Information Security Policy
A. Security Program
TEAM Software, Inc. (“TEAM,” “we,” or “our”) uses industry-standard administrative, technical, physical, and other safeguards (its “Security Program”) to preserve the confidentiality, integrity, and availability of information in its possession or control, information which it has the ability to access or alter, and systems which it actually accesses or contacts (collectively, “Client Information”). TEAM’s Security Program includes:
- A technology infrastructure designed to prevent any compromise of its own information systems, computer networks or data files by unauthorized users, viruses or malicious computer programs which could in turn be propagated to our clients.
- Appropriate internal safeguards including but not limited to: appropriate firewalls and antivirus software; a comprehensive patch management, software upgrade, and virus definition update program; appropriate logs and alerts to monitor access controls and to assure data availability, integrity, and confidentiality; controlled access internal systems and applications; and least-privilege permissions on TEAM networks and devices codes to prevent unauthorized access to Client Information.
- Limiting Client Information access to those TEAM employees or contractors with a genuine business need-to-know.
B. Training and Supervision
TEAM maintains adequate training programs to ensure that its employees and any others acting on its behalf are aware of and adhere to its information security program. TEAM exercises reasonable and appropriate supervision over its relevant employees to maintain the availability, integrity, and confidentiality of Client Information.
C. Data Incidents
TEAM will notify client of any reasonably suspected or actual loss of data or any breach or compromise of its Information Security Program which has or may result in the loss or unauthorized access, of any disclosure, use or acquisition of Client Information (including hard copy records) or of any potential threat to any client systems (collectively, “Data Incident”). The initial notice may be a general summary regarding the nature and scope of the Data Incident. A subsequent, comprehensive notice will be given within 48 hours after TEAM determines, in reasonable detail, the nature and scope of the Data Incident (including each data element type that relates to a customer or client employee, if any) and the corrective action already taken or to be taken by TEAM. TEAM will promptly take all reasonable corrective actions, and will cooperate fully with its clients in all reasonable efforts to mitigate the adverse effects of the Data Incident and to prevent its recurrence. The parties will collaborate to determine whether any notice of breach is required by law to be given to any person and, if so, to determine the content and delivery method of that notice.
D. Third Parties
TEAM may share, transfer, disclose or otherwise provide access to Client Information to TEAM’s own third party service providers to the extent necessary for those service providers to perform their respective functions. TEAM will require any such third parties to perform those functions in accordance with this Information Security Policy and to maintain an Information Security Program equivalent to or more protective than this Information Security Policy. TEAM shall contractually preserve for itself and its clients all rights provided in section (F) below with regard to any such third parties. TEAM may also disclose Client Information if required to do so in order to comply with legal process or other applicable law. TEAM shall not share Client Information with any other third party without prior written consent from the applicable client.
E. Ownership and Usage
F. Security Review and Audit
TEAM will conduct periodic reviews of its Security Program. At a client’s request, TEAM will provide copies of any portion of TEAM’s Security Program that directly affects that client’s Client Information. Upon reasonable notice, TEAM will provide its client an opportunity to conduct a privacy and security audit of TEAM’s Security Program insofar as it is applicable to the services provided by TEAM to that client.
TEAM shall comply with all applicable legal requirements (federal, state, local and international laws, rules and regulations and governmental requirements) currently in effect and as they become effective relating to the privacy, confidentiality, integrity, or availability of Client Information.
H. Secure Disposition
TEAM will use industry-standard methods to either return or dispose of Client Information that is no longer needed for client’s business or legal purposes.