{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "internet-backbone", "type": "definition", "offset": [62, 79]}, {"key": "hosting-equipment", "type": "definition", "offset": [131, 148]}, {"key": "web-servers", "type": "clause", "offset": [151, 162]}, {"key": "purpose-of-the", "type": "clause", "offset": [170, 184]}, {"key": "to-control", "type": "definition", "offset": [197, 207]}, {"key": "located-in", "type": "definition", "offset": [281, 291]}, {"key": "data-center", "type": "definition", "offset": [332, 343]}, {"key": "changes-to-the", "type": "definition", "offset": [345, 359]}, {"key": "type-of", "type": "definition", "offset": [518, 525]}, {"key": "consistent-with", "type": "clause", "offset": [671, 686]}, {"key": "not-accessible", "type": "definition", "offset": [795, 809]}, {"key": "software-and-hardware", "type": "clause", "offset": [878, 899]}, {"key": "services-and", "type": "clause", "offset": [905, 917]}, {"key": "operating-system", "type": "clause", "offset": [952, 968]}, {"key": "with-the-exception-of", "type": "clause", "offset": [985, 1006]}, {"key": "purpose-of-this", "type": "clause", "offset": [1071, 1086]}, {"key": "external-users", "type": "clause", "offset": [1109, 1123]}, {"key": "required-by", "type": "definition", "offset": [1231, 1242]}, {"key": "the-user", "type": "clause", "offset": [1311, 1319]}, {"key": "directory-information", "type": "clause", "offset": [1343, 1364]}, {"key": "access-to-the", "type": "clause", "offset": [1413, 1426]}, {"key": "internal-network", "type": "definition", "offset": [1500, 1516]}, {"key": "the-shareholder", "type": "clause", "offset": [1612, 1627]}, {"key": "the-application", "type": "clause", "offset": [1632, 1647]}, {"key": "successful-and-unsuccessful", "type": "clause", "offset": [1682, 1709]}], "samples": [{"hash": "a1N3qOjjued", "uri": "/contracts/a1N3qOjjued#network-access-control", "label": "Transfer Agency and Services Agreement (Financial Investors Trust)", "score": 29.1574264203, "published": true}, {"hash": "l6VRYPoYWPo", "uri": "/contracts/l6VRYPoYWPo#network-access-control", "label": "Transfer Agency and Services Agreement (Financial Investors Trust)", "score": 25.1519507187, "published": true}, {"hash": "50fY4t75nk", "uri": "/contracts/50fY4t75nk#network-access-control", "label": "Transfer Agency and Services Agreement (Northeast Investors Growth Fund Inc)", "score": 22.3264887064, "published": true}], "size": 25, "snippet": "A computer referred to as a \u201cfirewall\u201d is located between the Internet backbone connection and the Internet accessible application hosting equipment (\u201cweb servers\u201d). The purpose of the firewall is to control the connectivity to the web servers at the port level. This equipment is located in a secure and environmentally controlled data center. Changes to the configuration of this computer are administered by authorized ALPS\u2019 IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the web servers to the suite of hyper-text transfer protocols (\u201cHTTP\u201d) transmissions. Ports on the router are configured to be consistent with ports on the web servers. All other ports on the router other than those configured for the web servers are not accessible from the Internet. The web servers utilize adequate and appropriate software and hardware. All services and functions within the web servers\u2019 operating system are deactivated with the exception of services and functions which support TA Web or AVA. The general purpose of this feature is to prevent external users from entering commands or running processes on the web servers. All ports on the web servers, except those required by TA Web or AVA, are disabled. Directory structures are \u201chidden\u201d from the user. Services that provide directory information are also deactivated. ALPS\u2019 administrators gain access to the web servers through a directly connected physical console or through the internal network via ALPS Secure ID. TA Web and AVA are programmed to terminate the session/transaction between the shareholder and the application if data authentication fails. All successful and unsuccessful sessions are logged.", "hash": "c9933ae9ac7e42863c1be0ddc6b3909c", "id": 4}, {"snippet_links": [{"key": "internet-backbone", "type": "definition", "offset": [69, 86]}, {"key": "web-server", "type": "definition", "offset": [111, 121]}, {"key": "purpose-of-the", "type": "clause", "offset": [127, 141]}, {"key": "to-control", "type": "definition", "offset": [152, 162]}, {"key": "data-center", "type": "definition", "offset": [264, 275]}, {"key": "changes-to-the", "type": "definition", "offset": [277, 291]}, {"key": "type-of", "type": "definition", "offset": [444, 451]}, {"key": "consistent-with", "type": "clause", "offset": [601, 616]}, {"key": "not-accessible", "type": "definition", "offset": [733, 747]}, {"key": "software-and-hardware", "type": "clause", "offset": [821, 842]}, {"key": "services-and", "type": "clause", "offset": [848, 860]}, {"key": "server-operating-system", "type": "clause", "offset": [891, 914]}, {"key": "with-the-exception-of", "type": "clause", "offset": [931, 952]}, {"key": "purpose-of-this", "type": "clause", "offset": [1010, 1025]}, {"key": "external-users", "type": "clause", "offset": [1048, 1062]}, {"key": "required-by", "type": "definition", "offset": [1178, 1189]}, {"key": "the-user", "type": "clause", "offset": [1251, 1259]}, {"key": "directory-information", "type": "clause", "offset": [1283, 1304]}, {"key": "access-to-the", "type": "clause", "offset": [1352, 1365]}, {"key": "internal-network", "type": "definition", "offset": [1460, 1476]}, {"key": "the-shareholder", "type": "clause", "offset": [1563, 1578]}, {"key": "successful-and-unsuccessful", "type": "clause", "offset": [1624, 1651]}], "samples": [{"hash": "dAHkQ5jh1xl", "uri": "/contracts/dAHkQ5jh1xl#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Transparent Value Trust)", "score": 22.0732375086, "published": true}, {"hash": "8cupy9expna", "uri": "/contracts/8cupy9expna#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Financial Investors Trust)", "score": 21.6598220397, "published": true}, {"hash": "dVBSythmVcm", "uri": "/contracts/dVBSythmVcm#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Caldwell & Orkin Funds Inc)", "score": 21.4599589322, "published": true}], "size": 17, "snippet": "A computer referred to as a \u201cfirewall router\u201d is located between the Internet backbone connection and the ALPS Web server. The purpose of the router is to control the connectivity to the ALPS Web server at the port level. This equipment is located at ALPS\u2019 Denver data center. Changes to the configuration of this computer are administered by authorized IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the ALPS Web server to the suite of Hyper-Text Transfer Protocols (\u201cHTTP\u201d) transmissions. Ports on the router are configured to be consistent with ports on the ALPS Web server. All other ports on the router other than those configured for the ALPS Web server are not accessible from the Internet. The ALPS Web server utilizes adequate and appropriate software and hardware. All services and functions within the ALPS Web server operating system are deactivated with the exception of services and functions which support TA Web. The general purpose of this feature is to prevent external users from entering commands or running processes on the ALPS Web server. All ports on the ALPS Web server, except those required by TA Web, are disabled. Directory structures are \u201chidden\u201d from the user. Services that provide directory information are also deactivated. ALPS administrators gain access to the ALPS Web server through the physical console connected to the ALPS Web server, or through the internal network via ALPS Secure ID. TA Web is programmed to terminate the session/Transaction between the Shareholder and TA Web if data authentication fails. All successful and unsuccessful sessions are logged.", "hash": "97c875a1d997df795181d2362ba62245", "id": 5}, {"snippet_links": [{"key": "the-internet", "type": "clause", "offset": [56, 68]}, {"key": "electronic-documents", "type": "definition", "offset": [91, 111]}, {"key": "computer-system", "type": "clause", "offset": [139, 154]}, {"key": "world-wide-web", "type": "definition", "offset": [206, 220]}, {"key": "data-fields", "type": "definition", "offset": [232, 243]}, {"key": "dst-web-site", "type": "definition", "offset": [326, 338]}, {"key": "purpose-of-the", "type": "clause", "offset": [346, 360]}, {"key": "to-control", "type": "definition", "offset": [373, 383]}, {"key": "data-center", "type": "definition", "offset": [499, 510]}, {"key": "the-systems", "type": "clause", "offset": [523, 534]}, {"key": "change-control-process", "type": "definition", "offset": [591, 613]}, {"key": "type-of", "type": "definition", "offset": [753, 760]}, {"key": "consistent-with", "type": "clause", "offset": [840, 855]}, {"key": "services-and", "type": "clause", "offset": [887, 899]}, {"key": "with-the-exception-of", "type": "clause", "offset": [950, 971]}, {"key": "transfer-of-files", "type": "clause", "offset": [1013, 1030]}, {"key": "transfer-files", "type": "clause", "offset": [1107, 1121]}, {"key": "the-user", "type": "clause", "offset": [1195, 1203]}, {"key": "directory-information", "type": "clause", "offset": [1228, 1249]}], "samples": [{"hash": "6yDOWYbUxVO", "uri": "/contracts/6yDOWYbUxVO#network-access-control", "label": "Transfer Agency and Services Agreement (Dfa Investment Trust Co)", "score": 30.158110883, "published": true}, {"hash": "5w4Je9xhpei", "uri": "/contracts/5w4Je9xhpei#network-access-control", "label": "Transfer Agency and Services Agreement (Dimensional Investment Group Inc)", "score": 30.158110883, "published": true}, {"hash": "3MOhNO4BV9", "uri": "/contracts/3MOhNO4BV9#network-access-control", "label": "Master Agreement (BofA Funds Series Trust)", "score": 21.8021902806, "published": true}], "size": 4, "snippet": "A device referred to as a \u201cfirewall\u201d is located between the Internet and the collection of electronic documents or pages residing on DST\u2019s computer system, linked to the Internet and accessible through the World Wide Web, where the data fields and related screens provided by DST may be viewed by Users who access such site (\u201cDST Web Site\u201d). The purpose of the firewall is to control connectivity to the DST Web Site at the port level. This equipment is located and administered at DST\u2019s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. DST is advised by its current firewall provider that this equipment will not interrogate data, and that its only function is to limit the type of traffic accessing the DST Web Site. Ports on the firewall are configured to be consistent with ports at the DST Web Site. All services and functions within the DST Web Site are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Site are disabled, except those ports required to transfer files. All \u201clisteners\u201d are deactivated. Directory structures are \u201chidden\u201d from the user. Services which provide directory information are also deactivated.", "hash": "cc2ff1cebf50c74ae8aff4a02b6dc9cd", "id": 9}, {"snippet_links": [{"key": "vision-web-site", "type": "definition", "offset": [4, 19]}, {"key": "distribution-support-services-web-site", "type": "definition", "offset": [28, 66]}, {"key": "web-sites", "type": "clause", "offset": [77, 86]}, {"key": "network-controls", "type": "clause", "offset": [130, 146]}, {"key": "the-boundary", "type": "definition", "offset": [201, 213]}, {"key": "internet-service-provider", "type": "clause", "offset": [248, 273]}, {"key": "basic-protections", "type": "definition", "offset": [302, 319]}, {"key": "web-servers", "type": "clause", "offset": [637, 648]}, {"key": "in-addition", "type": "clause", "offset": [650, 661]}, {"key": "internet-traffic", "type": "definition", "offset": [806, 822]}, {"key": "data-center", "type": "definition", "offset": [956, 967]}, {"key": "the-systems", "type": "clause", "offset": [980, 991]}, {"key": "change-control-process", "type": "definition", "offset": [1048, 1070]}, {"key": "services-and", "type": "clause", "offset": [1076, 1088]}, {"key": "with-the-exception-of", "type": "clause", "offset": [1140, 1161]}, {"key": "transfer-of-files", "type": "clause", "offset": [1203, 1220]}, {"key": "transfer-files", "type": "clause", "offset": [1298, 1312]}, {"key": "the-user", "type": "clause", "offset": [1466, 1474]}, {"key": "directory-information", "type": "clause", "offset": [1499, 1520]}], "samples": [{"hash": "avY5Z9PmBAR", "uri": "/contracts/avY5Z9PmBAR#network-access-control", "label": "Services Agreement (Popular Income Plus Fund, Inc.)", "score": 31.1834360027, "published": true}, {"hash": "4uhLXqD9TYa", "uri": "/contracts/4uhLXqD9TYa#network-access-control", "label": "Services Agreement (Popular High Grade Fixed-Income Fund, Inc.)", "score": 31.1834360027, "published": true}, {"hash": "27E2Dk9EWMq", "uri": "/contracts/27E2Dk9EWMq#network-access-control", "label": "Services Agreement (Popular Total Return Fund Inc)", "score": 31.1834360027, "published": true}], "size": 45, "snippet": "The VISION Web Site and the Distribution Support Services Web Site (the \u201cDST Web Sites\u201d) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST\u2019s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All \u201clisteners,\u201d other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are \u201chidden\u201d from the user. Services which provide directory information are also deactivated.", "hash": "83e1e9a5b30db5f75a55b366fd123e5c", "id": 1}, {"snippet_links": [{"key": "internet-backbone", "type": "definition", "offset": [60, 77]}, {"key": "web-server", "type": "definition", "offset": [101, 111]}, {"key": "purpose-of-the", "type": "clause", "offset": [117, 131]}, {"key": "to-control", "type": "definition", "offset": [142, 152]}, {"key": "data-center", "type": "definition", "offset": [257, 268]}, {"key": "an-independent", "type": "clause", "offset": [311, 325]}, {"key": "the-systems", "type": "clause", "offset": [356, 367]}, {"key": "remote-administration", "type": "clause", "offset": [437, 458]}, {"key": "type-of", "type": "definition", "offset": [598, 605]}, {"key": "consistent-with", "type": "clause", "offset": [754, 769]}, {"key": "not-accessible", "type": "definition", "offset": [937, 951]}, {"key": "services-and", "type": "clause", "offset": [1028, 1040]}, {"key": "server-operating-system", "type": "clause", "offset": [1070, 1093]}, {"key": "with-the-exception-of", "type": "clause", "offset": [1110, 1131]}, {"key": "required-service", "type": "clause", "offset": [1187, 1203]}, {"key": "purpose-of-this", "type": "clause", "offset": [1284, 1299]}, {"key": "external-users", "type": "clause", "offset": [1322, 1336]}, {"key": "required-by", "type": "definition", "offset": [1466, 1477]}, {"key": "fire-wall", "type": "definition", "offset": [1514, 1523]}, {"key": "the-user", "type": "clause", "offset": [1630, 1638]}, {"key": "directory-information", "type": "clause", "offset": [1663, 1684]}, {"key": "access-to-the", "type": "clause", "offset": [1731, 1744]}, {"key": "internal-network", "type": "definition", "offset": [1837, 1853]}, {"key": "data-mapping", "type": "clause", "offset": [1897, 1909]}, {"key": "the-function", "type": "clause", "offset": [1951, 1963]}, {"key": "received-by", "type": "definition", "offset": [2067, 2078]}, {"key": "the-shareholder", "type": "clause", "offset": [2324, 2339]}, {"key": "fan-web", "type": "clause", "offset": [2344, 2351]}, {"key": "system-administrators", "type": "definition", "offset": [2405, 2426]}, {"key": "upon-termination", "type": "definition", "offset": [2427, 2443]}], "samples": [{"hash": "2R9nLQk6tzu", "uri": "/contracts/2R9nLQk6tzu#network-access-control", "label": "Transfer Agency and Services Agreement (ALPS Series Trust)", "score": 29.6926762491, "published": true}, {"hash": "fuDClbvjWhN", "uri": "/contracts/fuDClbvjWhN#network-access-control", "label": "Transfer Agency and Services Agreement (ALPS Series Trust)", "score": 29.4462696783, "published": true}, {"hash": "j4fAYuBfzwe", "uri": "/contracts/j4fAYuBfzwe#network-access-control", "label": "Transfer Agency and Services Agreement (ALPS Series Trust)", "score": 29.3915126626, "published": true}], "size": 41, "snippet": "A computer referred to as a \u201crouter\u201d is located between the Internet backbone connection and the DST Web server. The purpose of the router is to control the connectivity to the DST Web server at the port level. This equipment is located at DST\u2019s Winchester data center, but it is administered and maintained by an independent firewall provider. Changes to the systems residing on this computer are submitted to the firewall provider for remote administration. DST is advised by its current firewall provider that this equipment will not interrogate data, and that its only function is to limit the type of traffic accessing the DST Web server to the suite of Hyper-Text Transfer Protocols (\u201cHTTP\u201d) transmissions. Ports on the router are configured to be consistent with ports on the DST Web server. DST is advised by its current firewall provider that all other ports on the router other than those configured for the DST Web server are not accessible from the Internet. The DST Web server utilizes a UNIX operating system. All services and functions within the DST Web server operating system are deactivated with the exception of services and functions which support HTTP. This is the required service for HTML content which is what the FAN Transactions are based upon. The general purpose of this feature is to prevent external users from entering UNIX commands or running UNIX based processes on the DST Web server. All ports on the DST Web server, except those required by FAN (the ports accessed through the fire wall provider\u2019s router), are disabled. All \u201clisteners\u201d are deactivated. Directory structures are \u201chidden\u201d from the user. Services which provide directory information are also deactivated. DST administrators gain access to the DST Web server through the physical console connected to the DST Web server, or through the internal network via DST Secure ID. FAN also incorporates a data mapping system referred to as the \u201cCICS Mapper\u201d. The function of the CICS Mapper is to perform data packaging, security interrogation, and protocol conversion. Data received by the CICS Mapper from the DST Web server is interrogated for authenticity, repackaged for the DST TA/2000 mainframe system, and protocols are converted for communication. The CICS Mapper is programmed to terminate the session/Transaction between the shareholder and FAN Web if data authentication fails. Alerts are provided to system administrators upon termination.", "hash": "4469519461c8b42839ec8ac8a0131fca", "id": 2}, {"snippet_links": [{"key": "internet-backbone", "type": "definition", "offset": [62, 79]}, {"key": "hosting-equipment", "type": "definition", "offset": [131, 148]}, {"key": "web-servers", "type": "clause", "offset": [151, 162]}, {"key": "purpose-of-the", "type": "clause", "offset": [170, 184]}, {"key": "to-control", "type": "definition", "offset": [197, 207]}, {"key": "located-in", "type": "definition", "offset": [281, 291]}, {"key": "data-center", "type": "definition", "offset": [332, 343]}, {"key": "changes-to-the", "type": "definition", "offset": [345, 359]}, {"key": "type-of", "type": "definition", "offset": [519, 526]}, {"key": "consistent-with", "type": "clause", "offset": [672, 687]}, {"key": "not-accessible", "type": "definition", "offset": [796, 810]}, {"key": "software-and-hardware", "type": "clause", "offset": [879, 900]}, {"key": "services-and", "type": "clause", "offset": [906, 918]}, {"key": "operating-system", "type": "clause", "offset": [953, 969]}, {"key": "with-the-exception-of", "type": "clause", "offset": [986, 1007]}, {"key": "purpose-of-this", "type": "clause", "offset": [1062, 1077]}, {"key": "external-users", "type": "clause", "offset": [1100, 1114]}, {"key": "required-by", "type": "definition", "offset": [1222, 1233]}, {"key": "the-user", "type": "clause", "offset": [1292, 1300]}, {"key": "directory-information", "type": "clause", "offset": [1324, 1345]}, {"key": "access-to-the", "type": "clause", "offset": [1395, 1408]}, {"key": "internal-network", "type": "definition", "offset": [1482, 1498]}, {"key": "the-shareholder", "type": "clause", "offset": [1582, 1597]}, {"key": "the-application", "type": "clause", "offset": [1602, 1617]}, {"key": "successful-and-unsuccessful", "type": "clause", "offset": [1652, 1679]}], "samples": [{"hash": "8G5SuGCbyBU", "uri": "/contracts/8G5SuGCbyBU#network-access-control", "label": "Transfer Agency and Services Agreement (Bridge Builder Trust)", "score": 28.8124572211, "published": true}, {"hash": "5WsKFiHWKR2", "uri": "/contracts/5WsKFiHWKR2#network-access-control", "label": "Transfer Agency and Services Agreement (X-Square Balanced Fund, LLC)", "score": 28.711156742, "published": true}, {"hash": "2HT7CKXt3jo", "uri": "/contracts/2HT7CKXt3jo#network-access-control", "label": "Transfer Agency and Services Agreement (Salient MF Trust)", "score": 28.325119781, "published": true}], "size": 38, "snippet": "A computer referred to as a \u201cfirewall\u201d is located between the Internet backbone connection and the Internet accessible application hosting equipment (\u201cweb servers\u201d). The purpose of the firewall is to control the connectivity to the web servers at the port level. This equipment is located in a secure and environmentally controlled data center. Changes to the configuration of this computer are administered by authorized ALPS\u2019s IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the web servers to the suite of hyper-text transfer protocols (\u201cHTTP\u201d) transmissions. Ports on the router are configured to be consistent with ports on the web servers. All other ports on the router other than those configured for the web servers are not accessible from the Internet. The web servers utilize adequate and appropriate software and hardware. All services and functions within the web servers\u2019 operating system are deactivated with the exception of services and functions which support AVA. The general purpose of this feature is to prevent external users from entering commands or running processes on the web servers. All ports on the web servers, except those required by AVA, are disabled. Directory structures are \u201chidden\u201d from the user. Services that provide directory information are also deactivated. ALPS\u2019s administrators gain access to the web servers through a directly connected physical console or through the internal network via ALPS Secure ID. AVA is programmed to terminate the session/transaction between the shareholder and the application if data authentication fails. All successful and unsuccessful sessions are logged.", "hash": "72f3ec4e4af8d9d21402f14b240416a7", "id": 3}, {"snippet_links": [{"key": "internet-backbone", "type": "definition", "offset": [69, 86]}, {"key": "purpose-of-the", "type": "clause", "offset": [138, 152]}, {"key": "to-control", "type": "definition", "offset": [163, 173]}, {"key": "data-center", "type": "definition", "offset": [266, 277]}, {"key": "changes-to-the", "type": "definition", "offset": [279, 293]}, {"key": "consistent-with", "type": "clause", "offset": [407, 422]}, {"key": "access-to-the", "type": "clause", "offset": [464, 477]}, {"key": "ivr-server", "type": "definition", "offset": [561, 571]}, {"key": "operating-system", "type": "clause", "offset": [592, 608]}, {"key": "services-and", "type": "clause", "offset": [614, 626]}, {"key": "with-the-exception-of", "type": "clause", "offset": [681, 702]}, {"key": "purpose-of-this", "type": "clause", "offset": [759, 774]}, {"key": "external-users", "type": "clause", "offset": [797, 811]}, {"key": "required-by", "type": "definition", "offset": [927, 938]}, {"key": "the-user", "type": "clause", "offset": [1000, 1008]}, {"key": "directory-information", "type": "clause", "offset": [1032, 1053]}, {"key": "gain-access", "type": "definition", "offset": [1096, 1107]}], "samples": [{"hash": "dAHkQ5jh1xl", "uri": "/contracts/dAHkQ5jh1xl#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Transparent Value Trust)", "score": 22.0732375086, "published": true}, {"hash": "8cupy9expna", "uri": "/contracts/8cupy9expna#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Financial Investors Trust)", "score": 21.6598220397, "published": true}, {"hash": "dVBSythmVcm", "uri": "/contracts/dVBSythmVcm#network-access-control", "label": "Transfer Agency Interactive Client Services Agreement (Caldwell & Orkin Funds Inc)", "score": 21.4599589322, "published": true}], "size": 10, "snippet": "A computer referred to as a \u201cfirewall router\u201d is located between the Internet backbone connection and the ALPS IVR Processing server. The purpose of the router is to control the connectivity to the server at the port level. This equipment is located at ALPS\u2019 Denver data center. Changes to the configuration of this computer are administered by authorized IT staff. Ports on the router are configured to be consistent with ports on the ALPS IVR Processing server. Access to the IVR Processing server is blocked from all areas outside the ALPS network. The ALPS IVR server utilizes a standard operating system. All services and functions within the operating system are deactivated with the exception of services and functions that support TA IVR. The general purpose of this feature is to prevent external users from entering commands or running processes on the ALPS IVR server. All ports on the ALPS IVR server, except those required by TA IVR, are disabled. Directory structures are \u201chidden\u201d from the user. Services that provide directory information are also deactivated. ALPS administrators gain access to the ALPS IVR server through the physical console connected to the ALPS IVR server.", "hash": "6126f7521d0b9979c644bcfce8d40723", "id": 6}, {"snippet_links": [{"key": "access-to-the-services", "type": "clause", "offset": [50, 72]}, {"key": "control-access", "type": "clause", "offset": [194, 208]}, {"key": "remote-users", "type": "clause", "offset": [212, 224]}, {"key": "information-services", "type": "definition", "offset": [267, 287]}, {"key": "information-systems", "type": "definition", "offset": [300, 319]}, {"key": "the-network", "type": "clause", "offset": [481, 492]}, {"key": "access-control-policy", "type": "clause", "offset": [520, 541]}, {"key": "to-ensure", "type": "clause", "offset": [607, 616]}, {"key": "information-flows", "type": "clause", "offset": [647, 664]}], "samples": [{"hash": "jXNNaxPGPOw", "uri": "/contracts/jXNNaxPGPOw#network-access-control", "label": "Department Terms and Conditions", "score": 31.603839611, "published": true}, {"hash": "9u92t0gjXFM", "uri": "/contracts/9u92t0gjXFM#network-access-control", "label": "Contract", "score": 30.5735901289, "published": true}, {"hash": "2pnmwZadL3H", "uri": "/contracts/2pnmwZadL3H#network-access-control", "label": "Department Terms and Conditions", "score": 30.2232070786, "published": true}], "size": 7, "snippet": "i. Contractor\u2019s users shall only be provided with access to the services that they have been specifically authorized to use;\nii. Contractor has implemented appropriate authentication methods to control access by remote users;\niii. Contractor has segregated groups of information services, users, and information systems on networks;\niv. For shared networks, especially those extending across Contractor\u2019s boundaries, Contractor has restricted the capability of users to connect to the network, in line with Contractor\u2019s access control policy; and\nv. Contractor has implemented routing controls for networks to ensure that computer connections and information flows do not breach Contractor\u2019s access control policy.", "hash": "e167758d07f7254aeca77065352509ed", "id": 7}, {"snippet_links": [{"key": "access-to", "type": "definition", "offset": [0, 9]}, {"key": "network-services", "type": "definition", "offset": [50, 66]}, {"key": "allow-access", "type": "clause", "offset": [72, 84]}, {"key": "processing-systems", "type": "definition", "offset": [109, 127]}, {"key": "supplier-will", "type": "clause", "offset": [149, 162]}, {"key": "industry-best-practice", "type": "clause", "offset": [188, 210]}, {"key": "network-users", "type": "definition", "offset": [250, 263]}, {"key": "and-equipment", "type": "clause", "offset": [264, 277]}, {"key": "in-place", "type": "definition", "offset": [282, 290]}, {"key": "unauthorized-access", "type": "clause", "offset": [427, 446]}, {"key": "stateful-firewall", "type": "definition", "offset": [461, 478]}, {"key": "internet-connection", "type": "definition", "offset": [500, 519]}, {"key": "business-reasons", "type": "definition", "offset": [648, 664]}, {"key": "control-access", "type": "clause", "offset": [712, 726]}, {"key": "remote-users", "type": "clause", "offset": [730, 742]}, {"key": "logical-access", "type": "definition", "offset": [768, 782]}, {"key": "if-required", "type": "definition", "offset": [890, 901]}], "samples": [{"hash": "b4QxvWpz3AC", "uri": "/contracts/b4QxvWpz3AC#network-access-control", "label": "Global Services Agreement", "score": 35.0334123135, "published": true}, {"hash": "4o2NR5rzspm", "uri": "/contracts/4o2NR5rzspm#network-access-control", "label": "Global Services Agreement", "score": 33.3478003089, "published": true}, {"hash": "1T8sr9K0IQr", "uri": "/contracts/1T8sr9K0IQr#network-access-control", "label": "Global Services Agreement", "score": 26.9575633128, "published": true}], "size": 4, "snippet": "Access to internal, external, Provider and public network services that allow access to Supplier Information Processing Systems shall be controlled. Supplier will:\n(a) Ensure that current industry best practice standard authentication mechanisms for network users and equipment are in place and updated as necessary;\n(b) Ensure electronic perimeter controls are in place to protect Supplier Information Processing Systems from unauthorized access;\n(c) Ensure a stateful firewall is in place for each Internet connection and between any DMZ and the Intranet. Firewalls shall be configured to deny all traffic except the traffic that is required for business reasons.\n(d) Ensure authentication methods are used to control access by remote users;\n(e) Ensure physical and logical access to diagnostic and configuration ports is controlled; and\n(f) Ensure wireless implementations are only used if required for business reasons, put into practice WPA, WPA2, 802.11i or a superseding standard and must not use WEP.", "hash": "f0eee968e3810e6e80040e06888c1d3e", "id": 8}, {"snippet_links": [{"key": "the-internet", "type": "clause", "offset": [56, 68]}, {"key": "dst-web-site", "type": "definition", "offset": [77, 89]}, {"key": "purpose-of-the", "type": "clause", "offset": [95, 109]}, {"key": "to-control", "type": "definition", "offset": [122, 132]}, {"key": "data-center", "type": "definition", "offset": [248, 259]}, {"key": "the-systems", "type": "clause", "offset": [272, 283]}, {"key": "change-control-process", "type": "definition", "offset": [340, 362]}, {"key": "type-of", "type": "definition", "offset": [502, 509]}, {"key": "consistent-with", "type": "clause", "offset": [589, 604]}, {"key": "services-and", "type": "clause", "offset": [636, 648]}, {"key": "with-the-exception-of", "type": "clause", "offset": [699, 720]}, {"key": "transfer-of-files", "type": "clause", "offset": [762, 779]}, {"key": "transfer-files", "type": "clause", "offset": [856, 870]}, {"key": "the-user", "type": "clause", "offset": [944, 952]}, {"key": "directory-information", "type": "clause", "offset": [977, 998]}], "samples": [{"hash": "3kfKtPS8Heh", "uri": "/contracts/3kfKtPS8Heh#network-access-control", "label": "Services Agreement (Oaktree Strategic Credit Fund)", "score": 30.9671457906, "published": true}, {"hash": "jz5dt1I6ZmP", "uri": "/contracts/jz5dt1I6ZmP#network-access-control", "label": "Master Agreement (BofA Funds Series Trust)", "score": 21.8021902806, "published": true}], "size": 2, "snippet": "A device referred to as a \u201cfirewall\u201d is located between the Internet and the DST Web Site. The purpose of the firewall is to control connectivity to the DST Web Site at the port level. This equipment is located and administered at DST\u2019s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. DST is advised by its current firewall provider that this equipment will not interrogate data, and that its only function is to limit the type of traffic accessing the DST Web Site. Ports on the firewall are configured to be consistent with ports at the DST Web Site. All services and functions within the DST Web Site are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Site are disabled, except those ports required to transfer files. All \u201clisteners\u201d are deactivated. Directory structures are \u201chidden\u201d from the user. Services which provide directory information are also deactivated.", "hash": "96a81ddf29d7d9bb821a0c101ad0bded", "id": 10}], "next_curs": "Cl8SWWoVc35sYXdpbnNpZGVyY29udHJhY3RzcjsLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2Ih9uZXR3b3JrLWFjY2Vzcy1jb250cm9sIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"parents": [["severability", "Severability"], ["right-to-audit", "Right to Audit"], ["options-selection", "Options Selection"], ["alps-virtual-access-appendix-e", "ALPS Virtual Access (Appendix E)"], ["ava-access-appendix-f", "AVA Access (Appendix F)"]], "title": "Network Access Control", "size": 117, "children": [], "id": "network-access-control", "related": [["data-access-control", "Data Access Control", "Data Access Control"], ["system-access-control", "System Access Control", "System Access Control"], ["access-control", "Access Control", "Access Control"], ["network-access", "Network Access", "Network Access"], ["physical-access-control", "Physical Access Control", "Physical Access Control"]], "related_snippets": [], "updated": "2025-07-07T12:36:18+00:00"}, "json": true, "cursor": ""}}