Laserfiche WebLink
APPENDIX E <br /> INFORMATION SECURITY REQUIREMENTS <br /> 1. Acknowledgment of Information Security Requirements. FORTE acknowledges and agrees to have a <br /> "Security Program" that is compliant with all legal and industry mandated information security <br /> requirements applicable to its duties and obligations specified under this Agreement. <br /> 2. Compliance with Laws and Industry Standards. FORTE agrees to abide by all Laws,Rules and industry- <br /> mandated information security standards applicable to its duties and obligations related to information <br /> security for Services provided by FORTE to AGENCY under this Agreement. <br /> 3. Definitions. <br /> a. Consumer Information. "Consumer Information"means collectively PII and Source Data,as defined <br /> below. <br /> b. Source Data."Source Data"means data provided by AGENCY relating to AGENCY's account activity <br /> or other information collected from the AGENCY in order to process a transaction on a AGENCY's <br /> behalf or otherwise necessary for a AGENCY's use of Forte's products and services, whether in <br /> individual or aggregate form. Source Data may include PH but is not limited to PH. Source Data is and <br /> shall remain the property of a AGENCY and/or its Consumer customer. To the extent that AGENCY <br /> or FORTE has access to or collects such Source Data, each agrees that it does so solely on behalf of <br /> AGENCY and AGENCY's Consumer customers/Constituents pursuant to the obligations hereunder <br /> and shall maintain the confidentiality of such Source Data and shall treat it in accordance with <br /> applicable Law. <br /> 4. Security Obligations. <br /> a. FORTE hereby acknowledges that AGENCY has a responsibility under the law to keep PII (as <br /> defined in Appendix A)private and confidential,and as a result of any PII received by FORTE in the <br /> performance of this Agreement, FORTE shall have the same responsibility. FORTE also <br /> acknowledges that with respect to such PII,FORTE shall gain possession of any ownership or other <br /> proprietary rights to the PH to which it will have access pursuant to this Agreement(if any).FORTE <br /> acknowledges and understands that PII may be subject to applicable local,state and federal Rules and <br /> Laws and applicable information industry standards; provided however,to the extent that AGENCY <br /> informs FORTE of a local law expanding the definition of PH in Appendix A, FORTE shall only be <br /> required to use commercially reasonable efforts to comply with such expanded local requirements. <br /> b. Consumer Information that is collected or obtained from AGENCY pursuant to this Agreement shall <br /> be stored and maintained by FORTE in a secure environment and transmitted by FORTE in a secure <br /> form that meets industry-mandated data security standards. Although FORTE will protect and <br /> safeguard PH in a manner that meets industry-mandated data security standards,the Parties agree that <br /> there may be some instances in which PH or certain PH data elements are protected in a more secure <br /> manner than other data(e.g., encryption). <br /> 5. Rights to Use and Access. AGENCY hereby grants to FORTE a non-exclusive right to use all of <br /> AGENCY's Source Data including PH provided by AGENCY's Constituents, necessary to perform the <br /> Services under this Agreement. FORTE shall limit the use and access to AGENCY's Source Data to uses <br /> pursuant to the terms of the Agreement and to FORTE's bona fide employees or independent consultants, <br /> contractors or auditors and required governmental agencies,who have a need to know such information <br /> 22.11.30 <br /> Page 19 <br /> CSG165915.0 03-19 26 <br />