Common use of Secure Connection Clause in Contracts

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology, procedures, processes, and restrictions to ensure that its connection to the SRS is secure. All data exchanged between the Registrar’s system and the SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to (1) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (2) enable high volume, automated, electronic processes that send queries or data to the systems of the Registry, any other registry operated under an agreement with ICANN, or any ICANN-accredited the Registrar, except as reasonably necessary to register domain names or modify existing registrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer (“SSL”) protocol. The Registrar agrees to authenticate every EPP client connection with the SRS using both (i) a server certificate issued by a commercial Certification Authority to be chosen by the Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirements. Upon prior written notification to the Registrar, the Registry may require other industry standard security provisions, practices, or technology to ensure that the Registry System is secure and stable, which the Registry may adopt from time to time in its sole and complete discretion. In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day notice to inform the Registrar of the need to either correct non-compliance or agree on a mutually acceptable plan with Registry to correct non-compliance, and the time period in which such plan must be completed. Failure to meet the standards at the end of the agreed period will constitute a material breach of the agreement. The Registry’s failure at any time to declare a material breach does not constitute a waiver of its right to do so in the future.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology, procedures, processes, and restrictions to ensure that its connection to the SRS is secure. All data exchanged between the Registrar’s system and the SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to (1) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (2) enable high volume, automated, electronic processes that send queries or data to the systems of the Registry, any other registry operated under an agreement with ICANN, or any ICANN-accredited the Registrar, except as reasonably necessary to register domain names or modify existing registrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer (“SSL”) protocol. The Registrar agrees to authenticate every EPP client connection with the SRS using both (i) a server certificate issued by a commercial Certification Authority to be chosen by the Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirements. Upon prior written notification to the Registrar, the Registry may require other industry standard security provisions, practices, or technology to ensure that the Registry System is secure and stable, which the Registry may adopt from time to time in its sole and complete discretion. In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day notice to inform the Registrar of the need to either correct non-compliance or agree on a mutually acceptable plan with Registry to correct non-compliance, and the time period in which such plan must be completed. Failure to meet the standards at the end of the agreed period will constitute a material breach of the agreement. The Registry’s failure at any time to declare a material breach does not constitute a waiver of its right to do so in the future.four

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology, procedures, processes, and restrictions to ensure that its connection to the SRS is secure. All data exchanged between the Registrar’s system and the SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to to: (1) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (2) enable 2)enable high volume, automated, electronic processes that send queries or data to the systems of the Registry, any other registry operated under an agreement with ICANN, or any ICANN-accredited the Registrar, except as reasonably necessary to register domain names or modify existing registrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer (“SSL”) protocol. The Registrar agrees to authenticate every EPP client Registrar connection with the SRS using both (i) a server certificate issued by a commercial Certification Authority to be chosen by the Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of as soon as possible after learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirementsauthentication. Upon prior written notification to the Registrar, the Registry may require other industry standard security provisions, practices, or technology to ensure that the Registry System is secure and stable, which the Registry may adopt from time to time in its sole and complete discretion. In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day 30 (thirty) days’ notice to inform the Registrar of the need to either correct non-non- compliance or agree on a mutually acceptable plan with Registry to correct non-compliance, and the time period in which such plan must be completed. Failure to meet the standards at the end of the agreed period will constitute a material breach of the agreement. The Registry’s failure at any time to declare a material breach does not constitute a waiver of its right to do so in the future.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology, procedures, processes, and restrictions to ensure that its connection to the SRS is secure. All data exchanged between the Registrar’s system and the SRS shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to to: (1) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited advertising or solicitations to persons or entities other than its own existing customers; or (2) enable 2)enable high volume, automated, electronic processes that send queries or data to the systems of the Registry, any other registry operated under an agreement with ICANN, or any ICANN-accredited the Registrar, except as reasonably necessary to register domain names or modify existing registrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer (“SSL”) protocol. The Registrar agrees to authenticate every EPP client Registrar connection with the SRS using both (i) a server certificate issued by a commercial Certification Authority to be chosen by the Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirementsauthentication. Upon prior written notification to the Registrar, the Registry may require other industry standard security provisions, practices, or technology to ensure that the Registry System is secure and stable, which the Registry may adopt from time to time in its sole and complete discretion. In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day 30 (thirty) days’ notice to inform the Registrar of the need to either correct non-non- compliance or agree on a mutually acceptable plan with Registry to correct non-compliance, and the time period in which such plan must be completed. Failure to meet the standards at the end of the agreed period will constitute a material breach of the agreement. The Registry’s failure at any time to declare a material breach does not constitute a waiver of its right to do so in the future.

Secure Connection. The Registrar agrees to develop and employ in its domain name registration business all necessary technology, procedures, processes, technology and restrictions to ensure that its connection to the SRS System is secure. All data exchanged between the Registrar’s 's system and the SRS System shall be protected to avoid unintended disclosure of information. The Registrar shall employ commercially reasonable measures to prevent its access to the Registry System granted hereunder from being used to (1i) allow, enable, or otherwise support the transmission by emaile-mail, telephone, or facsimile of mass unsolicited unsolicited, commercial advertising or solicitations to persons or entities other than its own existing customers; or (2ii) enable high volume, automated, electronic processes that send queries or data to the systems of the RegistryVerisign, any other registry operated under an agreement with ICANN, or any ICANN-accredited the Registrarregistrar, except as reasonably necessary to register domain names or modify existing registrations. Each EPP session shall be authenticated and encrypted using two-way secure socket layer (“"SSL”") protocol. The Registrar agrees to authenticate every EPP client connection with the SRS System using both (i) a an X.509 server certificate issued by a commercial Certification Authority to be chosen identified by the Registrar, subject to Registry’s agreement, which agreement shall not be unreasonably withheld Registry and (ii) its Registrar password, which it shall disclose only to its employees with a need to know. The Registrar agrees to notify the Registry within four (4) hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certification Authority or compromised in any way. Additionally, the Registrar must ensure that access to registrant accounts is adequately protected by, at a minimum, a secure log-in process that requires username and password authentication and the Registrar must comply with all other security-related ICANN Registrar accreditation requirements. Upon prior written notification to the Registrar, the Registry Verisign may require other industry standard security provisions, practices, practices or technology to ensure that the Registry System is secure and stable, which the Registry Verisign may adopt from time to time in its sole and complete discretion. In the event that the Registrar does not comply with the Registry standards, the Registry will provide the Registrar a 30-day notice to inform the Handling of Personal Data. Verisign shall notify Registrar of the need purposes for which Personal Data submitted to either correct non-compliance Verisign by Registrar is collected, the intended recipients (or agree on a mutually acceptable plan with Registry to correct non-compliancecategories of recipients) of such Personal Data, and the time period mechanism for access to and correction of such Personal Data. Verisign shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Verisign shall not use or authorize the use of Personal Data in which such plan must be completeda way that is incompatible with the notice provided to registrars. Failure to meet the standards at the end of the agreed period will constitute a material breach of the agreement. The Registry’s failure at any Verisign may from time to declare a material breach does time use the demographic data collected for statistical analysis, provided that this analysis will not constitute a waiver of its right disclose individual Personal Data and provided that such use is compatible with the notice provided to do so in registrars regarding the futurepurpose and procedures for such use.