{"component": "clause", "props": {"groups": [{"samples": [{"hash": "jTlXMsvaTHt", "uri": "/contracts/jTlXMsvaTHt#security-controls", "label": "Apple School Manager Agreement", "score": 33.9805984497, "published": true}, {"hash": "kjC2CrrtQxv", "uri": "/contracts/kjC2CrrtQxv#security-controls", "label": "Apple School Manager Agreement", "score": 29.4475154877, "published": true}, {"hash": "co9sCEoCPAq", "uri": "/contracts/co9sCEoCPAq#security-controls", "label": "Apple School Manager Agreement", "score": 29.384557724, "published": true}], "snippet_links": [{"key": "to-ensure", "type": "clause", "offset": [22, 31]}, {"key": "compliance-with", "type": "definition", "offset": [37, 52]}, {"key": "your-obligations", "type": "clause", "offset": [53, 69]}, {"key": "security-of-personal-data", "type": "clause", "offset": [90, 115]}, {"key": "if-applicable", "type": "definition", "offset": [128, 141]}, {"key": "under-article", "type": "definition", "offset": [175, 188]}, {"key": "the-gdpr", "type": "definition", "offset": [195, 203]}, {"key": "security-procedures", "type": "definition", "offset": [225, 244]}, {"key": "this-agreement", "type": "clause", "offset": [272, 286]}, {"key": "iso-27001-certification", "type": "definition", "offset": [310, 333]}, {"key": "iso-27018-certification", "type": "definition", "offset": [338, 361]}, {"key": "make-available", "type": "definition", "offset": [374, 388]}, {"key": "for-review", "type": "clause", "offset": [389, 399]}, {"key": "by-institution", "type": "clause", "offset": [400, 414]}, {"key": "in-relation-to", "type": "clause", "offset": [439, 453]}], "snippet": "Apple will assist You to ensure Your compliance with Your obligations with regards to the security of Personal Data, including, if applicable, Your Institution\u2019s obligations, under Article 32 of the GDPR, by implementing the Security Procedures set forth in section 3F of this Agreement and by maintaining the ISO 27001 Certification and ISO 27018 Certification. Apple will make available for review by Institution the certificates issued in relation to the ISO 27001 Certification and ISO 27018 Certification following a request by You or Your Institution under this Section 3G.", "size": 35, "hash": "12d665723b78325f07aa56dfc93c0bc9", "id": 4}, {"samples": [{"hash": "lFC8F1myYRy", "uri": "/contracts/lFC8F1myYRy#security-controls", "label": "Services Agreement (Federated Hermes Core Trust III)", "score": 35.4024640657, "published": true}, {"hash": "4ozzv5TnqjA", "uri": "/contracts/4ozzv5TnqjA#security-controls", "label": "Services Agreement (Federated Hermes Managed Pool Series)", "score": 35.3175888062, "published": true}, {"hash": "cgmh93WwA9L", "uri": "/contracts/cgmh93WwA9L#security-controls", "label": "Services Agreement (Federated Hermes Insurance Series)", "score": 35.3093757629, "published": true}], "snippet_links": [{"key": "annual-basis", "type": "clause", "offset": [41, 53]}, {"key": "an-independent", "type": "clause", "offset": [62, 76]}, {"key": "external-party", "type": "definition", "offset": [77, 91]}, {"key": "information-security", "type": "definition", "offset": [123, 143]}, {"key": "related-to", "type": "definition", "offset": [171, 181]}, {"key": "the-provision-of-services", "type": "clause", "offset": [182, 207]}, {"key": "high-risk", "type": "clause", "offset": [257, 266]}, {"key": "resulting-from", "type": "definition", "offset": [276, 290]}], "snippet": "Testing - DST shall, on approximately an annual basis, engage an independent external party to conduct a review (including information security) of DST\u2019s systems that are related to the provision of services. DST shall have a process to review and evaluate high risk findings resulting from this testing.", "size": 22, "hash": "f6549ef300f2119887f65c5cf7f9b616", "id": 6}, {"samples": [{"hash": "kt4G4LukSw", "uri": "/contracts/kt4G4LukSw#security-controls", "label": "License Agreement", "score": 35.1357650757, "published": true}, {"hash": "ERGTNIALUJ", "uri": "/contracts/ERGTNIALUJ#security-controls", "label": "Statement of Work (Sow)", "score": 33.8908462524, "published": true}, {"hash": "7RYMDyWUPS7", "uri": "/contracts/7RYMDyWUPS7#security-controls", "label": "Statement of Work (Sow)", "score": 33.6658401489, "published": true}], "snippet_links": [{"key": "the-contract", "type": "definition", "offset": [3, 15]}, {"key": "store-data", "type": "definition", "offset": [65, 75]}, {"key": "in-accordance-with", "type": "clause", "offset": [94, 112]}, {"key": "texas-government-code", "type": "clause", "offset": [137, 158]}, {"key": "the-security", "type": "clause", "offset": [204, 216]}, {"key": "under-this-contract", "type": "clause", "offset": [235, 254]}, {"key": "maintain-records", "type": "clause", "offset": [264, 280]}, {"key": "available-to", "type": "definition", "offset": [295, 307]}, {"key": "evidence-of", "type": "clause", "offset": [319, 330]}, {"key": "compliance-with-the", "type": "clause", "offset": [342, 361]}], "snippet": "If the Contract authorizes Provider to access, transmit, use, or store data for the GLO, then in accordance with Section 2054.138 of the Texas Government Code, Provider certifies that it will comply with the security controls required under this Contract and will maintain records and make them available to the GLO as evidence of Provider\u2019s compliance with the required controls.", "size": 12, "hash": "162a6a62e8fa717841b8f388bec81af6", "id": 9}, {"samples": [{"hash": "dJTWhrMqLE", "uri": "/contracts/dJTWhrMqLE#security-controls", "label": "Online Education Services Agreement", "score": 35.4423522949, "published": true}, {"hash": "c4drxykwOF6", "uri": "/contracts/c4drxykwOF6#security-controls", "label": "Student Data Privacy Agreement", "score": 35.167224884, "published": true}, {"hash": "jHnKphryX5W", "uri": "/contracts/jHnKphryX5W#security-controls", "label": "Student Data Privacy Agreement", "score": 34.3556175232, "published": true}], "snippet_links": [{"key": "trojan-horse", "type": "definition", "offset": [105, 117]}, {"key": "tracking-software", "type": "definition", "offset": [119, 136]}, {"key": "capable-of", "type": "definition", "offset": [143, 153]}, {"key": "approved-users", "type": "definition", "offset": [170, 184]}, {"key": "operation-of-the-software", "type": "clause", "offset": [328, 353]}, {"key": "other-hardware", "type": "clause", "offset": [361, 375]}], "snippet": "Provider represents and warrants that any software licensed hereunder shall not contain any virus, worm, Trojan Horse, tracking software or be capable of identifying non-approved users or tracking any approved user, or any undocumented software locks or drop dead devices that would render inaccessible or impair in any way the operation of the software or any other hardware, software or data for which the software is designed to work with.", "size": 20, "hash": "be5f50d9d1944a1d9dfd57fc9a7405a2", "id": 7}, {"samples": [{"hash": "3oWmd5WJQKE", "uri": "/contracts/3oWmd5WJQKE#security-controls", "label": "Custody Agreement (Strategic Trust)", "score": 36.1375770569, "published": true}, {"hash": "ccVkljRjpEA", "uri": "/contracts/ccVkljRjpEA#security-controls", "label": "Sub Administration Agreement (Adams Street Venture & Growth Fund)", "score": 35.2053375244, "published": true}, {"hash": "81qLOjvPgPB", "uri": "/contracts/81qLOjvPgPB#security-controls", "label": "Transfer Agency and Service Agreement (Adams Street Venture & Growth Fund)", "score": 35.2053375244, "published": true}], "snippet_links": [{"key": "reasonable-request", "type": "definition", "offset": [14, 32]}, {"key": "will-provide", "type": "clause", "offset": [81, 93]}, {"key": "chief-information-security-officer", "type": "clause", "offset": [103, 137]}, {"key": "a-copy-of", "type": "clause", "offset": [166, 175]}, {"key": "information-security-controls", "type": "clause", "offset": [190, 219]}, {"key": "information-gathering", "type": "clause", "offset": [253, 274]}, {"key": "soc-2", "type": "definition", "offset": [345, 350]}, {"key": "type-ii", "type": "definition", "offset": [352, 359]}, {"key": "opportunity-to-discuss", "type": "clause", "offset": [376, 398]}, {"key": "information-security-measures", "type": "clause", "offset": [414, 443]}, {"key": "qualified-member", "type": "definition", "offset": [451, 467]}, {"key": "management-team", "type": "clause", "offset": [509, 524]}, {"key": "in-no-event-will", "type": "clause", "offset": [526, 542]}, {"key": "could-reasonably-be-expected-to", "type": "definition", "offset": [627, 658]}, {"key": "the-security", "type": "clause", "offset": [670, 682]}, {"key": "integrity-of", "type": "clause", "offset": [686, 698]}, {"key": "state-street-system", "type": "definition", "offset": [703, 722]}, {"key": "other-client", "type": "definition", "offset": [765, 777]}, {"key": "information-security-policy", "type": "clause", "offset": [811, 838]}, {"key": "right-to-change", "type": "clause", "offset": [879, 894]}, {"key": "regulatory-requirements", "type": "clause", "offset": [917, 940]}], "snippet": "Upon Client\u2019s reasonable request, no more frequently than annually, State Street will provide Client\u2019s Chief Information Security Officer or his or her designee with a copy of its Corporate Information Security Controls manual, a completed Standardized Information Gathering (SIG) questionnaire, State Street\u2019s Global Information Security (GIS) SOC 2 (Type II) report, and an opportunity to discuss State Street\u2019s Information Security measures with a qualified member of State Street\u2019s Information Technology management team. In no event will any such discussions require State Street to reveal any details or information that could reasonably be expected to jeopardize the security or integrity of any State Street system or the confidentiality or security of any other client\u2019s data. State Street reviews its Information Security Policy approximately annually and reserves the right to change the frequency to meet regulatory requirements (which in no event will be less frequent than every eighteen (18) months).", "size": 13, "hash": "de20d516fd1469f677af517e0484723e", "id": 8}, {"samples": [{"hash": "lFC8F1myYRy", "uri": "/contracts/lFC8F1myYRy#security-controls", "label": "Services Agreement (Federated Hermes Core Trust III)", "score": 35.4024640657, "published": true}, {"hash": "aY5r1CCF1kA", "uri": "/contracts/aY5r1CCF1kA#security-controls", "label": "Services Agreement (Federated Hermes Income Securities Trust)", "score": 35.3997268677, "published": true}, {"hash": "jcmWfdF9KL8", "uri": "/contracts/jcmWfdF9KL8#security-controls", "label": "Services Agreement (Federated Hermes Sustainable High Yield Bond Fund, Inc.)", "score": 35.396987915, "published": true}], "snippet_links": [{"key": "reasonable-request", "type": "definition", "offset": [22, 40]}, {"key": "chief-information-security-officer", "type": "clause", "offset": [67, 101]}, {"key": "information-security-policy", "type": "clause", "offset": [157, 184]}, {"key": "opportunity-to-discuss", "type": "clause", "offset": [192, 214]}, {"key": "information-security-measures", "type": "clause", "offset": [221, 250]}, {"key": "high-level", "type": "definition", "offset": [258, 268]}, {"key": "penetration-testing", "type": "clause", "offset": [305, 324]}, {"key": "related-to", "type": "definition", "offset": [325, 335]}, {"key": "provision-of", "type": "clause", "offset": [340, 352]}, {"key": "scope-services", "type": "definition", "offset": [356, 370]}], "snippet": "Annually, upon Fund\u2019s reasonable request, DST shall provide Fund\u2019s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST\u2019s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.", "size": 168, "hash": "74400218243d75b10a2f9d06ff3c362c", "id": 1}, {"samples": [{"hash": "bvqRmCm07LK", "uri": "/contracts/bvqRmCm07LK#security-controls", "label": "Custodian Agreement (Nuveen Dynamic Municipal Opportunities Fund)", "score": 30.6495552063, "published": true}, {"hash": "5vbNU2urTjl", "uri": "/contracts/5vbNU2urTjl#security-controls", "label": "Custodian Agreement (Nuveen S&P 500 Dynamic Overwrite Fund)", "score": 30.5564689636, "published": true}, {"hash": "bLgKMbYs1Iu", "uri": "/contracts/bLgKMbYs1Iu#security-controls", "label": "Custodian Agreement (Nuveen Preferred & Income Opportunities Fund)", "score": 30.2114982605, "published": true}], "snippet_links": [{"key": "prior-to", "type": "clause", "offset": [0, 8]}, {"key": "state-street", "type": "clause", "offset": [9, 21]}, {"key": "access-to-client-data", "type": "clause", "offset": [29, 50]}, {"key": "reasonable-request", "type": "definition", "offset": [84, 102]}, {"key": "chief-information-security-officer", "type": "clause", "offset": [140, 174]}, {"key": "a-copy-of", "type": "clause", "offset": [203, 212]}, {"key": "information-security-controls", "type": "clause", "offset": [227, 256]}, {"key": "the-basis", "type": "clause", "offset": [267, 276]}, {"key": "security-policy", "type": "definition", "offset": [296, 311]}, {"key": "opportunity-to-discuss", "type": "clause", "offset": [319, 341]}, {"key": "information-security-measures", "type": "clause", "offset": [357, 386]}, {"key": "qualified-member", "type": "definition", "offset": [394, 410]}, {"key": "management-team", "type": "clause", "offset": [452, 467]}], "snippet": "Prior to State Street having access to Client Data, then annually and upon Client\u2019s reasonable request, State Street shall provide Client\u2019s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for State Street\u2019s Security Policy and an opportunity to discuss State Street\u2019s information security measures with a qualified member of State Street\u2019s information technology management team.", "size": 23, "hash": "0b9f6daa28a4c8307505adc8840c022d", "id": 5}, {"samples": [{"hash": "lf7eXA8kL2B", "uri": "/contracts/lf7eXA8kL2B#security-controls", "label": "Medical Management Services Agreement", "score": 30.5972099304, "published": true}, {"hash": "3kbdeacfvn8", "uri": "/contracts/3kbdeacfvn8#security-controls", "label": "Medical Management Services Agreement", "score": 30.5972099304, "published": true}, {"hash": "bBMVmGbqPQP", "uri": "/contracts/bBMVmGbqPQP#security-controls", "label": "Service Agreement", "score": 29.5241622925, "published": true}], "snippet_links": [{"key": "the-contractor-shall", "type": "clause", "offset": [0, 20]}, {"key": "computing-device", "type": "definition", "offset": [95, 111]}, {"key": "laptop-computer", "type": "clause", "offset": [119, 134]}, {"key": "sensitive-data", "type": "definition", "offset": [174, 188]}, {"key": "management-process", "type": "clause", "offset": [303, 321]}, {"key": "installation-of", "type": "clause", "offset": [332, 347]}, {"key": "operating-system", "type": "clause", "offset": [352, 368]}, {"key": "security-patches", "type": "definition", "offset": [385, 401]}], "snippet": "The Contractor shall implement the following security controls on each workstation or portable computing device (e.g., laptop computer) containing confidential, personal, or sensitive data:\n(A) Network-based firewall and/or personal firewall;\n(B) Continuously updated anti-virus software; and\n(C) Patch management process including installation of all operating system/software vendor security patches.", "size": 11, "hash": "f7332597476a3004c9fbaf8b5b102e27", "id": 10}, {"samples": [{"hash": "8zcVqFOZC9c", "uri": "/contracts/8zcVqFOZC9c#security-controls", "label": "Transfer Agency and Service Agreement (Federated Hermes Core Trust III)", "score": 33.396987915, "published": true}, {"hash": "7JIufCyR0V2", "uri": "/contracts/7JIufCyR0V2#security-controls", "label": "Transfer Agency and Service Agreement (Federated Hermes High Income Bond Fund, Inc.)", "score": 33.3915138245, "published": true}, {"hash": "5NqJzUSldJr", "uri": "/contracts/5NqJzUSldJr#security-controls", "label": "Transfer Agency and Service Agreement (Federated Hermes Municipal Bond Fund, Inc.)", "score": 33.3915138245, "published": true}], "snippet_links": [{"key": "reasonable-request", "type": "definition", "offset": [22, 40]}, {"key": "transfer-agent-shall", "type": "clause", "offset": [42, 62]}, {"key": "chief-information-security-officer", "type": "clause", "offset": [78, 112]}, {"key": "a-copy-of", "type": "clause", "offset": [141, 150]}, {"key": "information-security-controls", "type": "clause", "offset": [165, 194]}, {"key": "basis-for-transfer", "type": "clause", "offset": [209, 227]}, {"key": "security-policy", "type": "definition", "offset": [236, 251]}, {"key": "opportunity-to-discuss", "type": "clause", "offset": [259, 281]}, {"key": "information-security-measures", "type": "clause", "offset": [299, 328]}, {"key": "high-level", "type": "definition", "offset": [336, 346]}, {"key": "vulnerability-testing", "type": "clause", "offset": [362, 383]}, {"key": "by-transfer-agent", "type": "clause", "offset": [394, 411]}, {"key": "qualified-member", "type": "definition", "offset": [457, 473]}, {"key": "management-team", "type": "clause", "offset": [517, 532]}], "snippet": "Annually, upon Fund\u2019s reasonable request, Transfer Agent shall provide Fund\u2019s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent\u2019s Security Policy and an opportunity to discuss Transfer Agent\u2019s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent\u2019s information technology management team. Transfer Agent shall review its Security Policy annually.", "size": 95, "hash": "56d77b3d9598670c81dfdc60a2c783b8", "id": 2}, {"samples": [{"hash": "lTXKcFRKHIS", "uri": "/contracts/lTXKcFRKHIS#security-controls", "label": "Stripe Services Agreement", "score": 33.8875274658, "published": true}, {"hash": "k8qenVC4SEM", "uri": "/contracts/k8qenVC4SEM#security-controls", "label": "Stripe Services Agreement", "score": 33.8875274658, "published": true}, {"hash": "jp63wQMopIr", "uri": "/contracts/jp63wQMopIr#security-controls", "label": "Stripe Services Agreement", "score": 33.8875274658, "published": true}], "snippet_links": [{"key": "safeguards-and-security", "type": "clause", "offset": [32, 55]}, {"key": "business-and-industry", "type": "definition", "offset": [127, 148]}, {"key": "verification-data", "type": "definition", "offset": [160, 177]}, {"key": "stripe-data", "type": "definition", "offset": [182, 193]}, {"key": "unauthorised-access", "type": "definition", "offset": [202, 221]}, {"key": "use-and-disclosure", "type": "clause", "offset": [223, 241]}, {"key": "in-addition-to", "type": "clause", "offset": [265, 279]}, {"key": "available-to", "type": "definition", "offset": [299, 311]}, {"key": "access-to-the", "type": "clause", "offset": [356, 369]}, {"key": "services-and", "type": "clause", "offset": [386, 398]}], "snippet": "You must implement and maintain safeguards and security controls that are reasonable for the size, nature and maturity of your business and industry to protect Verification Data and Stripe Data against unauthorised access, use and disclosure. If you fail to do so, in addition to all other remedies available to Stripe, Stripe may suspend or restrict your access to the Stripe Identity Services and Verification Data.", "size": 43, "hash": "5a5571b984646c6564539627b99758e2", "id": 3}], "next_curs": "CloSVGoVc35sYXdpbnNpZGVyY29udHJhY3RzcjYLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhpzZWN1cml0eS1jb250cm9scyMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"children": [["encryption", "Encryption"], ["firewalls", "Firewalls"], ["access-controls", "Access Controls"], ["updates", "Updates"], ["remote-access", "Remote Access"]], "title": "Security Controls", "parents": [["miscellaneous", "Miscellaneous"], ["cooperation-with-respect-to-examinations-and-audits", "Cooperation with Respect to Examinations and Audits"], ["services", "Services"], ["disposition-of-books-records-and-canceled-certificates", "Disposition of Books, Records and Canceled Certificates"], ["information-security-schedule", "INFORMATION SECURITY SCHEDULE"]], "size": 719, "id": "security-controls", "related": [["technical-security-controls", "Technical Security Controls", "Technical <strong>Security Controls</strong>"], ["security-controls-for-state-agency-data", "Security Controls for State Agency Data", "<strong>Security Controls</strong> for State Agency Data"], ["indenture-controls", "Indenture Controls", "Indenture Controls"], ["data-integrity-control", "Data Integrity Control", "Data Integrity Control"], ["financial-controls", "Financial Controls", "Financial Controls"]], "related_snippets": [], "updated": "2026-05-30T06:04:11+00:00"}, "json": true, "cursor": ""}}