Data Security Terms of Service

Last Revision Date: March 06, 2015

These Data Security Terms of Service apply to Content accessed from Financial Risk Mitigation, Inc. and its subsidiaries (collectively, “FRM”) by, from, and through (“Portal”) or by way of any other delivery mechanism whether oral, paper, or electronic.

Data Security

Subscribers shall only access Content from FRM from corporately owned and/or managed devices that have industry recognized anti-virus, anti-spyware, and firewalls installed with current subscriptions and signature files.

Any Subscriber downloading or receiving Content from FRM shall undertake commercially reasonable efforts to protect any information accessed and/or downloaded by, from, and through the Portal or by way of any other delivery mechanism whether oral, paper, or electronic

Commercially reasonable steps include, but may not be limited to:

(i) maintaining multiple layers of network security;

(ii) using industry-recognized and best-practice configured firewalls, routers, and intrusion detection services;

(iii) securing access (both physical and network) to systems storing FRM Content with authentication, complex password and password changes at least every ninety (90) days;

(iv) patching servers on a timely basis with appropriate security-specific system patches, as they are available;

(v) logging mechanisms for systems and services allowing for tracking and analysis in the event of compromise;

(vi) assuring data security when storing or disposing of FRM Content such as locking up Reports, incinerating paper files, degaussing, and remotely wiping computer equipment;

(vii) using strong encryption of Content during transmission and while in a state of rest; and,

(viii) maintaining an Information Security Program as administered by an employee or employees which is anticipatory of foreseeable threats or hazards for attacks, intrusions, unauthorized access, system failures, alteration, destruction, or breach of confidentiality of FRM Content and Portal by way of: (a) using administrative, technical, and physical safeguards (collectively, “Safeguards”) to protect FRM Content and Portal; (b) reasonably designing, periodically reviewing, regularly testing, monitoring, and risk assessing Safeguards (collectively, “Safeguard Reviews”); and, (c) modifying and upgrading systems, system controls, procedures (including training of employees and management) as informed by the results of those Safeguard Reviews.