Vermont Certification. End User certifies that is will comply with applicable provisions under Vermont law. In particular End User certifies it will order information services relating to Vermont residents that are credit reports as defined by the Vermont Fair Credit Reporting Act (“ VFCRA”), only after End User has received prior consumer consent in accordance with VFCRA Section 2480e and applicable Vermont Rules. End User further certifies that the attached copy of Section 2480e (Exhibit 1-B) of Vermont Fair Credit Reporting Statute was received. _____This provision applies to any means through which End User will order or access Screening Solutions, LLC data, including, without limitation, system-to-system, personal computer or the Internet; provided, however, if End User orders or accesses information via the Internet, End User shall fully comply with connectivity security requirement specified in paragraph 10.3, below. _____End User will, with respect to handling Screening Solutions, LLC information: ensure that only Authorized Users can order or have access to the Screening Solutions, LLC data ensure that Authorized Users do not order credit reports for personal reasons or provide them to any third party except as permitted by these Terms and Conditions., ensure that all devices used by End User to order or access Screening Solutions, LLC Information are placed in a secure location and accessible only by Authorized Users, and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other commercially reasonable security procedures, take all necessary measures to prevent unauthorized ordering of or accessing Screening Solutions, LLC Information by any person other than an Authorized User with permissible purposes, including, without limitation, limiting the knowledge of the End Users security codes, member numbers, User IDs, and passwords End User may use, to those individuals with a need to know, changing End User’ s passwords at least every ninety (90) days, or sooner if an Authorized User is no longer responsible for accessing the Screening Solutions, LLC information, or if End User suspects an unauthorized person has learned the password, and using all security features in the software and hardware End User uses to order or access information from Screening Solutions, LLC in no event access the Screening Solutions, LLC Information via any wireless communication device, including but not limited to, web enabled cell phones, interactive wireless pagers, personal digital assistants (PDAs), mobile data terminals and portable data terminals, not use personal computer hard drives or portable and/or removable data storage equipment or media (including but not limited to laptops, zip drives, tapes, disks, CDs, DVDs, software, and code) to store the Information provided by Screening Solutions, LLC. In addition, Screening Solutions, LLC information must be encrypted when not in use and all printed Screening Solutions, LLC Information must be stored in a secure, locked container when not in use, and must be completely destroyed when no longer needed by cross-cut shredding machines (or other equally effective destruction method) such that the results are not readable or useable for any purpose. if End User sends, transfers, or ships Screening Solutions, LLC Information, encrypt the data using the following minimum standards, which standards may be modified from time to time by Equifax, Transunion, Experian, or Screening Solutions, LLC: Advanced Encryption Standard (AES), minimum 128-bit key or Triple Data Encryption Standard (3DES), minimum 168-bit key, encrypted algorithms, Monitor compliance with the obligations of this paragraph 9, and immediately notify Screening Solutions, LLC, who will in turn alert Equifax, Transunion, and Experian, if End User suspects or knows of any unauthorized access or attempt to access Screening Solutions, LLC Information. Such monitoring will include, without limitation, a review of each Screening Solutions, LLC invoice for the purpose of detecting unauthorized activity. Not ship hardware or software between End User’ s locations or to third parties without deleting all Screening Solutions, LLC number(s), security codes, User IDs, passwords, End User passwords, and any consumer information Access, use and store the information only at or from locations within the territorial boundaries of the United States, United States Territories and Canada (the “ Permitted Territory” ). End User may not access, use or store the information at or from, or send the information to, any location outside of the Permitted Territory without first obtaining written permission. Inform Authorized Users that unauthorized access to consumer reports may subject them to civil and criminal liability under the FCRA punishable by fines and imprisonment, and Use commercially reasonable efforts to assure data security when disposing of any consumer report information or record obtained from Screening Solutions, LLC. Such efforts must include the use of those procedures issued by the federal regulatory agency charged with oversight of End User’ s activities (e.g. the Federal Trade Commission, the applicable banking or credit union regulator) applicable to the disposal of consumer report information or records. _____End User will, with respect to End User’ s network security: use commercially reasonable efforts to protect Screening Solutions, LLC information when stored on servers, subject to the following requirements: (i) Screening Solutions, LLC Information must be protected by multiple layers of network security, including but not limited to, firewalls, routers, and intrusion detection devices; (ii) secure access (both physical and network) to systems storing Screening Solutions, LLC Information, must include authentication and passwords that are changed at least every 90 days; and (iii) all servers must be kept current and patched on a timely basis with appropriate security-specific system patches, as they are available, use commercially reasonable efforts to protect End User’ s connection with dedicated, industry-recognized firewalls that are configured and managed to adhere to industry accepted best practices, only hold Screening Solutions, LLC Information on an application server which can only be accessed by a presentation server, through one of the following: (i) Dual or multiple firewall method (preferred)-this method consists of a firewall between the Internet and the presentation server(s) and another firewall between the presentation server(s) and the application server holding Screening Solutions, LLC Information. The network firewall should ensure that only the presentation server(s) is/are allowed to access the application server holding Screening Solutions, LLC Information,
Appears in 1 contract
Vermont Certification. End User certifies that is will comply with applicable provisions under Vermont law. In particular End User certifies it will order information services relating to Vermont residents that are credit reports as defined by the Vermont Fair Credit Reporting Act (“ “VFCRA”), only after End User has received prior consumer consent in accordance with VFCRA Section 2480e and applicable Vermont Rules. End User further certifies that the attached copy of Section 2480e (Exhibit 1-B) of Vermont Fair Credit Reporting Statute was received. _____This provision applies to any means through which End User will order or access Screening Solutions, LLC data, including, without limitation, system-to-system, personal computer or the Internet; provided, however, if End User orders or accesses information via the Internet, End User shall fully comply with connectivity security requirement specified in paragraph 10.3, below. _____End User will, with respect to handling Screening Solutions, LLC information: ensure that only Authorized Users can order or have access to the Screening Solutions, LLC data ensure that Authorized Users do not order credit reports for personal reasons or provide them to any third party except as permitted by these Terms and Conditions., ensure that all devices used by End User to order or access Screening Solutions, LLC Information are placed in a secure location and accessible only by Authorized Users, and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other commercially reasonable security procedures, take all necessary measures to prevent unauthorized ordering of or accessing Screening Solutions, LLC Information by any person other than an Authorized User with permissible purposes, including, without limitation, limiting the knowledge of the End Users security codes, member numbers, User IDs, and passwords End User may use, to those individuals with a need to know, changing End User’ s ’s passwords at least every ninety (90) days, or sooner if an Authorized User is no longer responsible for accessing the Screening Solutions, LLC information, or if End User suspects an unauthorized person has learned the password, and using all security features in the software and hardware End User uses to order or access information from Screening Solutions, LLC in no event access the Screening Solutions, LLC Information via any wireless communication device, including but not limited to, web enabled cell phones, interactive wireless pagers, personal digital assistants (PDAs), mobile data terminals and portable data terminals, not use personal computer hard drives or portable and/or removable data storage equipment or media (including but not limited to laptops, zip drives, tapes, disks, CDs, DVDs, software, and code) to store the Information provided by Screening Solutions, LLC. In addition, Screening Solutions, LLC information must be encrypted when not in use and all printed Screening Solutions, LLC Information must be stored in a secure, locked container when not in use, and must be completely destroyed when no longer needed by cross-cut shredding machines (or other equally effective destruction method) such that the results are not readable or useable for any purpose. if End User sends, transfers, or ships Screening Solutions, LLC Information, encrypt the data using the following minimum standards, which standards may be modified from time to time by Equifax, Transunion, Experian, or Screening Solutions, LLC: Advanced Encryption Standard (AES), minimum 128-bit key or Triple Data Encryption Standard (3DES), minimum 168-bit key, encrypted algorithms, Monitor compliance with the obligations of this paragraph 9, and immediately notify Screening Solutions, LLC, who will in turn alert Equifax, Transunion, and Experian, if End User suspects or knows of any unauthorized access or attempt to access Screening Solutions, LLC Information. Such monitoring will include, without limitation, a review of each Screening Solutions, LLC invoice for the purpose of detecting unauthorized activity. Not ship hardware or software between End User’ s ’s locations or to third parties without deleting all Screening Solutions, LLC number(s), security codes, User IDs, passwords, End User passwords, and any consumer information Access, use and store the information only at or from locations within the territorial boundaries of the United States, United States Territories and Canada (the “ “Permitted Territory” ”). End User may not access, use or store the information at or from, or send the information to, any location outside of the Permitted Territory without first obtaining written permission. Inform Authorized Users that unauthorized access to consumer reports may subject them to civil and criminal liability under the FCRA punishable by fines and imprisonment, and Use commercially reasonable efforts to assure data security when disposing of any consumer report information or record obtained from Screening Solutions, LLC. Such efforts must include the use of those procedures issued by the federal regulatory agency charged with oversight of End User’ s ’s activities (e.g. the Federal Trade Commission, the applicable banking or credit union regulator) applicable to the disposal of consumer report information or records. _____End User will, with respect to End User’ s network security: use commercially reasonable efforts to protect Screening Solutions, LLC information when stored on servers, subject to the following requirements: (i) Screening Solutions, LLC Information must be protected by multiple layers of network security, including but not limited to, firewalls, routers, and intrusion detection devices; (ii) secure access (both physical and network) to systems storing Screening Solutions, LLC Information, must include authentication and passwords that are changed at least every 90 days; and (iii) all servers must be kept current and patched on a timely basis with appropriate security-specific system patches, as they are available, use commercially reasonable efforts to protect End User’ s ’s connection with dedicated, industry-recognized firewalls that are configured and managed to adhere to industry accepted best practices, only hold Screening Solutions, LLC Information on an application server which can only be accessed by a presentation server, through one of the following: (i) Dual or multiple firewall method (preferred)-this method consists of a firewall between the Internet and the presentation server(s) and another firewall between the presentation server(s) and the application server holding Screening Solutions, LLC Information. The network firewall should ensure that only the presentation server(s) is/are allowed to access the application server holding Screening Solutions, LLC Information,
Appears in 1 contract