Laserfiche WebLink
EXHIBIT A • SECURITY AND NOTIFICATION REQUIREMENTS <br />1. Data Protection. <br />Agency shall take appropriate measures to protect against the misuse and unauthorized access through or to Agency's (1) credentials <br />("Account IDs") used to access the Services; or (ii) corresponding passwords, whether by Agency or any third party; or (iii) the Services <br />and/or Information derived therefrom. Agency shall manage identification, use, and access control to all Account IDs in an <br />appropriately secure manner and shall promptly deactivate any Account IDs when no longer needed or where access presents a <br />security risk. Agency shall implement its own appropriate program for Account ID management and shall use commercially reasonable <br />efforts to follow the policies and procedures for account maintenance as may be communicated to Agency by Provider from time to <br />time in writing. <br />2. Agency's Information Security Program. <br />Agency shall Implement and document appropriate policies and procedures covering the administrative, physical and technical <br />safeguards In place and relevant to the access, use, storage, destruction, and control of information which are measured against <br />objective standards and controls ("Agency's Information Security Program"), Agency's Information Security Program shall: (1) account <br />for known and reasonably anticipated threats and Agency shall monitor for new threats on an ongoing basis; and (2) meet or exceed <br />industry best practices. Agency will promptly remediate any deficiencies Identified in Agency's information Security Program. Agency <br />shall not allow the transfer of any personally Identifiable information received from Provider across any national borders outside the <br />United States without the prior written consent of Provider. <br />3. Agency Security Event. <br />In the event Agency learns or has reason to believe that Account IDs, the Services, or any information related thereto have been <br />misused, disclosed, or accessed in an unauthorized manner or by an unauthorized person (an "Agency Security Event") Agency shall: <br />(I) provide Immediate written notice to: <br />a) the Information Security and Compliance Organization at 1000 Alderman Drive, Alpharetta, Georgia 30005; <br />or <br />b) via email to (security.investigations@lexisnexis.com); or <br />c) by phone at (1.888.872.5375) with a written notification to follow within twenty four (24) hours; and <br />(ii) promptly Investigate the situation; and <br />(iii) obtain written consent from Provider, not to be unreasonably withheld, prior to disclosing Provider or the Services to <br />any third party In connection with the Agency Security Event; and <br />{Iv) if required by law, or in Provider' discretion, Agency shall: <br />a) notify the Individuals whose information was disclosed that an Agency Security Event has occurred; and <br />b) be responsible for all legal and regulatory obligations including any associated costs which may arise in <br />connection with the Agency Security Event; and <br />qv) remain solely liable for all costs and claims that may arise from the Agency Security Event, Including, but not limited to: <br />litigation (including attorney's fees); reimbursement sought by Individuals (Including costs for credit monitoring and <br />other losses alleged to be In connection with such Agency Security Event); and <br />(vi) provide all proposed third party notification materials to Provider for review and approval prior to distribution. <br />In the event of an Agency Security Event, Provider may, in Its sole discretion, take immediate action, including suspension or <br />termination of Agency's account, without further obligation or liability of any kind. <br />Confidential and Proprietary Information of LexlsNexis <br />