The Parties agree Alliance 2020’s provision of consumer reports and/or investigative consumer reports (collectively, “Screening Reports”), as those terms are defined by the Fair Credit Reporting Act, as amended (“FCRA”), and applicable state laws, is subject to the employer certification requirements and other requirements contained in Exhibit A to this Agreement (the “Background Screening Requirements”), the terms of which are incorporated by this reference as if fully set forth herein.
1.1. “Affiliate” means any entity Controlled by, Controlling, or under common Control with a Party to this Agreement.
1.2. “Agreement” means, collectively, this Alliance 2020 Master Services Agreement, together with any exhibits, attachments, schedules, addenda, and appendices or documents attached hereto or incorporated herein, including any Order Forms, Statements of Work or amendments referencing this Agreement.
1.3. “Company Data” means any and all information, including all forms, attachments, media and files, provided, entered or uploaded to the Software Service by any User, including Company’s (or its Affiliates’) employees, agents, contractors, or third party employment candidates authorized to access the Software Services.
1.4. “Control” means either the direct or indirect control of more than 50% of the shares or other equity interests of the subject entity entitled to vote in the election of directors (or, in the case of an entity that is not a corporation, for the election or appointment of the corresponding managing authority).
1.5. “Deliverable” means the custom developed documents, designs, and other materials authored or prepared by Alliance 2020 for and provided to Company as part of a Professional Services engagement pursuant to a Statement of Work. The term “Deliverable” does not include the Software Service (including all modifications and/or enhancements to the Software Service), the Documentation, Alliance 2020’s proprietary education and training content, if any, or any pre-existing materials related to Alliance 2020’s Professional Services processes and methodology, whether or not incorporated in a Deliverable.
1.6. “Documentation” means tutorials and/or user manuals, if any, and/or technical requirements documents, if any, that are generally provided by Alliance 2020 to customers in connection with the Software Service.
1.7. “Order Form” means a mutually executed “Order Form and Pricing Schedule” that sets forth the Services to be provided under this Agreement.
1.8. “Professional Services” means implementation, configuration, or other professional services related to the Software Service that are ordered by Company pursuant to an Order Form and set forth in an applicable Statement of Work, as further described in Section 8.
1.9. “Services” means, collectively, the Software Service, Professional Services and Support Services and any other related services ordered by Company pursuant to an Order Form and/or any applicable Statement of Work.
1.10. “Software Service” means Alliance 2020’s internet-delivered software applications that are ordered by Company and reflected on an Order Form.
1.11. “Support Services” means support and maintenance services for the Software Service provided in accordance with Section 2.1.1.
1.12. “Term” means the Initial Term and any Renewal Terms (as those terms are defined in Section 3 of this Agreement).
1.13. “Users” means individuals who are authorized by Company to access the Software Service and who have been supplied user identifications and passwords by Company (or by Alliance 2020 at Company’s request). Users may include but are not limited to Company’s employees, consultants, contractors, agents, and candidates applying for employment whom Company has authorized to access the Software Service, provided in all cases that the use is solely for the benefit of Company.
2. PROVISION AND USE OF THE SOFTWARE SERVICE
2.1. Alliance 2020’s Rights and Responsibilities.
2.1.1. Provision of Software Service; Support and Availability. Subject to the terms and conditions of this Agreement, Alliance 2020 shall host and maintain the Software Service and make it available to Company throughout the Term. Alliance 2020 will provide customer support, data back-up, and disaster recovery services for the Software Service in accordance with this Agreement and Alliance 2020’s then-current policies and practices, which policies may be acquired from Alliance 2020 upon written request. Alliance 2020 reserves the right to make changes at any time to its policies, procedures and practices regarding Support Services and to make changes to its hosting and technical infrastructure, provided that such changes do not materially degrade the overall level of support provided to Alliance 2020 customers. Notwithstanding the foregoing, Alliance 2020 shall use commercially reasonable efforts to make the Software Service available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which Alliance 2020 shall schedule to the extent practicable during the weekend hours from 6:00 p.m. Friday to 3:00 a.m. Monday Pacific Time), or (ii) any unavailability caused by Force Majeure Events (as defined in Section 21 below).
2.1.2. Protection of Company Data. Alliance 2020 shall maintain reasonable administrative, physical, and technical safeguards for the Software Service designed to protect the security, confidentiality and integrity of Company Data. Alliance 2020 shall not knowingly (i) modify Company Data, except as instructed by Company, (ii) disclose Company Data, except as compelled by law or as necessary to provide the Services hereunder, including disclosing it to (a) Users in connection with Company’s use of the Software Service and in accordance with the license granted in Section 2.2.4 and (b) Alliance 2020’s service providers who act on Alliance 2020’s behalf in providing the Software Service, provided that Alliance 2020 will remain responsible for compliance with this Agreement by any such service providers acting on its behalf, or (iii) access Company Data, except as reasonably necessary to prevent or address service or technical problems, to respond to Company’s request in connection with customer support matters, for statistical reporting purposes, or as reasonably necessary to protect Alliance 2020, Company, Users or the data subject. Alliance 2020 may aggregate, use, distribute, and publish anonymous statistical data regarding use and functioning of the Software Service by its customers. Such aggregated statistical data will be the sole property of Alliance 2020.
2.2. Company’s Rights and Responsibilities.
2.2.1. License to Software Service. During the Term, Alliance 2020 grants to Company a limited, non-transferable, non-exclusive right to access and use the Software Service and Documentation for Company’s internal use in accordance with this Agreement. Alliance 2020 will host and retain physical control over the Software Service and make any computer programs and code available for access, use and operation by Company only through a web-browser. No provision under this Agreement shall obligate Alliance 2020 to deliver or otherwise make available any copies of computer programs or code from the Software Service to Company, whether in object code or source code form. Company may not remove or alter any of the logos, trademark, patent or copyright notices, confidentiality or proprietary legends or other notices or markings within the Software Service or Documentation.
2.2.2. Usage Limits. The license granted in Section 2.2.1 is subject to the “employee count” and other limitations set forth in an applicable Order Form. The Software Service may not be used by or for the benefit of Company employee populations (e.g., the employee populations to which the Software Service applies or benefits) in excess of the maximum employee count. For purposes of this Section 2.2.2, an employee is any distinct individual included in the payroll system of Company. Company agrees to submit to a reasonable audit of its compliance with any such usage limits upon reasonable notice by Alliance 2020, not more than once per calendar year.
2.2.3. Responsibility for Users. Company shall: (i) be responsible for its Users’ compliance with the terms of this Agreement, and for all use of the Software Service that occurs under its Users’ accounts (and accordingly, to safeguard login credentials for the Software Service), (ii) be solely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness and copyright of all Company Data and provide Alliance 2020 with all information and data that Alliance 2020 requires in order to perform the Services, (iii) promptly notify Alliance 2020 of any unauthorized access or use, and (iv) use the Software Service only in accordance with applicable laws and government regulations.
2.2.5. Screening Reports. If ordering Screening Reports from Alliance 2020, Company shall comply with the requirements set forth in Exhibit A hereto (the Background Screening Requirements).
2.2.6. Restrictions. Company shall not, and shall ensure that its Users do not: (i) use the Software Service for any purpose other than Company’s internal business purposes; (ii) allow any third party other than Users to access the Software Service, (iii) sell, resell, rent or lease the Software Service (or access to it) to any third party, (iv) use the Software Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third party privacy rights, or otherwise use the Software Service in violation of applicable laws, (v) store or submit to the Software Service any viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs (collectively, “Malicious Code”), (vi) interfere with or disrupt the integrity or performance of the Software Service or third party data contained therein, (vii) attempt to gain unauthorized access to the Software Service or their related systems or networks or (viii) make derivative works of, disassemble, or attempt to reverse compile or reverse engineer any part of the Software Service or Documentation, or access the Software Service or Documentation in order to build a similar or competitive product or service (or contract with a third party to do so).
2.2.7. Safeguards. Company shall maintain records as required by law and maintain reasonable and appropriate physical, technical and administrative measures designed to protect against unauthorized access to and/or misuse of the Software Service and Confidential Information (as defined in Section 12), including, without limitation, adhering to the minimum requirements contained in Exhibit B to this Agreement (the “Access Security Requirements”).
2.2.8 Audits. Company agrees to cooperate with any reasonable audit or investigation by Alliance 2020 and/or a vendor of Alliance 2020 to assure compliance with the terms of this Agreement. Company understands that any failure to cooperate with reasonable requests regarding an audit or investigation constitutes grounds for immediate suspension of the Services and termination of this Agreement.
3. TERM AND TERMINATION.
This Agreement shall begin on the Effective Date noted in the Order Form, and, unless earlier terminated as provided herein, shall continue for a period of 12 months (the “Initial Term”). After the Initial Term, this Agreement shall automatically renew for successive one-year periods (each a “Renewal Term”) unless one Party provides the other Party with written notice of its intent to not renew the Agreement at least ninety (90) days prior to the expiration of the then-current Term. Anything in this Agreement to the contrary notwithstanding, including but not limited to this Section 3, if the term of any Statement of Work or any Services in an Order Form extend beyond the Term of this Agreement, then this Agreement shall automatically continue in full force and effect beyond the stated Term for so long as any Statement of Work or Order Forms remain in force.
3.1. Termination. Either Party may terminate this Agreement immediately for cause upon providing written notice if (a) the other Party materially breaches this Agreement and fails to cure its breach within thirty (30) days after receiving written notice of the breach, or (b) the other Party terminates or suspends its business as a result of bankruptcy, insolvency or any similar event.
3.2. Surviving Provisions. Section 3.2 (Surviving Provisions), 3.3 (Effect of Termination), Section 3.4 (Return of Company Data), Sections 4 (Fees) and Section 5 (Invoicing and Payment) (but only with respect to amounts accrued but unpaid as of termination), Section 7 (Intellectual Property Ownership), Section 9 (Warranties and Disclaimers), Section 10 (Indemnification), Section 11 (Limitation of Liability), Section 12 (Confidentiality), and Sections 13-25 shall survive any termination or expiration of this Agreement.
3.3. Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) Notwithstanding any provision of any surviving section, Company will have no further right to use the Software Service except to the extent set forth in Section 3.4 (Return of Company Data) below; (b) Company will not be entitled to any refund of fees paid, except that if Company terminates the Agreement for Alliance 2020’s uncured breach pursuant to Section 3.1 (Termination), Company will be entitled to a pro rata refund of prepaid, unused platform license fees for the Software Service specified in an Order Form; and (c) Company will promptly pay to Alliance 2020 all amounts that are accrued but unpaid under this Agreement as of the effective date of termination.
3.4. Return of Company Data. Upon written request by Company made within thirty (30) days after the effective date of termination of this Agreement, provided Company is not in default, Alliance 2020 will make available to Company for download a file of requested Company Data in comma separated value (.csv) format along with Screening Reports and attachments uploaded by Company’s Users in their native formats. After such thirty (30) day period, Alliance 2020 shall have no further obligation to provide Company with access to any Company Data, Deliverables and/or Screening Reports. Any such download will be subject to Alliance 2020’s then current Professional Services rate.
4. FEES. Company shall pay the fees set forth in any Order Form and any applicable Statement of Work, as well as any amounts otherwise agreed to by the Parties in writing. These fees may include set-up fees, annual platform license fees, transaction-based fees, and other amounts as set forth in an Order Form or Statement of Work.
5. INVOICING AND PAYMENT. Alliance 2020 will invoice Company for all Services as indicated in the Order Form and any applicable Statement of Work. Payment is due thirty (30) days after an invoice is received. If Company is approved by Alliance 2020 to pay invoices with a credit card, Company shall provide Alliance 2020 with valid and updated credit card information. Company hereby authorizes Alliance 2020 to charge such credit card for Services listed on the Order Form for the Initial Term and any Renewal Term(s).
5.1. Overdue Charges. If any charges are not received from Company by the due date, then at Alliance 2020’s sole discretion, (i) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (ii) Alliance 2020 may condition future payment terms shorter than those specified in this Section 5.
5.2. Suspension of Services and Acceleration. If any amount owing by Company under this Agreement is thirty (30) or more days overdue, Alliance 2020 may, without limiting other rights and remedies available to it, accelerate Company’s unpaid fee obligations so that all such obligations become immediately due and payable, and/or suspend Services until such amounts are paid in full. Alliance 2020 will give Company at least seven (7) business days prior notice that Company’s account is overdue, in accordance with Section 20 (Notices), before suspending Services to Company.
5.3. Taxes. Unless otherwise stated, Alliance 2020’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). Company is responsible for paying all Taxes associated with its purchases hereunder. If Alliance 2020 has the legal obligation to pay or collect Taxes for which Company is responsible under this paragraph, the appropriate amount shall be invoiced to and paid by Company, unless Company provides Alliance 2020 with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Alliance 2020 is solely responsible for taxes assessable against it based on Alliance 2020’s income, property and employees.
6. SECURITY/LOAD TESTING AND USE OF ROBOTS. Company may not, without the prior written consent of Alliance 2020, (i) conduct security, integrity, penetration, vulnerability or similar testing on the Services, (ii) use any software tool designed to automatically emulate the actions of a human user (such tools are commonly referred to as robots) in conjunction with the Services, or (iii) attempt to access the data of another Alliance 2020 customer (whether or not for test purposes).
7. INTELLECTUAL PROPERTY OWNERSHIP. As between the parties, Company shall retain all right, title and interest to all Company Data (except for the rights expressly granted to Alliance 2020 in this Agreement). Alliance 2020 shall retain all right, title and interest in and to (i) the Software Service and all technology and software used to provide it, the Documentation and all modifications and/or enhancements to the Software Service, regardless of the source of inspiration for any such enhancement or modification and regardless of whether Company has provided input regarding such modifications and/or enhancements, (ii) proprietary education or training content, (iii) proprietary materials related to Alliance 2020’s Professional Services processes and methodology, (iv) all Deliverables, provided that no Company Confidential Information is shared or revealed by or included within the portion of any Deliverable later used by Alliance 2020, and (v) all intellectual property rights in the foregoing. Notwithstanding any other term of this Agreement, Alliance 2020 may access and use, and shall retain all right, title and interest in transactional and anonymized data based upon Company Data, so long as such data does not reveal the identity or traits of any particular individual person or of Company. Alliance 2020 reserves to itself all rights that are not expressly granted pursuant to this Agreement.
8. PROFESSIONAL SERVICES. Company shall have a non-exclusive, non-transferable, license during the Term to use the Deliverables resulting from Alliance 2020’s Professional Services solely for Company’s internal business purposes in connection with using the Software Service. Each Statement of Work during the Term is governed by the terms of this Agreement and in the event of any conflict or discrepancy between a Statement of Work and the terms of the Agreement, the Agreement shall govern except as to scope of work, fees, currency, expenses, and payment terms for the Professional Services, for which the Statement of Work will govern.
9. WARRANTIES AND DISCLAIMERS
9.1. Limited Warranty and Exclusive Remedy. Alliance 2020 represents and warrants as follows: (i) during the Term, the Software Service will perform substantially in accordance with the Documentation, if any, and (ii) Professional Services, if any, shall be provided in a professional manner consistent with industry standards. FOR ANY BREACH OF THE ABOVE WARRANTIES, COMPANY’S EXCLUSIVE REMEDY AND Alliance 2020’S ENTIRE LIABILITY SHALL BE: (i) FOR Alliance 2020 TO CORRECT THE ERRORS OR NON-COMFORITIES IN THE SOFTWARE SERVICE OR OTHER SERVICES THAT CAUSED BREACH OF THE WARRANTY, OR (WITH RESPECT TO PROFESSIONAL SERVICES) TO REPERFORM THE DEFICIENT PROFESSIONAL SERVICES; OR, (ii) IF Alliance 2020 CANNOT CORRECT SUCH BREACH IN A COMMERCIALLY REASONABLE TIMEFRAME, FOR COMPANY TO TERMINATE ITS ORDER FOR THE SOFTWARE SERVICE OR OTHER APPLICABLE SERVICES, AND RECEIVE A REFUND OF ANY PREPAID, UNUSED AMOUNTS PAYABLE FOR THE NON-CONFORMING OR DEFICIENT SERVICES.
9.2. GENERAL DISCLAIMER. Alliance 2020 DOES NOT GUARANTEE OR WARRANT THAT THE SOFTWARE SERVICE WILL PERFORM ERROR-FREE OR UNINTERRUPTED OR THAT Alliance 2020 WILL CORRECT ALL ERRORS IN THE SOFTWARE SERVICE OR OTHER SERVICES PROVIDED HEREUNDER. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
10. INDEMNIFICATION. Company shall defend, indemnify and hold harmless Alliance 2020 and its corporate affiliates, and its and their directors, officers, agents and representatives, against any claim, demand, suit or proceeding (collectively, a “Claim”) brought by a third party alleging (i) that the Company Data, or Company’s use of the Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of or has otherwise harmed a third party or violates applicable law, (ii) Company wrongfully used or obtained any Screening Report, including but not limited to Company having used any Screening Report for any purpose other than the stated permissible purpose, (iii) Company failed to comply with its obligations under the FCRA or other applicable federal, state or local laws, including but not limited to Company having failed to comply with its obligations set forth in Exhibit A-1 (“Notice to Users of Consumer Reports: Obligations of Users Under the FCRA”) and/or (iv) Company acted with gross negligence or willful misconduct, and shall indemnify Alliance 2020 for any damages (including reasonable attorney’s fees and costs) finally awarded against Alliance 2020 as a result of, or for any amounts paid by Alliance 2020 under a settlement of, a Claim; provided that Alliance 2020 (a) promptly gives Company written notice of the Claim; (b) gives Company sole control of the defense and settlement of the Claim (provided that Company may not settle any Claim unless the settlement unconditionally releases Alliance 2020 of all liability); and (c) provides to Company all reasonable assistance, at Company’s expense.
LIMITATIONS OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, Alliance 2020 WILL NOT BE LIABLE TO COMPANY FOR ANY LOST PROFITS, LOST SAVINGS, LOSS OF ANTICIPATED BENEFITS, OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF Alliance 2020 HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, THE AGGREGATE LIABLITY OF Alliance 2020 UNDER THIS AGREEMENT SHALL IN NO EVENT EXCEED FEES ACTUALLY PAID BY COMPANY TO Alliance 2020 DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT ON WHICH THE CLAIM OF LIABILITY IS BASED.
11. CONFIDENTIALITY. Each Party agrees: (i) that it will use (and will ensure that its employees, Affiliates, agents, contractors and any approved third parties use) reasonable efforts (which shall be no less than the efforts used to protect its own confidential information of a similar nature) to prevent the disclosure of the other Party’s Confidential Information to any person or entity, unless authorized by the other Party; and (ii) it will not use Confidential Information of the other Party for any purpose other than as authorized by this Agreement or by the other Party. As to Alliance 2020, the term “Confidential Information” includes information specifically designated as confidential or that would be understood to be confidential or proprietary by a reasonable person, the features and functions of the Services that are not available to the general public via the public Internet (including screen shots of the same), future product plans, and any Documentation or specification provided to Company, the commercial terms (including pricing) of this Agreement and any Statement of Work (but not the mere existence of this Agreement), performance and security test results (whether conducted by Alliance 2020 or Company), and any other proprietary, financial or business information supplied to Company by Alliance 2020. As to Company, the term “Confidential Information” includes information specifically designated as confidential or that would be understood to be confidential or proprietary by a reasonable person. Notwithstanding the foregoing, “Confidential Information” shall not include (i) information which is or becomes publicly known through no act of omission of the receiving Party, or (ii) information gained by the receiving Party independent of the disclosing Party. Notwithstanding the foregoing, it shall not be a breach of this Agreement to disclose Confidential Information required to be disclosed pursuant to administrative or court order, government or regulatory investigation or requirement, or arbitration or litigation arising out of this Agreement; provided, however, that to the extent permissible, each Party shall, in advance of any such disclosure promptly notify the other Party in order to enable the other Party reasonable time to seek a protective order with respect to the requested information or otherwise challenge or oppose the disclosure requirement. The Parties acknowledge that use or disclosure of any Confidential Information of the other Party in a manner inconsistent with this Agreement may give rise to irreparable injury to the disclosing Party or to third parties who have entrusted information to the disclosing Party, and such disclosure may be inadequately compensable in damages. Accordingly, in addition to any other legal remedies that may be available at law or in equity, the disclosing Party shall be entitled to seek equitable or injunctive relief against the unauthorized use or disclosure of Confidential Information. For avoidance of doubt, the Software Service is designed to facilitate sharing of Company Data by Company and its Users for permitted purposes. Accordingly, Company Data is not “Confidential Information” for purposes of this Section 12. Alliance 2020’s obligations with respect to Company Data are as set forth in Section 2.1.2 (Protection of Company Data).
12. GOVERNING LAW AND VENUE. This Agreement shall be governed by, construed and enforced in accordance with the internal laws of the State of Washington, without giving effect to principles and provisions thereof relating to conflict or choice of laws irrespective of the fact any one of the Parties is now or may become a resident of a different state. Venue for any action under this Agreement shall lie only in the United States District Court — Western District of Washington. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to any of the transactions contemplated by this Agreement.
13. ASSIGNMENT. Neither Party shall assign this Agreement, or any of its rights or obligations hereunder, without the prior written consent of the other Party, which shall not be unreasonably withheld or delayed. Notwithstanding the foregoing, Alliance 2020 may assign this Agreement in its entirety without prior written consent pursuant to any corporate reorganization or merger of its business, or pursuant to any sale of all or substantially all of its assets. Alliance 2020 may delegate duties under this Agreement to third parties, provided that Alliance 2020 is responsible for such parties’ performance and compliance with the provisions of this Agreement.
14. WAIVER. All waivers must be in writing. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
15. AMENDMENT. This Agreement may only be modified by a writing executed by both Parties.
16. PREVAILING PARTY FEES. In any controversy, claim or dispute arising out of or relating to this Agreement or the method or manner of performance thereof or the breach thereof, the prevailing Party shall be entitled and awarded in addition to any other relief, its reasonable attorney’s fees, expert witness fees and costs.
17. SEVERABILITY. If any term or provision of this Agreement or any application thereof to any person or circumstance shall to any extent be invalid or unenforceable, the remainder of this Agreement or the application of such terms or provisions to person or circumstances other than those to which it is held invalid or unenforceable shall not be affected thereby and each term and provision of the Agreement shall be valid and enforceable to the fullest extent permitted by law.
INDEPENDENT CONTRACTOR/USE OF SUBCONTRACTORS. Nothing contained in this Agreement shall be deemed or construed by the Parties hereto or by any third person to create the relationship of principal and agent or partnership or of any association between any of the Parties hereto other than independent contracting parties. Alliance 2020 may, in the ordinary course of business, use subcontractors to perform the Services where it is customary to do so.
18. NOTICES. Any notice, payment, demand, or communication required or permitted to be given by any provision of this Agreement shall be in writing and sent by telephone facsimile transmission, certified or registered mail with return receipt requested, or express courier or delivery service and addressed to Company at the address then on record at Alliance 2020, or to such other address as Company may from time to time specify by notice to Alliance 2020 in writing. Company may deliver notices to Alliance 2020 at 19800 North Creek Parkway, Suite 200, Bothell, WA 98011 Attn: General Counsel, or to such other address as Alliance 2020 may from time to time specify by notice to Company in writing or by means of an alert on Company’s dashboard.
19. FORCE MAJEURE. Neither Party is responsible for any failure to perform under this Agreement when such failure arises from or relates to any acts of God, public enemies, acts of terrorism, inability to obtain materials (including necessary data) or reasonable substitutes for materials (including necessary data), inability to obtain power, internet service provider failures or delays, civil war, insurrection, riot or demonstration, fire, flood, explosion, earthquake, accident, strike labor difficulties, work interruption or any other cause beyond its reasonable control.
20. AUTHORITY OF SIGNATORY. Each Party represents that the person signing this Agreement is duly authorized to legally bind Company or Alliance 2020 (as the case may be) to the Agreement.
21. NO CONSTRUCTION AGAINST DRAFTER. The Parties affirm and agree they have had an opportunity to consult with their respective counsel and with such other experts or advisors as they have deemed necessary in connection with this Agreement. This Agreement shall be construed without any presumption or rule requiring this Agreement to be construed against the Party causing this Agreement, or any part of it to be drafted.
21. AGREEMENT IN ENTIRETY. This Agreement (including Order Forms, exhibits, amendments and any addenda or Statement of Work(s) hereto which are incorporated herein by reference) sets forth the entire understanding of the Parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, covenants, negotiations, arrangements, communications, representations, understandings or warranties, whether oral or written, by any officer, employee, or representative of either Party relating thereto. There are no other understandings, statements, promises or inducements, oral or otherwise, contrary to the terms of this Agreement. However, required federal and state certifications, affidavits, etc., if any, needed for compliance with applicable law, will be construed to be part of this Agreement. In the event there is any conflict between this Agreement and any other agreements between Company and Alliance 2020, the relevant terms and conditions of this Agreement shall control.
22. MEDIA RELEASES. Except for any announcement intended solely for internal distribution by Company or any disclosure required by legal, accounting, or regulatory requirements beyond the reasonable control of Company, all media releases, public announcements, or public disclosures (including, but not limited to, promotional or marketing material) by Company or its employees or agents relating to this Agreement or its subject matter, including the name, trade name, trade mark, or symbol of Alliance 2020 or any affiliate of Alliance 2020, shall be coordinated with and approved in writing by Alliance 2020 prior to the release thereof. Company shall permit Alliance 2020 to use Company’s name and logo for marketing purposes.
23. ELECTRONIC SIGNATURES. This Agreement and any amendments hereto may be executed via electronic signature pursuant to 15 U.S.C. Ch. 96 (and other relevant e-signature legislation). Any electronic signature will appear in the signature block at the end of this Agreement.
24. COUNTERPARTS. This Agreement may be executed in two or more counterparts (each of which need not be executed by each of the Parties), each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
25. THIRD PARTY SOURCES. Company understands that some information provided by Alliance 2020 is provided to Alliance 2020 by third party sources and that some or all of these third party sources may prohibit Alliance 2020 from providing information from such sources to Company. Should a third party source advise Alliance 2020 that it may not provide information from such source to a Alliance 2020 customer, Alliance 2020 will endeavor to provide such information from another source if practicable and efficient or Alliance 2020 can advise Company as soon as possible that it will be unable to provide such information and fulfill that portion of Company’s request. Company understands that if this occurs, Alliance 2020 is acting within its rights under this Agreement and that Alliance 2020 is not subject to any liability or damages for such action.
BACKGROUND SCREENING REQUIREMENTS
Alliance 2020 will furnish Company with Screening Reports for the screening of applicants (“Applicant”), conditioned upon Company’s compliance with this Exhibit and fulfillment of all of its obligations (including payment) under this Agreement. In utilizing Alliance 2020’S Services in regard to Screening Reports, Company is considered a user of consumer reports and/or investigative consumer reports under the FCRA and applicable state laws.
Company hereby certifies that all of its orders for Screening Reports from Alliance 2020 shall be made, and the resulting reports shall be used for employment purposes, as defined in the FCRA, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission.
1. Employer Certification.
1.1. Company shall be responsible for identifying and complying with all federal (including, without limitation, the FCRA), state and local laws and regulations applicable to Company in connection with its procurement and use of Screening Reports furnished by Alliance 2020. Company accepts full responsibility for any and all consequences of use or dissemination of those Screening Reports. Company further agrees that each Screening Report will only be used for a one-time use. Company certifies to Alliance 2020 that Company will comply with all applicable provisions of the attached Exhibit A-1 (“Notice to Users of Consumer Reports: Obligations of Users Under the FCRA”), which explains Company’s obligations under the FCRA as a user of consumer information and acknowledges receipt of such Notice. Without limitation Company agrees that (i) prior to procurement of a consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer, in a document that consists of only the disclosure, that a consumer report will be obtained for employment purposes; and (b) The consumer has authorized in writing the procurement of the report by Company; (ii) prior to procurement of an investigative consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer in a document that consists of only the disclosure that an investigative consumer report including information as to the consumer’s character, general reputation, personal characteristics and/or mode of living will be obtained for employment purposes; and (b) Such disclosure contains a statement advising the consumer of his/her right to request a complete and accurate statement regarding the nature and scope of the requested investigative consumer report and his/her right to request a copy of the rights of the consumer under the FCRA, a copy of which is attached hereto as Exhibit A-2 (“A Summary of Your Rights Under the Fair Credit Reporting Act”); and (iii) in using a Screening Report for employment purposes, before taking any adverse action based in whole or in part on the Screening Report, the Company shall provide to the consumer to whom the Screening Report relates: (a) A copy of the Screening Report; (b) A copy of the notice titled “A Summary of Your Rights Under the Fair Credit Reporting Act” attached hereto as Exhibit A-2, and any applicable state summary of rights; and (c) A reasonable opportunity of time to correct any erroneous information contained in the Screening Report. Company further certifies that information from any consumer report or Screening Report will not be used in violation of any applicable federal or state equal opportunity law or regulation.
2. California Certification.
2.1. Company hereby certifies that, under the Investigative Consumer Reporting Agencies Act (“ICRA”), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act (“CCRAA”), California Civil Code Sections 1785.1 et seq., if Company is located in the State of California, and/or Company’s request for and/or use of Screening Reports pertains to a California resident or worker, Company will do the following:
2.1.1. Request and use Screening Reports solely for permissible purpose(s) identified under California Civil Code Sections 1785.11 and 1786.12.
2.1.2. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, provide a clear and conspicuous disclosure in writing to the consumer, which solely discloses: (i) that an investigative Screening Report may be obtained; (ii) the permissible purpose of the investigative Screening Report; (iii) that information on the consumer’s character, general reputation, personal characteristics and mode of living may be disclosed; and (iv) the name, address, and telephone number of Alliance 2020; and (v) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22.
2.1.3. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, only request a Screening Report if the applicable consumer has authorized in writing the procurement of the Screening Report.
2.1.4. When a Screening Report is sought in connection with the hiring of a dwelling unit, notify the consumer in writing that a Screening Report will be made regarding the consumer’s character, general reputation, personal characteristics, and mode of living. The notification shall include the name and address of Alliance 2020 as well as a summary of the provisions of California Civil Code Section 1786.22. The consumer shall be notified not later than three days after the date on which the Screening Report was first requested.
2.1.5. When a Screening Report is sought in connection with the underwriting of insurance, clearly and accurately disclose in writing at the time the application form, medical form, binder, or similar document is signed by the consumer that a Screening Report regarding the consumer’s character, general reputation, personal characteristics, and mode of living may be made, or, if no signed application form, medical form, binder, or similar document is involved in the underwriting transaction, the disclosure shall be made to the consumer in writing and mailed or otherwise delivered to the consumer not later than three days after the Screening Report was first requested. The disclosure shall include the name and address of Alliance 2020, the nature and scope of the investigation requested, and a summary of the provisions of California Civil Code Section 1786.22.
2.1.6. Provide the consumer a means by which he/she may indicate on a written form, by means of a box to check, that the consumer wishes to receive a copy of any Screening Report that is prepared.
2.1.7. If the consumer wishes to receive a copy of the Screening Report, send (or contract with another entity to send) a copy of the Screening Report to the consumer within three business days of the date that the Screening Report is provided to Company. The copy of the Screening Report shall contain the name, address, and telephone number of the person who issued the report and how to contact him/her.
2.1.8. Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 if the taking of adverse action is a consideration, which shall include, but may not be limited to, advising the consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Screening Report, informing the consumer in writing of Alliance 2020’s name, address, and telephone number, and provide the consumer with a written notice of his/her rights under the ICRA and the CCRAA.
2.1.9. Comply with all other requirements under applicable California law, including, but not limited to any statutes, regulations and rules governing the procurement, use and/or disclosure of any Screening Reports, including, but not limited to, the ICRA and the CCRAA.
3. Consumer Requests for Additional Disclosures. In addition to the disclosure requirements identified above, if the consumer makes a written request within a reasonable amount of time, Company will provide: (1) information about whether an investigative consumer report has been requested; (2) written disclosure of the nature and scope of the investigation requested, if an investigative consumer report has been requested; and (3) Alliance 2020’s contact information, including complete address and toll-free telephone number. This information will be provided to the consumer no later than five (5) days after the request for such disclosure was received from the consumer or such report was first requested, whichever is the latter.
4. In addition to the requirements above, Company:
4.1. Shall comply with, without limitation, the Americans with Disabilities Act, the Drivers Privacy Protection Act (“DPPA”) and any applicable state laws if Company is obtaining Motor Vehicle Reports (“MVRs”), the Gramm-Leach-Bliley Act and federal and state employment laws.
4.2. If Screening Reports include MVRs:
4.2.1. Shall be responsible for understanding and for staying current with all specific state forms, certificates of use or other documents or agreements including any changes, supplements or amendments thereto imposed by the states (collectively referred to as “Specific State Forms”) from which it will order MVRs. Company certifies that it will file all applicable Specific State Forms required by individual states.
4.2.2. Certifies that no MVRs shall be ordered without first obtaining the written consent of the consumer to obtain “driving records,” evidence of which shall be transmitted to Alliance 2020 in the form of the consumer’s signed release authorization form. Company also certifies that it will use this information only in the normal course of business to obtain lawful information relating to the holder of a commercial driver’s license or to verify information provided by an applicant or employee. Company shall not transmit any data contained in the resulting MVR via the public internet, electronic mail or any other unsecured means.
4.2.3. Shall execute and deliver to Alliance 2020 upon execution of this Agreement and annually thereafter for as long as Company receives MVRs, an Affidavit of Intended Use, attached hereto as Attachment A.
4.3. If requesting verification of current employment status or a reference check with respect to any Applicant, certifies that it will not request verification of current employment status from Applicant’s current employer without first obtaining permission from the Applicant to contact Applicant’s current employer.
4.4. Shall base all of its hiring decisions and related actions on its policies and procedures and not rely on Alliance 2020 for (nor shall Alliance 2020 render) legal advice regarding employment decisions.
4.5. Shall keep strictly confidential any information and identification numbers and passwords it receives from or gains access to through Alliance 2020, bear responsibility for all account activity within Company’s scope of use, use Company’s account only for the purposes authorized under this Agreement, and not sublicense, license, rent, sell, loan, give or perform marketing activities to make available all or any part of Company’s account to a third party.
4.6. Shall provide access to Screening Reports provided by Alliance 2020 only to Company employees, agents and representatives of Company who fully review and understand Company’s obligations under the FCRA and this Agreement and who agree to comply with those obligations.
4.7. Shall ensure that Users do not request and/or obtain Screening Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate business transaction or for a valid FCRA permissible purpose.
4.8. Shall provide Alliance 2020 with accurate employee identification, address, or other information, and when available, e-mail contact information.
4.9. Understands and acknowledges that, in the course of completing background checks, Alliance 2020 may uncover active arrest warrants which are outstanding against the Applicant. In these cases, Alliance 2020 may be contacted by the law enforcement agency seeking the Applicant. Company understands that Alliance 2020 will furnish to law enforcement any information contained within the subject’s file to assist in the apprehension of the Applicant. Additionally, Alliance 2020 may contact Company, and Company agrees to release to Alliance 2020, any and all information Company may have which will further the apprehension of the wanted individual.
4.10. Shall not resell, sublicense, deliver, display or otherwise distribute any Screening Reports provided by Alliance 2020 to any third party. ANY PERSON WHO WILLFULLY AND KNOWINGLY OBTAINS, RESELLS, TRANSFERS, OR USES INFORMATION IN VIOLATION OF LAW MAY BE SUBJECT TO CRIMINAL CHARGES AND/OR LIABLE TO ANY INJURED PARTY FOR TREBLE DAMAGES, REASONABLE ATTORNEY’S FEES AND COSTS. OTHER CIVIL AND CRIMINAL LAWS MAY ALSO APPLY.
5. Alliance 2020 shall:
5.1. Take reasonable procedures to comply with all applicable federal, state and local laws in the preparation and transmission of Screening Reports including, without limitation, responding appropriately to any assertions by an Applicant that a Screening Report contains inaccurate information.
5.2. Maintain reports and other records as required by applicable law.
5.3. Comply with all credentialing requirements imposed by any third parties or Alliance 2020’s internal protocols so Alliance 2020 can confirm that Screening Reports are only provided to legitimate business entities. Such credentialing may include an on-site visit by Alliance 2020.
6. Disclaimer of Warranties (Screening Reports).
6.1. Screening Reports and other information in the Alliance 2020 databases have been compiled from public records and other proprietary sources for the specific purposes of providing background information and therefore such information is obtained by Alliance 2020, and reported to Company, “AS IS”. Neither Alliance 2020 nor any of its suppliers represents or warrants that the information from such records is complete or accurate; however, Alliance 2020 warrants and represents that it will have reasonable procedures in place to report the information as provided by such sources. Except for the limited warranty above, Alliance 2020 HEREBY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES REGARDING THE PERFORMANCE OF THE SERVICE AND THE ACCURACY, CURRENCY, OR COMPLETENESS OF ANY DATA, INFORMATION OR SCREENING REPORT, INCLUDING (WITHOUT LIMITATION) ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT, AND ANY IMPLIED INDEMNITIES.
6.2. Company understands that searches of international background screening will be conducted through the services of a third-party independent contractor. Because of differences in foreign laws, language, and the manner in which foreign records are maintained and reported, Alliance 2020 cannot be either an insurer or a guarantor of the accuracy of the information reported. Company therefore releases Alliance 2020 and its affiliated companies, officers, agents, employees, and independent contractors from any liability whatsoever in connection with erroneous information received as a result of an international background screening report.
6.3. Alliance 2020 recommends that Company screen its applicants or employees at the county court-house or online system, federal, and multi-state/nationwide database levels. Company understands that if it chooses not to conduct searches at these levels, Alliance 2020 cannot be held responsible for any records that exist that are not included in the coverage requested by Company. Company further understands that the multi-state/nationwide database report will only be offered in conjunction with a county-level verification of any records found and that Company will bear any additional costs associated with this verification.
7. Note on Credit Reports and Credit Bureaus.
7.1. Credit bureaus require specific documents and certifications, which may be in the form of addendums to this Agreement, in connection with providing credit reports. Executing this Agreement is only one of the steps necessary to complete an application process with a credit bureau. Alliance 2020 retains the right to request additional documentation and certifications from Company, as well as a physical inspection of Company’s business location, from time to time in order to comply with credit bureau requirements, and Company understands that it shall not be entitled to receive credit reports unless and until it honors all requests for information and delivers such certifications.
7.2. Company certifies, if receiving credit reports through Alliance 2020, that it will promptly notify Alliance 2020 of any change in Company location, structure, ownership or control, including but not limited to the addition of any branch(es) that will be requesting and/or accessing credit reports. Company understands that any such change may require Company to re-submit to Alliance 2020 certain documentation and certifications described in section 7.1 above, as well as submit to a new physical inspection.
7.3. Credit reports are only accessible through pre-authorized static Internet Protocol (IP) addresses that have been registered with Alliance 2020. To access credit reports, Company will be required to provide Alliance 2020 with all static IP addresses. Company will not be able to access credit reports through Dynamic Host Configuration Protocol (DHCP) or IP ranges.
7.4. Credit bureaus may prohibit the following persons, entities and/or businesses from obtaining credit reports: bail bond enforcement or bounty hunters, internet people locator services, diet centers, adoption search firms, credit repair companies or credit clinics, for profit credit counseling, loan modification companies, attorneys, law firms, investigative companies (including private investigators and detective agencies except those licensed for and exclusively practicing, investigative work for employment purposes), media agencies, news agencies, journalists, non-governmental agencies or businesses associated with the collected of child support, dating services, asset location services (does not include collection agencies), condominium/homeowners associations, future services including but not limited to continuity and health clubs (except health club/spas human resources departments), timeshare, companies involved and/or associated with inappropriate adult content web sites and/or adult-type telephone services, businesses that operate out of an apartment, companies or individuals who are known to have been involved in credit fraud or other unethical business practices, any person or entity known or suspected to be engaged in fraudulent or illegal activity such as identity theft, harassment or stalking, any company or individual listed as a Specially Designated National on the Office of Foreign Asset Control (OFAC) website, or persons or entities that are not an end-user or decision maker.
All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau’s website, www.consumerfinance.gov/learnmore and is incorporated into these terms by reference.
Para informacion en espanol, visite www.consumerfinance.gov/learnmore o escribe a la Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.
A Summary of Your Rights Under the Fair Credit Reporting Act
The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under the FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to:
Consumer Financial Protection Bureau
1700 G Street N.W.
Washington, DC 20552.
You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment — or to take another adverse action against you — must tell you, and must give you the name, address, and phone number of the agency that provided the information.
You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your “file disclosure”). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if:
- a person has taken adverse action against you because of information in your credit report;
- you are the victim of identity theft and place a fraud alert in your file;
- your file contains inaccurate information as a result of fraud;
- you are on public assistance;
- you are unemployed but expect to apply for employment within 60 days.
In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information.
You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender.
You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous.
See www.consumerfinance.gov/learnmore for an explanation of dispute procedures.
Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate.
Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old.
Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need — usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access.
You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore.
You may limit “prescreened” offers of credit and insurance you get based on information in your credit report. Unsolicited “prescreened” offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address from the lists these offers are based on. You may opt-out with the nationwide credit bureaus at 1-888-567-8688.
You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court.
Identity theft victims and active duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore.
States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General. For information about your federal rights, contact:
1700 G Street NW
Washington, DC 20552
1a. Such affiliates that are not banks, savings associations, or credit unions also should list, in addition to the CFPB:
Washington, DC 20580
Customer Assistance Group
1301 McKinney Street, Suite 3450
Houston, TX 77010-9050
Customer Assistance Group
1301 McKinney Street, Suite 3450
Houston, TX 77010-9050
P.O. Box 1200
Minneapolis, MN 55480
FDIC Consumer Response Center
1100 Walnut Street, Box #11
Kansas City, MO 64106
National Credit Union Administration
Office of Consumer Protection (OCP)
Division of Consumer Compliance and Outreach (DCCO)
1775 Duke Street
Alexandria, VA 22314
1200 New Jersey Avenue, SE
Washington, DC 20590
395 E Street S.W.
Washington, DC 20423
United States Small Business Administration
409 Third Street, SW, 8th Floor
Washington, DC 20416
100 F St NE
Washington, DC 20549
1501 Farm Credit Drive
McLean, VA 22102-5090
or Federal Trade Commission: Consumer Response Center- FCRA
Washington, DC 20580
ACCESS SECURITY REQUIREMENTS
The following information security measures are designed to reduce unauthorized access to consumer information. It is Company’s responsibility to implement these controls. If Company does not understand these requirements or needs assistance, it is Company’s responsibility to employ an outside service provider to assist it. Capitalized terms used herein have the meaning given in the Glossary attached hereto. These Access Security Requirements may change without notification. The information provided herewith provides minimum baselines for information security.
In accessing Alliance 2020’s Software Service and/or Experian’s credit reporting services, where applicable, Company agrees to follow these security requirements:
Implement Strong Access Control Measures
1.1. Each user shall maintain a unique user ID and password to enable individual authentication and accountability for access to credit information.
1.2. User ID(s) and passwords are to be kept Confidential and not shared or given to others. Account numbers and passwords should be known only by supervisory personnel. System access software which utilizes user ID(s) or passwords must have these components hidden or embedded.
1.3. Develop strong passwords that are:
Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)
Contain a minimum of seven (7) alphanumeric characters for standard user accounts
1.4. Restrict the number of key personnel who have access to credit information. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand the requirements to access such information are only for the permissible purpose for which you have been granted access to credit reports by Alliance 2020. Ensure that employees do not access credit reports on themselves or any family member(s) or friend(s) unless it is in connection with a legitimate business transaction or for another permissible purpose.
1.5. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.
1.6. Implement a process to terminate access rights immediately for users who are terminated or when they have a change in their job tasks and no longer require access to credit information.
1.7. After normal business hours, turn off and lock all devices or systems used to obtain credit information.
1.8. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.
2. Maintain a Vulnerability Management Program
2.1. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.
2.2. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3. Implement and follow current best security practices for Computer Virus detection scanning services and procedures:
Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.
If an actual or potential virus is suspected, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.
2.4. Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:
Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.
If actual or potential Spyware is suspected, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.
Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), it is recommended that anti-Spyware scans be completed more frequently than weekly.
3. Protect Data
3.1. Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc).
3.2. All credit information is classified as Confidential and must be secured to this requirement at a minimum.
3.3. Encrypt all credit reporting agency data and information when stored on any company laptop computer and in company’s database using AES or 3DES with 128-bit key encryption at a minimum.
3.4. Only open email attachments and links from trusted sources and after verifying legitimacy.
4. Maintain an Information Security Policy
4.1. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.
4.2. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.
4.3. Per the FACTA Disposal Rules, implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.
5. Build and Maintain a Secure Network
5.1. Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.
5.2. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.
5.3. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.
5.4. Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services and network traffic.
5.5. Encrypt Wireless access points with a minimum of WEP 128 bit encryption.
5.6. Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.
6. Regularly Monitor and Test Networks
6.1. Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).
6.2. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit information systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:
- protecting against intrusions;
- securing the computer systems and network devices;
- and protecting against intrusions of operating systems or software.
“Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.”
Glossary to Access Security Requirements
Information Lifecycle or Data Lifecycle