The following Finance-Specific Terms and Conditions shall apply to this proposal and shall supersede any corresponding or conflicting term or condition in the Terms and Conditions of Service.
- Information Security Compliance: (a) All Covered will take commercially reasonable steps to meet the security provisions of the Gramm Leach Bliley Act of 1999 (“GLBA”) in providing its services to Client and shall not process, handle, or disclose Client information in a manner that is a violation of GLBA or any other applicable law. All Covered shall use Client information only for the lawful purposes contemplated by this Agreement. All Covered specifically agrees not to use or disclose any “non-public Client information” in any manner prohibited by Title V of the GLBA or the regulations issued under GLBA, as applicable to All Covered. All Covered may disclose information to its employees, employees of permitted third parties and affiliates who have a need to know, its attorneys and accountants as necessary in the ordinary course of its business, and any other party with Client’s written consent. Before any such disclosure is made, All Covered will have a written agreement with such third parties to treat information as confidential in accordance with the requirements of this Agreement. At All Covered’s option, information will be returned to Client or destroyed over an approximate thirty (30) to ninety (90) day period at the termination or expiration of this Agreement. (b) All Covered will take commercially reasonable steps to meet industry best practices for information security. All Covered has implemented and shall maintain an Information Security Program that is designed to meet the following objectives: (i) protect the security and confidentiality of client information and personal identifiable information; (ii) protect against any anticipated threats or hazards to the security or integrity of such information; (iii) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to a client; and (iv) ensure the proper disposal of client information. (c) All Covered shall take appropriate action to address and mitigate the effects of incidents of unauthorized access of any nonpublic or identity (Red Flag) information immediately upon discovery of same, including notifying Client within twenty-four (24) hours of any unauthorized access or disclosure of nonpublic information in connection with contracted services. Such notice will include the nature and extent of the breach and the specific individuals and/or entities impacted by the breach, as soon as such information becomes available.
- Vendor Management: (a) To meet the mandates associated with third party vendors, Client may request annually from All Covered the following information: annual financial statements; insurance coverage/certificate; SSAE16 report inclusive of user entity controls; external penetration testing results; data encryption procedures, business resumption plans and disaster recovery testing results. All Covered shall provide all such information within thirty (30) days of receiving a written request for it. Additional vendor due diligence requirements not addressed in this Agreement and required by federal regulation will be provided within ninety (90) days of a written request for it. Failure to provide such information will be grounds for termination of the Agreement. (b) As specifically permitted by law or regulation, Client may audit All Covered’s performance under this Agreement during normal business.
- Outsourcing of All Covered’s Services to Third Parties: All Covered may utilize third-party service providers who may be located outside the United States; provided, that Client data shall at all times be secured within the United States.
- Insurance: Throughout the term of this Agreement, All Covered shall secure and maintain, at its sole cost and expense, policies of insurance with A-VII rated insurance carriers consisting of commercial general liability covering bodily injury and property damage, workers compensation providing coverage pursuant to statutory requirement, commercial automobile liability insurance, commercial crime insurance covering employee theft and computer fraud, and all-risk property insurance covering real and personal property at replacement cost value. All Covered shall provide annually to Client insurance certificate(s) evidencing such coverage.
- Sale of Company & Key Management Turnover: Client shall be notified in the event that All Covered is sold or key management personnel within All Covered resign or terminate employment.
- Disaster Occurrence: The Company shall notify the Client as soon as possible after a disaster occurs and shall comply with the existing Business Continuity Plan. The Company shall move the processing of the Client’s standard services to a recovery site as expeditiously as possible if, in the Company’s sole judgment, operations cannot be satisfactorily restored at the primary location.