Common use of SPECIFIC PRECAUTIONS Clause in Contracts

SPECIFIC PRECAUTIONS. Provider represents and warrants that it has and will maintain in place commercially reasonable precautions to safeguard the confidentiality, security and integrity of FIS Confidential Information in a manner designed to meet the requirements of this PART 3. These precautions will include but will not be limited to (i) contractual restrictions on access to the information by Contractors and Provider’s other vendors, (ii) intrusion detection systems on all information systems of FIS maintained or controlled by Provider, and (iii) notification procedures for notifying FIS promptly in the event a security breach is detected or suspected, as well as other response programs when there is a suspected or detected Breach involving Personal Data, NPI, PHI or payment card data. These precautions will also include, as appropriate, (A) access controls to FIS information systems, including controls to identify and permit access only to authorized individuals and controls to prevent access to FIS Confidential Information through improper means, (B) Provider Personnel controls and training, (C) physical access restrictions at locations where FIS Confidential Information is located, (D) encryption of electronic FIS Confidential Information when appropriate or legally required, and (E) a disaster recovery plan as appropriate to protect against loss or damage to FIS Confidential Information due to potential hazards such as fire or water damage or technological failures. Provider will (1) monitor the foregoing measures with periodic audits or testing and (2) provide copies of the same sufficient to assure FIS or its regulatory authorities that Provider is implementing these precautions, and (3) notify FIS immediately in the event there is any suspected or actual unauthorized access, use, disclosure or alteration to FIS Confidential Information. Provider will indemnify FIS from, defend FIS against, and pay any final judgments awarded against FIS, resulting from any claim brought by a third party, including but not limited to a customer of FIS, against FIS based on any breach of such privacy Laws, rules or regulations by Provider, including Provider Personnel. In addition to the foregoing, if Provider processes or otherwise has access to any Personal Data or personal information on FIS’s behalf, including FIS’s staff Personal Data, in relation to the Purchase Order or when performing Provider’s obligations under the Purchase Order, Provider shall only process such data or information on FIS’s behalf and not for any other purposes, and Provider shall process such data and information only in accordance with instructions given by FIS from time to time in accordance with the Purchase Order; likewise, Provider shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the Personal Data and personal information or its accidental loss, destruction or damage, in accordance with the Purchase Order. For clarity, the mentioned Personal Data shall be treated as FIS Confidential Information hereunder.