Common use of Information Security Clause in Contracts

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate d. Technology Products E&O - $1,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 5,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate5,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,0005,000,000.00 b. Network Security/Privacy Liability - $1,000,0005,000,000.00 c. Breach Response/ Notification Sublimit - – a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,0001,000,000.00 b. Network Security/Privacy Liability - $1,000,0001,000,000.00 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence Errors and Omissions Insurance - $1,000,0003,000,000.00 limit (including coverage for Cyber Liability b. Network SecurityThird Party Fidelity/Privacy Crime Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate1,000,000.00

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,0001,000,000.00 b. Network Security/Privacy Liability - $1,000,0001,000,000.00 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate d. Technology Products E&O - $1,000,000.00 Insurance Company Qualifications. Each company issuing policies required under Section 10. must: (a) be licensed to transact business in the State of Florida; and, (b) have an AM Best Financial Strength rating of “A- ” or above.

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.1.6.1. Each occurrence - $1,000,0001,000,000.00 b. 10.1.6.2. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate1,000,000.00

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000. b. Network Security/Privacy Liability - $1,000,000. c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate.

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 5,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate5,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence claim - $1,000,000 1,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 3,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate3,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.1.6.1. Each occurrence claim - $1,000,0001,000,000.00 b. 10.1.6.2. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate1,000,000.00

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.1.4.1. Each occurrence - $1,000,0005,000,000 b. 10.1.4.2. Network Security/Privacy Liability - $1,000,0005,000,000 c. 10.1.4.3. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate 10.1.4.4. Technology Products E&O - $5,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate d. Technology Products E&O - $1,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.6.1.1. Each occurrence - $1,000,0001,000,000.00 b. 10.6.1.2. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate1,000,000.00

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,000 5000,000 b. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate51,000,000

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.1.7.1. Each occurrence - $1,000,0001,000,000.00 b. 10.1.7.2. Network Security/Privacy Liability - $1,000,0001,000,000.00 c. 10.1.7.3. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 10.1.3.1. Each occurrence - $1,000,0005,000,000.00 b. 10.1.3.2. Network Security/Privacy Liability - $1,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate5,000,000.00

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. Each occurrence - $1,000,00010,000,000 b. Network Security/Privacy Liability - $1,000,00010,000,000 c. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate

Information Security. Cyber Liability insurance written on a “claims-made” basis covering Vendor and Vendor Staff for expenses, claims and losses resulting from wrongful acts committed in the performance of, or failure to perform, all Services, including, without limitation, claims, other demands and any payments related to electronic or physical security, breaches of confidentiality and invasion of or breaches of privacy. The Information Security/Cyber Liability Insurance must include internet media liability including cloud computing and mobile devices for protection of confidential information and customer data whether electronic or non-electronic, network security and privacy; privacy against liability for system attacks, digital asset loss, denial or loss of service, introduction, implantation or spread of malicious software code, security breach, unauthorized access and use, including regulatory action expenses, and notification and credit monitoring expenses with at least the minimum limits listed below. Coverage must be renewed for two (2) years after completion of the Services. a. 9.1.4.1. Each occurrence - claim- $1,000,000 b. 9.1.4.2. Network Security/Privacy Liability - $1,000,000 c. 9.1.4.3. Breach Response/ Notification Sublimit - a minimum limit of fifty percent (50%) of the policy aggregate