SAFEGUARDING PERSONAL INFORMATION. Each party represents that it has implemented and shall maintain throughout the term of this Agreement a written information security program (“WISP”) detailing appropriate security measures, policies, and procedures that are designed to meet the objectives of the Gramm Xxxxx Xxxxxx Act of 1999 (“GLBA”), Interagency Guidelines Establishing Information Security Standards (12 C.F.R. Pt 30, App. B), and applicable state privacy and cybersecurity laws and regulations, including, but not limited to, California Consumer Privacy Act (to the extent applicable), 11 NYCRR 421-Insurance Regulation No. 173, NYDFS Cybersecurity Requirements For Financial Services Companies, 23 NYCRR 500 et. seq., and the Massachusetts Standards for the Protection of Personal Information, 201 CMR 17.00, et. seq. Without limiting the foregoing, TSS shall adjust its information security program at the request of TIAA for any relevant changes dictated by TIAA’s assessment of risk around its customer information and customer information systems. Confirming evidence that TSS has satisfied its obligations under this Agreement shall be made available during normal business hours for inspection by TIAA, anyone authorized by TIAA, and any governmental agency that has regulatory authority over TIAA’s business activities.
Appears in 4 contracts
Samples: Service and Subcontracting Agreement (Tiaa Cref Life Separate Account Va-1), Service and Subcontracting Agreement (Tiaa Separate Account Va-3), Service and Subcontracting Agreement (College Retirement Equities Fund)
SAFEGUARDING PERSONAL INFORMATION. Each party represents that it has implemented and shall maintain throughout the term of this Agreement a written information security program (“WISP”) detailing appropriate security measures, policies, and procedures that are designed to meet the objectives of the Gramm Xxxxx Xxxxxx Act of 1999 (“GLBA”), Interagency Guidelines Establishing Information Security Standards (12 C.F.R. Pt 30, App. B), and applicable state privacy and cybersecurity laws and regulations, including, but not limited to, California Consumer Privacy Act (to the extent applicable), 11 NYCRR 421-Insurance Regulation No. 173, NYDFS Cybersecurity Requirements For Financial Services Companies, 23 NYCRR 500 et. seq., and the Massachusetts Standards for the Protection of Personal Information, 201 CMR 17.00, et. seq. Without limiting the foregoing, TSS shall adjust its information security program at the request of TIAA for any relevant changes dictated by TIAA’s assessment of risk around its customer information and customer information systems. Confirming evidence that TSS has satisfied its obligations under this Agreement shall be made available during normal business hours for inspection by TIAA, anyone authorized by TIAA, and any governmental agency that has regulatory authority over TIAA’s business activities. 8.
Appears in 1 contract
Samples: Service and Subcontracting Agreement (Tiaa Real Estate Account)
