Common use of Security Breaches Clause in Contracts

Security Breaches. 16.12.1 If a party becomes aware that the other party’s Confidential Information is used or disclosed in any manner not permitted under the Agreement, if a party is unable to account for any Confidential Information of the other party, or if a party knows any security breach or other incident has occurred that could compromise the security or integrity of any system in which it stores or processes Confidential Information of the other party (each, a “Security Breach”), such party shall notify the other party by email and/or telephone promptly. Such notice is to describe the Security Breach in sufficient detail (accounting for the information then available to such party) for the other party to assess its risk. The Manager shall send its email notice addressed to and/or telephone primary point of contact. The Manager shall also maintain a log of all such incidents and either retain such records for as long as it is performing services under this Agreement or provide the records (or copies of such records) to the FRBNY prior to destruction of the records under the Manager’s normal record retention policy. 16.12.2 The affected party shall take all measures reasonably required to recover information, to mitigate the effects of the unauthorized use or disclosure or loss, to prevent further unauthorized use or disclosure or loss and reoccurrence of a breach of security of that same nature, and to cooperate with the other party and its agents in any investigation that the other party may undertake relating to the unauthorized use or disclosure or loss. The affected party shall keep the other party informed as soon as practicable of developments regarding the Security Breach, including, without limitation, effects being observed in the affected system(s), investigation of the Security Breach and its effects and the root cause, and periodic progress made toward completion of action plans for remediation. The affected party shall send the other party information about developments in its investigation and remediation activities as directed by the other party (which, for the FRBNY is to be by email to the address above and/or by telephone to the FRBNY’s primary point of contact unless directed otherwise). The FRBNY may share information about any Security Breach with any the Board of Governors, the UST, and any other Reserve Bank that the FRBNY reasonably believes may be adversely impacted by the Security Breach. The affected party shall bear the costs of all such measures taken or to be taken by such party.

Security Breaches. 16.12.1 i. If a party the Settlement Agent becomes aware that the other party’s Confidential Information is used or disclosed in any manner not permitted under the this Agreement, if a party the Settlement Agent is unable to account for any Confidential Information of the other partyInformation, or if a party the Settlement Agent knows any security breach or other incident has occurred that could compromise the security or integrity of any system in which it stores or processes Confidential Information of the other party (each, a “Security Breach”), such party the Settlement Agent shall notify the other party Purchaser by email and/or and telephone promptly. Such notice is to describe the Security Breach in sufficient detail (accounting for the information then available to such partythe Settlement Agent) for the other party Purchaser or the New York Fed to assess its riskthe risk posed by the Security Breach. The Manager Settlement Agent shall send its email notice addressed to and/or the Purchaser in accordance with section 32 and telephone primary point of contactthe information security contact identified in Schedule ii. The Manager shall also maintain a log of all such incidents and either retain such records for as long as it is performing services under this Agreement or provide the records (or copies of such records) to the FRBNY prior to destruction of the records under the Manager’s normal record retention policy. 16.12.2 The affected party Settlement Agent shall take all measures reasonably required to recover information, to mitigate the effects of the unauthorized use or disclosure or loss, to prevent further unauthorized use or disclosure or loss and reoccurrence of a breach of security Security Breach of that same nature, and to cooperate with the other party Purchaser and its representatives and agents in any investigation that the other party they may undertake relating to the unauthorized use or disclosure or loss. The affected party Settlement Agent shall keep the other party Purchaser informed as soon as practicable of developments regarding the Security Breach, including, without limitation, effects being observed in the affected system(s)systems, investigation of the Security Breach and its effects and the root cause, and periodic progress made toward completion of action plans for remediation. The affected party Settlement Agent shall send the other party Purchaser information about developments in its investigation and remediation activities as directed by the other party (which, for the FRBNY is to be Purchaser by email to in accordance with section 32 and telephone the address above and/or by telephone to the FRBNY’s primary point of information security contact identified in S chedule C unless directed otherwise). The FRBNY Purchaser and the New York Fed may share information about any Security Breach with any Federal Reserve Entity and the Board of Governors, Treasury if the UST, and any other Reserve Bank that Purchaser or the FRBNY New York Fed reasonably believes such party or parties may be adversely impacted by the Security BreachBreach or otherwise have a need to know the information. The affected party shall Settlement Agent is to bear the costs of all such measures taken or to be taken by such partyit under this section 14.

Security Breaches. 16.12.1 If a party becomes aware that Each of the Parties shall promptly notify the other Party of any Security Incident that affects or would reasonably be expected to adversely affect such other Party or such other Party’s Affiliates or the provision or receipt of the Services. Service Provider may immediately suspend the provision of Services if the nature of such Security Incident requires such suspension according to applicable Laws or Governmental Authority instructions; provided that Service Provider shall use commercially reasonable efforts to resume providing the Services as promptly as practicable once the suspension is no longer required. If either Party determines that (a) any of the other Party’s Personnel has sought to tamper with or compromise, or has tampered with or compromised, any security or audit measures employed by such Party, (b) unauthorized Personnel of the other Party has accessed any of such Party’s IT Systems, or (c) the other Party’s Personnel has otherwise breached this Section 5.2, then such Party may immediately terminate such other Party’s Personnel’s access to the applicable IT Systems. To the extent Service Provider is the terminating party’s Confidential Information , Service Provider is used or disclosed excused from the provision of affected Services for which such access is required. In addition, in any manner not permitted under the Agreement, if event of becoming aware of a party is unable to account for any Confidential Security Incident impacting Personal Information of the other party, or if a party knows any security breach or other incident has occurred that could compromise the security or integrity of any system in which it stores or processes Confidential Information of the other party (each, a “Security Breach”)Party, such party Party shall notify the other party by email and/or telephone promptly. Such notice is to describe the Security Breach in sufficient detail (accounting for the information then available to Party as soon as reasonably practicable after such party) for the other party to assess its risk. The Manager shall send its email notice addressed to and/or telephone primary point of contact. The Manager shall also maintain a log of all such incidents and either retain such records for as long as it is performing services under this Agreement or provide the records (or copies Party becomes aware of such recordsSecurity Incident and, to the extent legally permissible, provide relevant details (subject to implementing protections to maintain confidentiality and privilege, as applicable and appropriate) to the FRBNY prior extent known to destruction of the records under the Manager’s normal record retention policy. 16.12.2 The affected party shall take all measures reasonably required to recover information, to mitigate the effects of the unauthorized use or disclosure or loss, to prevent further unauthorized use or disclosure or loss and reoccurrence of a breach of security of that same nature, and to cooperate with the other party and its agents in any investigation that the other party may undertake relating to the unauthorized use or disclosure or loss. The affected party shall keep the other party informed such Party as soon as practicable of developments regarding possible thereafter. The Parties shall reasonably cooperate with each other to investigate and remediate the Security BreachIncident (including terminating any unauthorized access to affected Personal Information). Where applicable, including, without limitation, effects being observed Service Provider shall provide reasonable assistance to Service Recipient to regain possession of the affected Personal Information or other data of such other Party. Service Provider shall reasonably cooperate with Service Recipient in the affected system(s)conduct of any investigation of, investigation of or litigation involving, third parties related to the Security Breach and Incident. Service Recipient shall discharge all responsibilities set forth in this paragraph at its effects and the root cause, and periodic progress made toward completion of action plans for remediation. The affected party shall send the other party information about developments in its investigation and remediation activities as directed by the other party (which, for the FRBNY is to be by email to the address above and/or by telephone to the FRBNY’s primary point of contact unless directed otherwise). The FRBNY may share information about any Security Breach with any the Board of Governors, the UST, and any other Reserve Bank that the FRBNY reasonably believes may be adversely impacted by the Security Breach. The affected party shall bear the costs of all such measures taken or to be taken by such partyexpense.