INFORMATION SECURITY SCHEDULE All capitalized terms not defined in this Information Security Schedule (this “Security Schedule”) shall have the meanings ascribed to them in the Transfer Agency and Service Agreement by and between DST and each of the funds listed on Exhibit A thereto (each such fund, or series thereof, severally, and not jointly, the “Fund”) dated March 1, 2022 (the “Agreement”). DST and Fund hereby agree that DST shall maintain and comply with an information security policy (“Security Policy”) that satisfies the requirements set forth below; provided, that, because information security is a highly dynamic space (where laws, regulations and threats are constantly changing), DST reserves the right to make changes to its information security controls at any time and at the sole discretion of DST in a manner that it believes does not materially reduce the protection it applies to Fund Data. From time to time, DST may subcontract services performed under the Agreement (to the extent provided for under the Agreement) or provide access to Fund Data or its network to a subcontractor or other third party; provided, that, such subcontractor or third party implements and maintains security measures DST believes are at least as stringent as those described in this Security Schedule. For the purposes of this Schedule “prevailing industry practices and standards” refers to standards among financial institutions, including mutual funds, and third parties providing financial services to financial institutions.
Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).
Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.