure, environmentally-controlled, limited-access facilities. 2. Company must run internal and external network vulnerability scans at least monthly and after any change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). 3. Company must promptly install any security-related fixes identified by its hardware or software Suppliers, if the security threat being addressed by the fix is one that threatens the privacy or integrity of any Confidential Information covered by this Agreement. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems. 4. Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other course of action to ensure that the privacy and integrity of any Confidential Information is preserved. 5. Company must immediately notify Intuit if it knows or suspects that Confidential Information has been compromised or disclosed to unauthorized persons, or if there has been any meaningful or substantial deviation from the requirements contained in the Agreement or this Exhibit. See Section F for contact information. Company agrees that Intuit shall have the right to control and direct any response and / or correction of any such compromise or disclosure. 6. Notwithstanding the minimum standards set forth in this Exhibit, Company should monitor and periodically incorporate reasonable industry-standard security safeguards.

Maintaining a Secure Environment. 1. To protect the accuracy and integrity of Confidential Information, all such data must be backed up regularly (no less often than weekly), and the backups stored in secure, environmentally-environmentally controlled, limited-access facilities. 2. Company must run internal and external network vulnerability scans at least monthly and after any change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). 3. Company must promptly install any security-related fixes identified by its hardware or software Suppliersvendors, if the security threat being addressed by the fix is one that threatens the * We have requested confidential treatment for certain portions of this document pursuant to an application for confidential treatment sent to the SEC. We omitted such portions from this filing and filed them separately with the SEC. privacy or integrity of any Confidential Information covered by this Agreement. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems. 43. Intuit may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Intuit to take some other course of action to ensure that the privacy and integrity of any Confidential Information is preserved. 54. Company must immediately notify Intuit if it knows or suspects that Confidential Information has been compromised or disclosed to unauthorized persons, or if there has been any meaningful or substantial deviation from the requirements contained in the Agreement or this Exhibit. See Section F for contact information. Company agrees that Intuit shall have the right to control and direct any response and / or correction of any such compromise or disclosure. 65. Notwithstanding the minimum standards set forth in this Exhibit, Company should monitor and periodically incorporate reasonable industry-standard security safeguards.