|
NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR
<br />AIRCRAFT COMMUNICATION SYSTEMS, MASS
<br />TRANSIT, AIR TRAFFIC CONTROL, DIRECT LIFE
<br />SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN
<br />WHICH THE FAILURE OF THE SUBSCRIPTION
<br />SOFTWARE COULD LEAD DIRECTLY TO DEATH,
<br />PERSONAL INJURY, OR SEVERE PHYSICAL OR
<br />ENVIRONMENTAL DAMAGE ("HIGH RISK
<br />ACTIVITIES"). ACCORDINGLY, INFOR DISCLAIMS ANY
<br />EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR
<br />HIGH RISK ACTIVITIES. LICENSEE AGREES THAT
<br />INFOR SHALL NOT BE LIABLE FOR ANY CLAIMS OR
<br />DAMAGES ARISING FROM OR RELATED TO THE USE OF
<br />THE SUBSCRIPTION SOFTWARE IN SUCH
<br />APPLICATIONS.
<br />6. Confidential Information.
<br />(a) Confidentiality. The Confidential Information disclosed under
<br />this Agreement may be used, disclosed or reproduced only to the
<br />extent necessary to further and fulfill the purposes of this Agreement.
<br />Except as otherwise permitted under this Agreement, the Recipient
<br />will not knowingly disclose to any third party, or make any use of the
<br />Discloser's Confidential Information. The Recipient will use at least
<br />the same standard of care to maintain the confidentiality of the
<br />Discloser's Confidential Information that it uses to maintain the
<br />confidentiality of its own Confidential Information, but in no event
<br />less than reasonable care. The non -disclosure and non-use
<br />obligations of this Agreement will remain in full force with respect
<br />to each item of Confidential Information for a period of ten (10) years
<br />after Recipient's receipt of that item; provided, however, that
<br />Licensee's obligations to maintain the Subscription Software and
<br />Documentation as confidential will survive in perpetuity. Each of
<br />Licensee and Infor shall be shall be responsible for the breach of the
<br />confidentiality terms contained in this Section 6 by any of its
<br />directors, officers, employees, Authorized Users, agents, accountants
<br />and advisors. Notwithstanding the foregoing, this Section is not
<br />intended to prevent (a) a Recipient from using Residual Knowledge,
<br />subject to any Intellectual Property Rights of the Discloser, or (b)
<br />Infor from using Anonymous Data. If the Recipient should receive
<br />any legal request or process in any form seeking disclosure of
<br />Discloser's Confidential Information, or if the Recipient should be
<br />advised by counsel of any obligation to disclose such Confidential
<br />Information, the Recipient shall (if allowed by law) provide the
<br />Discloser with prompt notice of such request or advice so that the
<br />Discloser may seek a protective order or pursue other appropriate
<br />assurance of the confidential treatment of the Confidential
<br />Information. Regardless of whetber or not a protective order or other
<br />assurance is obtained, the Recipient shall furnish only that portion of
<br />the Discloser's Confidential Information which is legally required to
<br />be furnished and to use reasonable efforts to assure that the
<br />information is maintained in confidence by the party to whom it is
<br />furnished.
<br />(b) Security Policies and Safeguards. Infor shall establish and
<br />maintain administrative, technical, and physical safeguards designed
<br />to protect against the destruction, loss, unauthorized access or
<br />alteration of Licensee Data and Personal Information in the
<br />possession or under the control of Infor or to which Infor has access,
<br />which are: (i) no less rigorous than those maintained by Infor for its
<br />own information of a similar nature; (ii) no less rigorous than
<br />generally accepted industry standards, and (iii) required by
<br />applicable laws. The security procedures and safeguards
<br />implemented and maintained by Infor pursuant to this Section 6(b)
<br />shall include, without limitation:
<br />(i) User identification and access controls designed to limit
<br />access to Licensee's Data to authorized users;
<br />(ii) the use of appropriate procedures and technical controls
<br />regulating data entering Infor's network from any external
<br />source;
<br />(iii) the use of encryption techniques when Licensee's Data is
<br />transmitted or transferred into or out of the hosted
<br />environment;
<br />(iv) physical security measures, including without limitation
<br />securing Licensee's Data within a secure facility where
<br />only authorized personnel and agents will have physical
<br />access to Licensee Data;
<br />(v) operational measures, including without limitation IT
<br />Service Management (ITSM) processes designed to ensure
<br />the correct and secure operations of information processing
<br />activities;
<br />(v) periodic employee training regarding the security programs
<br />referenced in this Section; and
<br />(vi) periodic testing of the systems and procedures outlined in
<br />this Section.
<br />(c) Review of Controls. Once in each 12 month period during the
<br />Subscription Term, Infor shall, at its cost and expense, engage a duly
<br />qualified independent auditor to conduct a review of the design and
<br />operating effectiveness of Infor's defined control objectives and
<br />control activities in connection with the Subscription Services. Infor
<br />shall cause such auditor to prepare a report in accordance with the
<br />American Institute of Certified Public Accountants Statement on
<br />Standards for. Attestation Engagements No. 16 (SSAE 16) or an
<br />equivalent standard, which may include ISAE 3402 (the "Audit
<br />Report"). Licensee shall have the right to request and receive a copy
<br />of the Audit Report and Licensee may share a copy of such Audit
<br />Report with its auditors and regulators, provided that, such Audit
<br />Report shall be Infor's Confidential Information (as defined in this
<br />Agreement).
<br />(d) Security Incident Resnonse. In the event that Infor becomes
<br />aware that the security of any Licensee Data or Personal Information
<br />has been compromised, or that such Licensee Data or Personal
<br />Information has been or is reasonably expected to be subject to a use
<br />or disclosure not authorized by this Agreement (an "Information
<br />Security Incident"), Infor shall: (i) promptly (and in any event within
<br />24 hours of becoming aware of such Information Security Incident),
<br />notify Licensee, in writing, of the occurrence of such Information
<br />Security Incident; (ii) investigate such Information Security Incident
<br />and conduct a reasonable analysis of the cause(s) of such Information
<br />Security Incident; (iii) provide periodic updates of any ongoing
<br />investigation to Licensee; (iv) develop and implement an appropriate
<br />plan to remediate the cause of such Information Security Incident to
<br />the extent such cause is within Infor's control; and (v) cooperate with
<br />Licensee's reasonable investigation or Licensee's efforts to comply
<br />with any notification or other regulatory requirements applicable to
<br />such Information Security Incident.
<br />7. Indemnity by_Infor. Infor will defend, indemnify and hold
<br />Licensee harmless froin and against any loss, cost and expense to the
<br />extent arising from a third party claim against Licensee that the
<br />Subscription Software infringes any Intellectual Property Rights of
<br />others. Infor's obligations under this indemnification are expressly
<br />conditioned on the following: (i) Licensee must promptly notify
<br />Infor of any such claim; (ii) Licensee must, in writing, grant Infor
<br />sole control of the defense of any such claim and of all negotiations
<br />for its settlement or compromise so long as such settlement or
<br />compromise does not result in payment of money by Licensee or an
<br />admission of guilt by Licensee (if Licensee chooses to represent its
<br />own interests in any such action, Licensee may do so at its own
<br />expense, but such representation must not prejudice Infor's right to
<br />Subscription License and Services Agreement (US October 2017) Page 4 of 7
<br />
|