Laserfiche WebLink
EXHIBIT A - SECURITY AND NOTIFICATION REQUMNIENTS <br />1. Data Protection. <br />Agency shall take appropriate measures to protect against the misuse and unauthorized access through or to Agency's (i) credentials <br />("Account TDs") used to access the Services; or (ii) corresponding passwords, whether by Agency of any third party; or (iii) the Services <br />and/or information derived therefrom. Agency shall manage identification, use, and access control to all Account IDs in an appropriately <br />secure manner and shall promptly deactivate any Account IDs when no longer needed or where access presents a securityrisk. Agency <br />shall implement its own appropriate program for Account ID management and shall use commercially reasonable efforts to follow the <br />policies and procedures for account maintenance as may be communicated to Agency by Provider from time to time in writing. <br />2. Agency's Information Security Program. <br />Agency shall implement and document appropriate, policies and procedures covering the administrative, physical and technical <br />safeguards in place and relevant to the access, use, storage, destruction, and controt of information which are measured against objective <br />standards and controls ("Agency's Information Security Program"). Agency's Information Security Program shall: (t) account for <br />known and reasonably anticipated throats and Agency shall monitor for new threats on an oagoing basis; and (2) meet or exceed industry <br />best practices. Agency will promptly remediate any deficiencies identified in Agency's Information Security Program. Agency shall <br />not allow the transfer of any personally identifiable information received from Provider across any national borders outside the United <br />States without the prior written consent of Provider. <br />3. Agency Security Event. <br />In the event Agency learns or has reason to believe that Account IDs, the Services, or any information related thereto have been misused, <br />disclosed, or accessed in an unauthorized manner or by an unauthorized person (an "Agency Security Event") Agency shalt: <br />(1) provide immediate written notice to: <br />a) the Information Security and Compliance Organization at 1000 Alderman Drive, Alpharetta, Georgia 30005; <br />or <br />b) via email to (security.investigations®lexisnexis.com); or <br />e) by phone at (1-888-872-5375) with a written notification to follow within twenty four (24) hours; and <br />(Il) promptly investigate the situation; and <br />(111) obtain written consent from Provider, not to be unreasonably withheld, prior to disclosing Provider or the Services to any <br />third party in connection with the Agency Security Event; and <br />(Iv) if required by law, or in Provider' discretion, Agency shall: <br />a) notify the individuals wbose information was disclosed that an Agency Security Event has occurred; and <br />b) be responsible for all legal and regulatory obligations including any associated costs which may arise in <br />connection with the Agency Security Event; and <br />(v) remain solely liable for all costa and claims that may arise from the Agency Security Event, including, but not limited to: <br />litigation (including anomey'a fees); reimbursement sought by individuals (including costs for credit monitoring and other <br />losses alleged to be in connection with such Agency Security Event); and <br />(vi) provide all proposed third party notification materials to Provider for review and approval prior to distribution. <br />In the event of an Agency Security Event, Provider may, in its sole discretion, take immediate action, including suspension ortermination <br />of Agency's account, without further obligation or liability of any kind. <br />