My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
EMPOWER ANNUITY INSURANCE COMPANY
Clerk
>
Contracts / Agreements
>
E
>
EMPOWER ANNUITY INSURANCE COMPANY
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
8/19/2024 4:00:40 PM
Creation date
10/9/2023 9:49:41 AM
Metadata
Fields
Template:
Contracts
Company Name
EMPOWER ANNUITY INSURANCE COMPANY
Contract #
A-2023-164
Agency
Finance & Management Services
Council Approval Date
9/19/2023
Expiration Date
9/30/2023
Insurance Exp Date
12/1/2024
Destruction Year
2028
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
99
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
13.1 Systems Development Security. Empower addresses security as part of information <br />systems development and operations and follows secure coding methodologies based on application <br />development security best practices. <br />13.2 Software Security Management. Empower's information systems (including operating, <br />systems, infrastructure, business applications, off -the -shelf products, services and user -developed <br />applications) adheres to the information security standards set forth in Empower's Information Security <br />Policies. <br />13.3 Vulnerability Assessments/Ethical Hacking. Empower performs vulnerability <br />assessments and penetration testing against Internet -facing points of presence. Empower corrects <br />vulnerabilities or security issues discovered through such assessments in a manner and time frame <br />consistent with established standards set forth in Empower's Information Security Policies. <br />13.4 Cryptography. Empower uses cryptography techniques that assist Empower with <br />preventing the unauthorized capture, modification of or access to data or information. Empower uses <br />standard encryption algorithms that follow up-to-date encryption standards and industry practices. Such <br />cryptography techniques may include but are not limited to: encryption of sensitive data sent across external <br />communication lines; requirement of minimum 128-bit encryption TLS encryption for web browsers; and <br />encryption of Personal Data while stored on laptops, mobile devices, and in recordkeeping databases. <br />14, Information Security Breach Management. <br />14.1 Incident Management Program. Empower maintains investigative measures and <br />techniques for incident handling, including but not, limited to: a formalized, enterprise -wide Computer <br />Security Incident Response Team ("CSIRT"), and CSIRT processes which are tested at least annually. <br />14.2 Information Security Breach Response. Empower will notify Plan Sponsor after <br />becoming aware of any Information Security Breach in accordance with all applicable Data Protection Laws. <br />For the avoidance of doubt, Empower will (1) keep the Plan Sponsor informed of significant developments <br />in connection with the investigation of such incident; (ii) investigate and assist any regulator or other <br />governmental body with oversight over the Information Security Breach in investigating, remedying and <br />taking any other action regarding the Information Security Breach as appropriate or required by law; and <br />(III) provide Plan Sponsor with information about remedial measures that have been undertaken to prevent <br />such Information Security Breach from reoccurring. In the event that Individual or regulatory notifications <br />are required under applicable Data Protection Laws, the parties will cooperate with respect to notifications. <br />To the extent the Information Security Breach is caused by Empower's failure to abide by its obligations as <br />set forth in this Data Security Addendum, Empower shall bear the costs of such notifications and provision <br />of credit monitoring services to affected individuals to the extent required by law or otherwise appropriate <br />in Plan Sponsor's and Empower's reasonable judgment. <br />15. Plan Sponsor Assessment Rights. <br />15.1 Assessment via Security Assurance Package. Within the secure Plan Sponsor website <br />provided by Empower, Empower provides documentation that supports and informs the reader about <br />Empower's current security program and practices. These documents are referred to as the Security <br />Assurance Package ("SAP"), which currently consists of the following Items: Security Program Overview <br />document, SOC 1 report, SOC 2 report, available IT certification reports (e.g. Verizon CRP), and a <br />completed SIG questionnaire with related supporting materials. (The SIG is a standardized document <br />template created by the Shared Assessments Program, a consortium of leading financial institutions, the <br />Big 4 accounting firms, and companies from a wide array of industries.) <br />15.2 Regulatory Assessment. If Plan Sponsor's governmental regulators require that Plan <br />Sponsor perform an on -site audit of Empower's network security, as supported by evidence provided by <br />City i Y ,ounce 19 — 20 9/19/2023 <br />
The URL can be used to link to this page
Your browser does not support the video tag.