Common use of Licensor Systems; Access Clause in Contracts

Licensor Systems; Access. 2.1.1 Licensor shall not and shall not permit a third party to access, use or disclose Confidential Information except as specifically authorized in the Standard Contract or this Security Addendum. 2.1.2 Licensor will safeguard Confidential Information in a controlled environment consistent with industry standards. 2.1.3 Licensor shall establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Confidential Information. 2.1.4 Licensor will maintain a list of systems where Confidential Information is processed and stored and maintain a list of Personnel who have access to those systems. 2.1.5 Licensor will have in place industry standard policies and processes to limit access to Personal Data including: (i) a unique individual user-id will be used for each user that accesses Confidential Information; (ii) any temporary password issued will be unique and must be changed upon first use; (iii) no 2.1.6 Licensor will have in place industry standard end user authentication processes including that passwords will not be displayed, printed stored in clear text and will be required to be at least six characters, case sensitive, different from user-ids and will be a combination of at least uppercase, lowercase and numerals. The process for users to change their passwords will meet the following requirements: (i) passwords are not sent in email (except for temporary/one-time use passwords); (ii) users receive a separate notification upon password and/or profile changes such as an email or mail; and (iii) password resets require authentication of individual identity. 2.1.7 Licensor will time out an authenticated session and require re-authentication should the session expire. If using cookies for authenticated session management, the cookies must be marked as secure, and any authentication material must be encrypted. 2.1.8 Upon Buyer’s request, Licensor shall provide a copy of or online viewing access to (which information may be provided through AWS) a summary of its policies, processes and administrative controls by which Confidential Information is used, disclosed, stored, processed or otherwise transmitted or handled, and any material modifications to suchpolicies, processes and controls.

Licensor Systems; Access. 2.1.1 Licensor shall not and shall not permit a third party to access, use or disclose Confidential Information except as specifically authorized in the Standard Contract or this Security Addendum.Confidential 2.1.2 Licensor will safeguard Confidential Information in a controlled environment consistent with industry standards. 2.1.3 Licensor shall establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Confidential Information. 2.1.4 Licensor will maintain a list of systems where Confidential Information is processed and stored and maintain a list of Personnel who have access to those systems. 2.1.5 Licensor will have in place industry standard policies and processes to limit access to Personal Data Information including: (i) a unique individual user-id will be used for each user that accesses Confidential Information; (ii) any temporary password issued will be unique and must be changed upon first use; (iii) nono Confidential Information, nor a subset of Confidential Information (such as part of a user’s Social Security Number), will be used in either the user-id or the initial temporary password; and (iv) it will establish a process to ensure timely revocation of access when access is no longer allowed for an individual (e.g. separation, role change). 2.1.6 Licensor will have in place industry standard end user authentication processes including that passwords will not be displayed, printed stored in clear text and will be required to be at least six characters, case sensitive, different from user-ids and will be a combination of at least uppercase, lowercase and numerals. The process for users to change their passwords will meet the following requirements: (i) passwords are not sent in email (except for temporary/one-time use passwords); (ii) users receive a separate notification upon password and/or profile changes such as an email or mail; and (iii) password resets require authentication of individual identity.notification 2.1.7 Licensor will time out an authenticated session and require re-authentication should the session expire. If using cookies for authenticated session management, the cookies must be marked as secure, and any authentication material must be encrypted. 2.1.8 Upon Buyer’s request, Licensor shall provide Buyer a copy of or online viewing access to (which information may be provided through AWS) a summary of its policies, processes and administrative controls by which Confidential Information is used, disclosed, stored, processed or otherwise transmitted or handled, and any material modifications to suchpoliciessuch policies, processes and controls.

Licensor Systems; Access. 2.1.1 Licensor shall not and shall not permit a third party to access, use or disclose Confidential Information except as specifically authorized in the Standard Contract or this Security Addendum. 2.1.2 Licensor will safeguard Confidential Information in a controlled environment consistent with industry standards. 2.1.3 Licensor shall establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Confidential Information. 2.1.4 Licensor will maintain a list of systems where Confidential Information is processed and stored and maintain a list of Personnel who have access to those systems. 2.1.5 Licensor will have in place industry standard policies and processes to limit access to Personal Data Information including: (i) a unique individual user-id will be used for each user that accesses Confidential Information; (ii) any temporary password issued will be unique and must be changed upon first use; (iii) nobe 2.1.6 Licensor will have in place industry standard end user authentication processes including that passwords will not be displayed, printed stored in clear text and will be required to be at least six characters, case sensitive, different from user-ids and will be a combination of at least uppercase, lowercase and numerals. The process for users to change their passwords will meet the following requirements: (i) passwords are not sent in email (except for temporary/one-time use passwords); (ii) users receive a separate notification upon password and/or profile changes such as an email or mail; and (iii) password resets require authentication of individual identity. 2.1.7 Licensor will time out an authenticated session and require re-authentication should the session expire. If using cookies for authenticated session management, the cookies must be marked as secure, and any authentication material must be encrypted. 2.1.8 Upon Buyer’s request, Licensor shall provide a copy of or online viewing access to (which information may be provided through AWS) a summary of its policies, processes and administrative controls by which Confidential Information is used, disclosed, stored, processed or otherwise transmitted or handled, and any material modifications to suchpolicies, processes and controls.

Licensor Systems; Access. 2.1.1 Licensor shall not and shall not permit a third party to access, use or disclose Confidential Information except as specifically authorized in the Standard Contract or this Security Addendum. 2.1.2 Licensor will safeguard Confidential Information in a controlled environment consistent with industry standards. 2.1.3 Licensor shall establish, maintain and enforce the security access principles of “segregation of duties” and “least privilege” with respect to Confidential Information. 2.1.4 Licensor will maintain a list of systems where Confidential Information is processed and stored and maintain a list of Personnel who have access to those systems. 2.1.5 Licensor will have in place industry standard policies and processes to limit access to Personal Data Information including: (i) a unique individual user-id will be used for each user that accesses Confidential Information; (ii) any temporary password issued will be unique and must be changed upon first use; (iii) no) 2.1.6 Licensor will have in place industry standard end user authentication processes including that passwords will not be displayed, printed stored in clear text and will be required to be at least six characters, case sensitive, different from user-ids and will be a combination of at least uppercase, lowercase and numerals. The process for users to change their passwords will meet the following requirements: (i) passwords are not sent in email (except for temporary/one-time use passwords); (ii) users receive a separate notification upon password and/or profile changes such as an email or mail; and (iii) password resets require authentication of individual identity. 2.1.7 Licensor will time out an authenticated session and require re-authentication should the session expire. If using cookies for authenticated session management, the cookies must be marked as secure, and any authentication material must be encrypted. 2.1.8 Upon Buyer’s request, Licensor shall provide Buyer a copy of or online viewing access to (which information may be provided through AWS) a summary of its policies, processes and administrative controls by which Confidential Information is used, disclosed, stored, processed or otherwise transmitted or handled, and any material modifications to suchpoliciessuch policies, processes and controls.