Information Security Program 

1. Protection of Data

During the term of platform usage, FlowPoint shall:  

(a) maintain and enforce an information security program, including safety and, physical and technical security policies and procedures with respect to its Processing of Data that meets or exceeds applicable best industry practices and standards; 

(b) provide technical and organizational safeguards against accidental, unlawful, or unauthorized access to or use, destruction, loss, alteration, disclosure, transfer or processing of such information that ensure a level of security appropriate to the risks presented by the Processing of Data and the nature of such Data, consistent with best industry practice and standards; 

(c) take all reasonable measures to: 

(i) secure and defend all locations, equipment, systems, and other materials and facilities employed in connection with the SaaS Services against “hackers” and others who may seek, without authorization, to disrupt, damage, modify, access, or otherwise use FlowPoint systems or the information found therein; and 

(ii) prevent: (A) Customer, Client and the Authorized Users from having unauthorized access to the data of FlowPoint’s other confidential information or confidential information of other FlowPoint customers of the SaaS Services; (B) ensure that Data integrity is maintained and access enforced using industry best practices for data line of sight; and (C) unauthorized access to any of Data; and 

(iii) continuously monitor its systems for potential areas where security could be breached. 

2. Unauthorized Access

FlowPoint shall not access, and shall not permit any access to, the information technology infrastructure, including the computers, software, databases, electronic systems (including database management systems), and networks, of Customer or any of its Client’s (“Customer Systems”), in whole or in part, whether through FlowPoint Systems (as defined below) or otherwise, without Customer’s express prior written authorization. Such authorization may be revoked on a reasonable timeframe by Customer in writing at any time in its sole discretion. Any access to the Customer Systems shall be solely in accordance with the terms and conditions and in no case exceed the scope of the Customer’s authorization pursuant to this Section.  

3. FlowPoint Systems

FlowPoint shall be solely responsible for the information technology infrastructure, including all computers, software, databases, electronic systems (including database management systems), and networks used by or for FlowPoint to access the Customer Systems or otherwise in connection with the SaaS Services (“FlowPoint Systems”) and shall prevent unauthorized access to the Customer Systems through the FlowPoint Systems.  

4. Non-Exclusive Remedy for Security Breach

Any material failure of FlowPoint to meet the requirements of this Agreement with respect to the security of any Data is a material breach of this Agreement for which Customer, at its option, may terminate this Agreement immediately on written notice to FlowPoint without any notice or cure period, and, without limiting any other rights or remedies Customer may be entitled to under this Agreement or at law, FlowPoint shall promptly reimburse to Customer any Fees prepaid by Customer prorated to the date of such termination.