Common use of Safeguarding Customer Information Clause in Contracts

Safeguarding Customer Information. (a) In providing services hereunder, each Party shall implement appropriate security measures designed to meet the objectives of applicable insurance laws and regulations, including: (i) ensuring the confidentiality, security and integrity of the other Parties’ respective information regarding its clients’ and applicants’ nonpublic confidential information (“Customer Information”); (ii) protecting against anticipated threats or hazards to the security or integrity of Customer Information; and (iii) protecting against unauthorized access to or use of Customer Information. Each Service Provider shall adjust its information security program at the request of a Service Recipient for any relevant changes dictated by a Service Recipient’s assessments of risk around its Customer Information and customer information systems. Each Party agrees that during the term of this Agreement and thereafter, it shall not use, or permit any person or entity access to, any Customer Information except as permitted in connection with the performance of services hereunder. Each Party acknowledges that it shall be permitted to disclose Customer Information only to its employees, subcontractors, consultants and agents who have a need to know such information or otherwise in connection with its performance of its duties hereunder. In addition, a Party may disclose Customer Information if such disclosure is required by law or upon order of any competent court or law enforcement agency. (b) Each Party shall monitor from time to time its Customer Information systems for security breaches, violations and suspicious activity relating to the Customer Information. If a breach, violation or suspicious activity affecting the Customer Information is detected, the Party shall (i) notify the affected Parties promptly upon knowledge of such breach, violation or suspicious activity and (ii) fix or patch the security problem within a reasonable period of time. (c) For a period of seven (7) years after the termination or expiration of this Agreement, each Party will maintain, and will provide the other Parties reasonable access to, system records and logs regarding the use of the Customer Information systems as contemplated by this Agreement. Each Party shall have the right to review and inspect such records upon thirty (30) days’ advance written notice and during reasonable business hours. Inspections permitted under this Section 15(c) shall occur no more frequently than once per year and shall be conducted under the supervision of the inspecting Party. (d) Subject to a Party’s own security requirements, each Party shall allow the other Parties to conduct, at such other Parties’ expense, reasonable inspections of the Customer Information systems upon thirty (30) days’ prior written notice and during reasonable business hours. Inspections permitted under this Section 15(d) shall occur no more frequently than once per year. (e) Confirming evidence that a Service Provider has satisfied its obligations under this Section 15 shall be made available, during normal business hours, for inspection by the applicable Service Recipient, anyone authorized by such Service Recipient and any governmental agency that has regulatory authority over such Service Recipient’s business activities.

Safeguarding Customer Information. (a) In providing services hereunder, each Party shall implement appropriate security measures designed to meet the objectives of applicable insurance laws and regulations, including: (i) ensuring the confidentiality, security and integrity of the other Parties’ respective information regarding its clients’ and applicants’ nonpublic confidential information (“Customer Information”); (ii) protecting against anticipated threats or hazards to the security or integrity of Customer Information; and (iii) protecting against unauthorized access to or use of Customer Information. Each Service Provider shall adjust its information security program at the request of a Service Recipient for any relevant changes dictated by a Service Recipient’s assessments of risk around its Customer Information and customer information systems. Each Party agrees that during the term of this Agreement and thereafter, it shall not use, or permit any person or entity access to, any Customer Information except as permitted in connection with the performance of services hereunder. Each Party acknowledges that it shall be permitted to disclose Customer Information only to its employees, subcontractors, consultants and agents who have a need to know such information or otherwise in connection with its performance of its duties hereunder. In addition, a Party may disclose Customer Information if such disclosure is required by law or upon order of any competent court or law enforcement agency. (b) Each Party shall monitor from time to time its Customer Information systems for security breaches, violations and suspicious activity relating to the Customer Information. If a breach, violation or suspicious activity affecting the Customer Information is detected, the Party shall (i) notify the affected Parties promptly upon knowledge of such breach, violation or suspicious activity and (ii) fix or patch the security problem within a reasonable period of time. (c) For a period of seven (7) years after the termination or expiration of this Agreement, each Party will maintain, and will provide the other Parties reasonable access to, system records and logs regarding the use of the Customer Information systems as contemplated by this Agreement. Each Party shall have the right to review and inspect such records upon thirty (30) days’ advance written notice and during reasonable business hours. Inspections permitted under this Section 15(c) shall occur no more frequently than once per year and shall be conducted under the supervision of the inspecting Party. (d) Subject to a Party’s own security requirements, each Party shall allow the other Parties to conduct, at such other Parties’ expense, conduct reasonable inspections of the Customer Information systems upon thirty (30) days’ prior written notice and during reasonable business hours. Inspections permitted under this Section 15(d) shall occur no more frequently than once per year. (e) Confirming evidence that a Service Provider has satisfied its obligations under this Section 15 shall be made available, during normal business hours, for inspection by the applicable a Service Recipient, anyone authorized by such a Service Recipient and any governmental agency that has regulatory authority over such the Service Recipient’s business activities.