1. Technology Management Systems.
ServiceNow (“SNOW”) is an All Covered ITSM compliant toolset (“SNOW Platform”). All Covered will provide SNOW Platform access to Client employees, as required, to deliver Client and end user support.
2. SNOW Platform Restrictions.
(a) Client may not use the SNOW Platform to create, receive, maintain or transmit: (i) information protected under the privacy or security regulations issued pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or subject to the Health Information Technology for Economic and Clinical Health (HITECH) Act; or (ii) non-public, sensitive or personally identifiable information, including but not limited to, driver’s license numbers, passport numbers, social security numbers, tax identification numbers, voter registration numbers or similar identifying numbers, health information, or financial information including bank, checking, credit card, debit card, or other account numbers (collectively, “Controlled Data”).
(b) Data contained within the SNOW Platform consists of business data of both Client and All Covered. Prior to termination of SNOW Platform services, Client may request an export of its data on the SNOW Platform and such data will be exported in accordance with a mutually agreeable Data Export Statement of Work; provided, that any All Covered proprietary information contained in such exported data may be redacted at the discretion of All Covered management. Termination of SNOW Platform services will not be effective until All Covered has completed final data synchronizations to capture billing details or other All Covered service delivery information, at which time the client instance of SNOW will be deleted from Provider’s systems. Deletion will not be performed if there is any legal hold in place. Deletion may not be performed on any backups of SNOW data but will be purged according to Provider backup retention policies.
3. Client Obligations.
Client acknowledges and agrees that it is solely responsible for implementing within its organization controls to:
- ensure that only authorized client personnel are given access to the SNOW Platform and any changes to said personnel are communicated to All Covered in a timely manner;
- define processes for Client personnel usage of the SNOW Platform;
- notify All Covered of any actual or suspected information security breaches, including compromised user accounts and unauthorized changes;
- define processes and controls to verify the accuracy and completeness of information provided to All Covered;
define processes and controls to prevent the transmission of Controlled Data, as defined in section 3(a)(ii), to the SNOW Platform; and
- protect the privacy and respond to privacy information requests of any individual whose data is used in connection with the SNOW Platform, as required by data privacy regulations in effect during such usage.
To the fullest extent permitted by law, Client agrees to indemnify, defend and hold All Covered harmless from any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys’ fees, arising out of or relating to Client’s breach of Sections 2 or 3.