SterlingONE
STERLING TALENT SOLUTIONS MASTER SERVICES AGREEMENT

The Parties agree STERLING TALENT SOLUTIONS' provision of consumer reports and/or investigative consumer reports (collectively, "Screening Reports"), as those terms are defined by the Fair Credit Reporting Act, as amended ("FCRA"), and applicable state laws, is subject to the employer certification requirements and other requirements contained in Exhibit A to this Agreement (the "Background Screening Requirements"), the terms of which are incorporated by this reference as if fully set forth herein.
  1. DEFINITIONS
  2. 1.1.
    "Affiliate" means any entity Controlled by, Controlling, or under common Control with a Party to this Agreement.


    1.2.
    "Agreement" means, collectively, this Sterling Talent Solutions Master Services Agreement, together with any exhibits, attachments, schedules, addenda, and appendices or documents attached hereto or incorporated herein, including any Order Forms, Statements of Work or amendments referencing this Agreement.


    1.3.
    "Company Data" means any and all information, including all forms, attachments, media and files, provided, entered or uploaded to the Software Service by any User, including Company's (or its Affiliates') employees, agents, contractors, or third party employment candidates authorized to access the Software Services.


    1.4.
    "Control" means either the direct or indirect control of more than 50% of the shares or other equity interests of the subject entity entitled to vote in the election of directors (or, in the case of an entity that is not a corporation, for the election or appointment of the corresponding managing authority).


    1.5.
    "Deliverable" means the custom developed documents, designs, and other materials authored or prepared by STERLING TALENT SOLUTIONS for and provided to Company as part of a Professional Services engagement pursuant to a Statement of Work. The term "Deliverable" does not include the Software Service (including all modifications and/or enhancements to the Software Service), the Documentation, STERLING TALENT SOLUTIONS' proprietary education and training content, if any, or any pre-existing materials related to STERLING TALENT SOLUTIONS' Professional Services processes and methodology, whether or not incorporated in a Deliverable.


    1.6.
    "Documentation" means tutorials and/or user manuals, if any, and/or technical requirements documents, if any, that are generally provided by STERLING TALENT SOLUTIONS to customers in connection with the Software Service.


    1.7.
    "Order Form" means a mutually executed "Order Form and Pricing Schedule" that sets forth the Services to be provided under this Agreement.


    1.8.
    "Professional Services" means implementation, configuration, or other professional services related to the Software Service that are ordered by Company pursuant to an Order Form and set forth in an applicable Statement of Work, as further described in Section 8.


    1.9.
    "Services" means, collectively, the Software Service, Professional Services and Support Services and any other related services ordered by Company pursuant to an Order Form and/or any applicable Statement of Work.


    1.10.
    "Software Service" means STERLING TALENT SOLUTIONS' internet-delivered software applications that are ordered by Company and reflected on an Order Form.


    1.11.
    "Support Services" means support and maintenance services for the Software Service provided in accordance with Section 2.1.1.


    1.12.
    "Term" means the Initial Term and any Renewal Terms (as those terms are defined in Section 3 of this Agreement).


    1.13.
    "Users" means individuals who are authorized by Company to access the Software Service and who have been supplied user identifications and passwords by Company (or by STERLING TALENT SOLUTIONS at Company's request). Users may include but are not limited to Company's employees, consultants, contractors, agents, and candidates applying for employment whom Company has authorized to access the Software Service, provided in all cases that the use is solely for the benefit of Company.


  3. PROVISION AND USE OF THE SOFTWARE SERVICE
  4. 2.1.
    STERLING TALENT SOLUTIONS' Rights and Responsibilities.


    2.1.1.
    Provision of Software Service; Support and Availability. Subject to the terms and conditions of this Agreement, STERLING TALENT SOLUTIONS shall host and maintain the Software Service and make it available to Company throughout the Term. STERLING TALENT SOLUTIONS will provide customer support, data back-up, and disaster recovery services for the Software Service in accordance with this Agreement and STERLING TALENT SOLUTIONS' then-current policies and practices, which policies may be acquired from STERLING TALENT SOLUTIONS upon written request. STERLING TALENT SOLUTIONS reserves the right to make changes at any time to its policies, procedures and practices regarding Support Services and to make changes to its hosting and technical infrastructure, provided that such changes do not materially degrade the overall level of support provided to STERLING TALENT SOLUTIONS customers. Notwithstanding the foregoing, STERLING TALENT SOLUTIONS shall use commercially reasonable efforts to make the Software Service available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which STERLING TALENT SOLUTIONS shall schedule to the extent practicable during the weekend hours from 6:00 p.m. Friday to 3:00 a.m. Monday Pacific Time), or (ii) any unavailability caused by Force Majeure Events (as defined in Section 21 below).


    2.1.2.
    Protection of Company Data. STERLING TALENT SOLUTIONS shall maintain reasonable administrative, physical, and technical safeguards for the Software Service designed to protect the security, confidentiality and integrity of Company Data. STERLING TALENT SOLUTIONS shall not knowingly (i) modify Company Data, except as instructed by Company, (ii) disclose Company Data, except as compelled by law or as necessary to provide the Services hereunder, including disclosing it to (a) Users in connection with Company's use of the Software Service and in accordance with the license granted in Section 2.2.4 and (b) STERLING TALENT SOLUTIONS' service providers who act on STERLING TALENT SOLUTIONS' behalf in providing the Software Service, provided that STERLING TALENT SOLUTIONS will remain responsible for compliance with this Agreement by any such service providers acting on its behalf, or (iii) access Company Data, except as reasonably necessary to prevent or address service or technical problems, to respond to Company's request in connection with customer support matters, for statistical reporting purposes, or as reasonably necessary to protect STERLING TALENT SOLUTIONS, Company, Users or the data subject. STERLING TALENT SOLUTIONS may aggregate, use, distribute, and publish anonymous statistical data regarding use and functioning of the Software Service by its customers. Such aggregated statistical data will be the sole property of STERLING TALENT SOLUTIONS.


    2.2.
    Company's Rights and Responsibilities.


    2.2.1.
    License to Software Service. During the Term, STERLING TALENT SOLUTIONS grants to Company a limited, non-transferable, non-exclusive right to access and use the Software Service and Documentation for Company's internal use in accordance with this Agreement. STERLING TALENT SOLUTIONS will host and retain physical control over the Software Service and make any computer programs and code available for access, use and operation by Company only through a web-browser. No provision under this Agreement shall obligate STERLING TALENT SOLUTIONS to deliver or otherwise make available any copies of computer programs or code from the Software Service to Company, whether in object code or source code form. Company may not remove or alter any of the logos, trademark, patent or copyright notices, confidentiality or proprietary legends or other notices or markings within the Software Service or Documentation.


    2.2.2.
    Usage Limits. The license granted in Section 2.2.1 is subject to the "employee count" and other limitations set forth in an applicable Order Form. The Software Service may not be used by or for the benefit of Company employee populations (e.g., the employee populations to which the Software Service applies or benefits) in excess of the maximum employee count. For purposes of this Section 2.2.2, an employee is any distinct individual included in the payroll system of Company. Company agrees to submit to a reasonable audit of its compliance with any such usage limits upon reasonable notice by STERLING TALENT SOLUTIONS, not more than once per calendar year.


    2.2.3.
    Responsibility for Users. Company shall: (i) be responsible for its Users' compliance with the terms of this Agreement, and for all use of the Software Service that occurs under its Users' accounts (and accordingly, to safeguard login credentials for the Software Service), (ii) be solely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness and copyright of all Company Data and provide STERLING TALENT SOLUTIONS with all information and data that STERLING TALENT SOLUTIONS requires in order to perform the Services, (iii) promptly notify STERLING TALENT SOLUTIONS of any unauthorized access or use, and (iv) use the Software Service only in accordance with applicable laws and government regulations.


    2.2.4.
    License to Company Data. Company represents and warrants that it has obtained all rights, permissions and consents necessary for it (or its Users) to submit Company Data to STERLING TALENT SOLUTIONS, and for STERLING TALENT SOLUTIONS to use and disclose that Company Data as set forth in this Agreement and STERLING TALENT SOLUTIONS' Privacy Policy as such Privacy Policy may be updated and posted on the STERLING TALENT SOLUTIONS Web site from time to time. Company hereby grants STERLING TALENT SOLUTIONS a limited, worldwide, non-sublicenseable, non-transferable (except as expressly provided herein) license to store, display, distribute and reproduce the Company Data to the extent necessary to provide the Software Service and its features in accordance with this Agreement, including making it available for viewing, download and modification by other Users. Company acknowledges that it is responsible for the distribution of Company Data by its Users via the Software Service, and that STERLING TALENT SOLUTIONS will have no liability in connection with any disclosure of Company Data that is authorized by Users via the Software Service.


    2.2.5.
    Screening Reports. If ordering Screening Reports from STERLING TALENT SOLUTIONS, Company shall comply with the requirements set forth in Exhibit A hereto (the Background Screening Requirements).


    2.2.6.
    Restrictions. Company shall not, and shall ensure that its Users do not: (i) use the Software Service for any purpose other than Company's internal business purposes; (ii) allow any third party other than Users to access the Software Service, (iii) sell, resell, rent or lease the Software Service (or access to it) to any third party, (iv) use the Software Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third party privacy rights, or otherwise use the Software Service in violation of applicable laws, (v) store or submit to the Software Service any viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs (collectively, "Malicious Code"), (vi) interfere with or disrupt the integrity or performance of the Software Service or third party data contained therein, (vii) attempt to gain unauthorized access to the Software Service or their related systems or networks or (viii) make derivative works of, disassemble, or attempt to reverse compile or reverse engineer any part of the Software Service or Documentation, or access the Software Service or Documentation in order to build a similar or competitive product or service (or contract with a third party to do so).


    2.2.7.
    Safeguards. Company shall maintain records as required by law and maintain reasonable and appropriate physical, technical and administrative measures designed to protect against unauthorized access to and/or misuse of the Software Service and Confidential Information (as defined in Section 12), including, without limitation, adhering to the minimum requirements contained in Exhibit B to this Agreement (the "Access Security Requirements").


    2.2.8.
    Audits. Company agrees to cooperate with any reasonable audit or investigation by Sterling Talent Solutions and/or a vendor of Sterling Talent Solutions to assure compliance with the terms of this Agreement. Company understands that any failure to cooperate with reasonable requests regarding an audit or investigation constitutes grounds for immediate suspension of the Services and termination of this Agreement.


  5. TERM AND TERMINATION. This Agreement shall begin on the Effective Date noted in the Order Form, and, unless earlier terminated as provided herein, shall continue for a period of 12 months (the "Initial Term"). After the Initial Term, this Agreement shall automatically renew for successive one-year periods (each a "Renewal Term") unless one Party provides the other Party with written notice of its intent to not renew the Agreement at least ninety (90) days prior to the expiration of the then-current Term. Anything in this Agreement to the contrary notwithstanding, including but not limited to this Section 3, if the term of any Statement of Work or any Services in an Order Form extend beyond the Term of this Agreement, then this Agreement shall automatically continue in full force and effect beyond the stated Term for so long as any Statement of Work or Order Forms remain in force.
  6. 3.1.
    Termination. Either Party may terminate this Agreement immediately for cause upon providing written notice if (a) the other Party materially breaches this Agreement and fails to cure its breach within thirty (30) days after receiving written notice of the breach, or (b) the other Party terminates or suspends its business as a result of bankruptcy, insolvency or any similar event.


    3.2.
    Surviving Provisions. Section 3.2 (Surviving Provisions), 3.3 (Effect of Termination), Section 3.4 (Return of Company Data), Sections 4 (Fees) and Section 5 (Invoicing and Payment) (but only with respect to amounts accrued but unpaid as of termination), Section 7 (Intellectual Property Ownership), Section 9 (Warranties and Disclaimers), Section 10 (Indemnification), Section 11 (Limitation of Liability), Section 12 (Confidentiality), and Sections 13-25 shall survive any termination or expiration of this Agreement.


    3.3.
    Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) Notwithstanding any provision of any surviving section, Company will have no further right to use the Software Service except to the extent set forth in Section 3.4 (Return of Company Data) below; (b) Company will not be entitled to any refund of fees paid, except that if Company terminates the Agreement for STERLING TALENT SOLUTIONS' uncured breach pursuant to Section 3.1 (Termination), Company will be entitled to a pro rata refund of prepaid, unused platform license fees for the Software Service specified in an Order Form; and (c) Company will promptly pay to STERLING TALENT SOLUTIONS all amounts that are accrued but unpaid under this Agreement as of the effective date of termination.


    3.4.
    Return of Company Data. Upon written request by Company made within thirty (30) days after the effective date of termination of this Agreement, provided Company is not in default, STERLING TALENT SOLUTIONS will make available to Company for download a file of requested Company Data in comma separated value (.csv) format along with Screening Reports and attachments uploaded by Company's Users in their native formats. After such thirty (30) day period, STERLING TALENT SOLUTIONS shall have no further obligation to provide Company with access to any Company Data, Deliverables and/or Screening Reports. Any such download will be subject to STERLING TALENT SOLUTIONS' then current Professional Services rate.


  7. FEES. Company shall pay the fees set forth in any Order Form and any applicable Statement of Work, as well as any amounts otherwise agreed to by the Parties in writing. These fees may include set-up fees, annual platform license fees, transaction-based fees, and other amounts as set forth in an Order Form or Statement of Work.
  8. INVOICING AND PAYMENT. STERLING TALENT SOLUTIONS will invoice Company for all Services as indicated in the Order Form and any applicable Statement of Work. Payment is due thirty (30) days after an invoice is received. If Company is approved by STERLING TALENT SOLUTIONS to pay invoices with a credit card, Company shall provide STERLING TALENT SOLUTIONS with valid and updated credit card information. Company hereby authorizes STERLING TALENT SOLUTIONS to charge such credit card for Services listed on the Order Form for the Initial Term and any Renewal Term(s).
  9. 5.1.
    Overdue Charges. If any charges are not received from Company by the due date, then at STERLING TALENT SOLUTIONS' sole discretion, (i) such charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (ii) STERLING TALENT SOLUTIONS may condition future payment terms shorter than those specified in this Section 5.


    5.2.
    Suspension of Services and Acceleration. If any amount owing by Company under this Agreement is thirty (30) or more days overdue, STERLING TALENT SOLUTIONS may, without limiting other rights and remedies available to it, accelerate Company's unpaid fee obligations so that all such obligations become immediately due and payable, and/or suspend Services until such amounts are paid in full. STERLING TALENT SOLUTIONS will give Company at least seven (7) business days prior notice that Company's account is overdue, in accordance with Section 20 (Notices), before suspending Services to Company.


    5.3.
    Taxes. Unless otherwise stated, STERLING TALENT SOLUTIONS' fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, "Taxes"). Company is responsible for paying all Taxes associated with its purchases hereunder. If STERLING TALENT SOLUTIONS has the legal obligation to pay or collect Taxes for which Company is responsible under this paragraph, the appropriate amount shall be invoiced to and paid by Company, unless Company provides STERLING TALENT SOLUTIONS with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, STERLING TALENT SOLUTIONS is solely responsible for taxes assessable against it based on STERLING TALENT SOLUTIONS' income, property and employees.


  10. SECURITY/LOAD TESTING AND USE OF ROBOTS. Company may not, without the prior written consent of STERLING TALENT SOLUTIONS, (i) conduct security, integrity, penetration, vulnerability or similar testing on the Services, (ii) use any software tool designed to automatically emulate the actions of a human user (such tools are commonly referred to as robots) in conjunction with the Services, or (iii) attempt to access the data of another STERLING TALENT SOLUTIONS customer (whether or not for test purposes).
  11. INTELLECTUAL PROPERTY OWNERSHIP. As between the parties, Company shall retain all right, title and interest to all Company Data (except for the rights expressly granted to STERLING TALENT SOLUTIONS in this Agreement). STERLING TALENT SOLUTIONS shall retain all right, title and interest in and to (i) the Software Service and all technology and software used to provide it, the Documentation and all modifications and/or enhancements to the Software Service, regardless of the source of inspiration for any such enhancement or modification and regardless of whether Company has provided input regarding such modifications and/or enhancements, (ii) proprietary education or training content, (iii) proprietary materials related to STERLING TALENT SOLUTIONS' Professional Services processes and methodology, (iv) all Deliverables, provided that no Company Confidential Information is shared or revealed by or included within the portion of any Deliverable later used by STERLING TALENT SOLUTIONS, and (v) all intellectual property rights in the foregoing. Notwithstanding any other term of this Agreement, STERLING TALENT SOLUTIONS may access and use, and shall retain all right, title and interest in transactional and anonymized data based upon Company Data, so long as such data does not reveal the identity or traits of any particular individual person or of Company. STERLING TALENT SOLUTIONS reserves to itself all rights that are not expressly granted pursuant to this Agreement.
  12. PROFESSIONAL SERVICES. Company shall have a non-exclusive, non-transferable, license during the Term to use the Deliverables resulting from STERLING TALENT SOLUTIONS' Professional Services solely for Company's internal business purposes in connection with using the Software Service. Each Statement of Work during the Term is governed by the terms of this Agreement and in the event of any conflict or discrepancy between a Statement of Work and the terms of the Agreement, the Agreement shall govern except as to scope of work, fees, currency, expenses, and payment terms for the Professional Services, for which the Statement of Work will govern.
  13. WARRANTIES AND DISCLAIMERS
  14. 9.1.
    Limited Warranty and Exclusive Remedy. STERLING TALENT SOLUTIONS represents and warrants as follows: (i) during the Term, the Software Service will perform substantially in accordance with the Documentation, if any, and (ii) Professional Services, if any, shall be provided in a professional manner consistent with industry standards. FOR ANY BREACH OF THE ABOVE WARRANTIES, COMPANY'S EXCLUSIVE REMEDY AND STERLING TALENT SOLUTIONS' ENTIRE LIABILITY SHALL BE: (i) FOR STERLING TALENT SOLUTIONS TO CORRECT THE ERRORS OR NON-COMFORITIES IN THE SOFTWARE SERVICE OR OTHER SERVICES THAT CAUSED BREACH OF THE WARRANTY, OR (WITH RESPECT TO PROFESSIONAL SERVICES) TO REPERFORM THE DEFICIENT PROFESSIONAL SERVICES; OR, (ii) IF STERLING TALENT SOLUTIONS CANNOT CORRECT SUCH BREACH IN A COMMERCIALLY REASONABLE TIMEFRAME, FOR COMPANY TO TERMINATE ITS ORDER FOR THE SOFTWARE SERVICE OR OTHER APPLICABLE SERVICES, AND RECEIVE A REFUND OF ANY PREPAID, UNUSED AMOUNTS PAYABLE FOR THE NON-CONFORMING OR DEFICIENT SERVICES.


    9.2.
    GENERAL DISCLAIMER. STERLING TALENT SOLUTIONS DOES NOT GUARANTEE OR WARRANT THAT THE SOFTWARE SERVICE WILL PERFORM ERROR-FREE OR UNINTERRUPTED OR THAT STERLING TALENT SOLUTIONS WILL CORRECT ALL ERRORS IN THE SOFTWARE SERVICE OR OTHER SERVICES PROVIDED HEREUNDER. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.


  15. INDEMNIFICATION. Company shall defend, indemnify and hold harmless STERLING TALENT SOLUTIONS and its corporate affiliates, and its and their directors, officers, agents and representatives, against any claim, demand, suit or proceeding (collectively, a "Claim") brought by a third party alleging (i) that the Company Data, or Company's use of the Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of or has otherwise harmed a third party or violates applicable law, (ii) Company wrongfully used or obtained any Screening Report, including but not limited to Company having used any Screening Report for any purpose other than the stated permissible purpose, (iii) Company failed to comply with its obligations under the FCRA or other applicable federal, state or local laws, including but not limited to Company having failed to comply with its obligations set forth in Exhibit A-1 ("Notice to Users of Consumer Reports: Obligations of Users Under the FCRA") and/or (iv) Company acted with gross negligence or willful misconduct, and shall indemnify STERLING TALENT SOLUTIONS for any damages (including reasonable attorney's fees and costs) finally awarded against STERLING TALENT SOLUTIONS as a result of, or for any amounts paid by STERLING TALENT SOLUTIONS under a settlement of, a Claim; provided that STERLING TALENT SOLUTIONS (a) promptly gives Company written notice of the Claim; (b) gives Company sole control of the defense and settlement of the Claim (provided that Company may not settle any Claim unless the settlement unconditionally releases STERLING TALENT SOLUTIONS of all liability); and (c) provides to Company all reasonable assistance, at Company's expense.
  16. LIMITATIONS OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, STERLING TALENT SOLUTIONS WILL NOT BE LIABLE TO COMPANY FOR ANY LOST PROFITS, LOST SAVINGS, LOSS OF ANTICIPATED BENEFITS, OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF STERLING TALENT SOLUTIONS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, THE AGGREGATE LIABLITY OF STERLING TALENT SOLUTIONS UNDER THIS AGREEMENT SHALL IN NO EVENT EXCEED FEES ACTUALLY PAID BY COMPANY TO STERLING TALENT SOLUTIONS DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT ON WHICH THE CLAIM OF LIABILITY IS BASED.
  17. CONFIDENTIALITY. Each Party agrees: (i) that it will use (and will ensure that its employees, Affiliates, agents, contractors and any approved third parties use) reasonable efforts (which shall be no less than the efforts used to protect its own confidential information of a similar nature) to prevent the disclosure of the other Party's Confidential Information to any person or entity, unless authorized by the other Party; and (ii) it will not use Confidential Information of the other Party for any purpose other than as authorized by this Agreement or by the other Party. As to STERLING TALENT SOLUTIONS, the term "Confidential Information" includes information specifically designated as confidential or that would be understood to be confidential or proprietary by a reasonable person, the features and functions of the Services that are not available to the general public via the public Internet (including screen shots of the same), future product plans, and any Documentation or specification provided to Company, the commercial terms (including pricing) of this Agreement and any Statement of Work (but not the mere existence of this Agreement), performance and security test results (whether conducted by STERLING TALENT SOLUTIONS or Company), and any other proprietary, financial or business information supplied to Company by STERLING TALENT SOLUTIONS. As to Company, the term "Confidential Information" includes information specifically designated as confidential or that would be understood to be confidential or proprietary by a reasonable person. Notwithstanding the foregoing, "Confidential Information" shall not include (i) information which is or becomes publicly known through no act of omission of the receiving Party, or (ii) information gained by the receiving Party independent of the disclosing Party. Notwithstanding the foregoing, it shall not be a breach of this Agreement to disclose Confidential Information required to be disclosed pursuant to administrative or court order, government or regulatory investigation or requirement, or arbitration or litigation arising out of this Agreement; provided, however, that to the extent permissible, each Party shall, in advance of any such disclosure promptly notify the other Party in order to enable the other Party reasonable time to seek a protective order with respect to the requested information or otherwise challenge or oppose the disclosure requirement. The Parties acknowledge that use or disclosure of any Confidential Information of the other Party in a manner inconsistent with this Agreement may give rise to irreparable injury to the disclosing Party or to third parties who have entrusted information to the disclosing Party, and such disclosure may be inadequately compensable in damages. Accordingly, in addition to any other legal remedies that may be available at law or in equity, the disclosing Party shall be entitled to seek equitable or injunctive relief against the unauthorized use or disclosure of Confidential Information. For avoidance of doubt, the Software Service is designed to facilitate sharing of Company Data by Company and its Users for permitted purposes. Accordingly, Company Data is not "Confidential Information" for purposes of this Section 12. STERLING TALENT SOLUTIONS' obligations with respect to Company Data are as set forth in Section 2.1.2 (Protection of Company Data).
  18. GOVERNING LAW AND VENUE. This Agreement shall be governed by, construed and enforced in accordance with the internal laws of the State of Washington, without giving effect to principles and provisions thereof relating to conflict or choice of laws irrespective of the fact any one of the Parties is now or may become a resident of a different state. Venue for any action under this Agreement shall lie only in the United States District Court — Western District of Washington. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to any of the transactions contemplated by this Agreement.
  19. ASSIGNMENT. Neither Party shall assign this Agreement, or any of its rights or obligations hereunder, without the prior written consent of the other Party, which shall not be unreasonably withheld or delayed. Notwithstanding the foregoing, STERLING TALENT SOLUTIONS may assign this Agreement in its entirety without prior written consent pursuant to any corporate reorganization or merger of its business, or pursuant to any sale of all or substantially all of its assets. STERLING TALENT SOLUTIONS may delegate duties under this Agreement to third parties, provided that STERLING TALENT SOLUTIONS is responsible for such parties' performance and compliance with the provisions of this Agreement.
  20. WAIVER. All waivers must be in writing. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
  21. AMENDMENT. This Agreement may only be modified by a writing executed by both Parties.
  22. PREVAILING PARTY FEES. In any controversy, claim or dispute arising out of or relating to this Agreement or the method or manner of performance thereof or the breach thereof, the prevailing Party shall be entitled and awarded in addition to any other relief, its reasonable attorney's fees, expert witness fees and costs.
  23. SEVERABILITY. If any term or provision of this Agreement or any application thereof to any person or circumstance shall to any extent be invalid or unenforceable, the remainder of this Agreement or the application of such terms or provisions to person or circumstances other than those to which it is held invalid or unenforceable shall not be affected thereby and each term and provision of the Agreement shall be valid and enforceable to the fullest extent permitted by law.
  24. INDEPENDENT CONTRACTOR/USE OF SUBCONTRACTORS. Nothing contained in this Agreement shall be deemed or construed by the Parties hereto or by any third person to create the relationship of principal and agent or partnership or of any association between any of the Parties hereto other than independent contracting parties. STERLING TALENT SOLUTIONS may, in the ordinary course of business, use subcontractors to perform the Services where it is customary to do so.
  25. NOTICES. Any notice, payment, demand, or communication required or permitted to be given by any provision of this Agreement shall be in writing and sent by telephone facsimile transmission, certified or registered mail with return receipt requested, or express courier or delivery service and addressed to Company at the address then on record at STERLING TALENT SOLUTIONS, or to such other address as Company may from time to time specify by notice to STERLING TALENT SOLUTIONS in writing. Company may deliver notices to STERLING TALENT SOLUTIONS at 4511 Rockside Road, 4th Floor, Independence, OH 44131 Attn: General Counsel, or to such other address as STERLING TALENT SOLUTIONS may from time to time specify by notice to Company in writing or by means of an alert on Company's dashboard.
  26. FORCE MAJEURE. Neither Party is responsible for any failure to perform under this Agreement when such failure arises from or relates to any acts of God, public enemies, acts of terrorism, inability to obtain materials (including necessary data) or reasonable substitutes for materials (including necessary data), inability to obtain power, internet service provider failures or delays, civil war, insurrection, riot or demonstration, fire, flood, explosion, earthquake, accident, strike labor difficulties, work interruption or any other cause beyond its reasonable control.
  27. AUTHORITY OF SIGNATORY. Each Party represents that the person signing this Agreement is duly authorized to legally bind Company or STERLING TALENT SOLUTIONS (as the case may be) to the Agreement.
  28. NO CONSTRUCTION AGAINST DRAFTER. The Parties affirm and agree they have had an opportunity to consult with their respective counsel and with such other experts or advisors as they have deemed necessary in connection with this Agreement. This Agreement shall be construed without any presumption or rule requiring this Agreement to be construed against the Party causing this Agreement, or any part of it to be drafted.
  29. AGREEMENT IN ENTIRETY. This Agreement (including Order Forms, exhibits, amendments and any addenda or Statement of Work(s) hereto which are incorporated herein by reference) sets forth the entire understanding of the Parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, covenants, negotiations, arrangements, communications, representations, understandings or warranties, whether oral or written, by any officer, employee, or representative of either Party relating thereto. There are no other understandings, statements, promises or inducements, oral or otherwise, contrary to the terms of this Agreement. However, required federal and state certifications, affidavits, etc., if any, needed for compliance with applicable law, will be construed to be part of this Agreement. In the event there is any conflict between this Agreement and any other agreements between Company and STERLING TALENT SOLUTIONS, the relevant terms and conditions of this Agreement shall control.
  30. MEDIA RELEASES. Except for any announcement intended solely for internal distribution by Company or any disclosure required by legal, accounting, or regulatory requirements beyond the reasonable control of Company, all media releases, public announcements, or public disclosures (including, but not limited to, promotional or marketing material) by Company or its employees or agents relating to this Agreement or its subject matter, including the name, trade name, trade mark, or symbol of STERLING TALENT SOLUTIONS or any affiliate of STERLING TALENT SOLUTIONS, shall be coordinated with and approved in writing by STERLING TALENT SOLUTIONS prior to the release thereof. Company shall permit STERLING TALENT SOLUTIONS to use Company's name and logo for marketing purposes.
  31. ELECTRONIC SIGNATURES. This Agreement and any amendments hereto may be executed via electronic signature pursuant to 15 U.S.C. Ch. 96 (and other relevant e-signature legislation). Any electronic signature will appear in the signature block at the end of this Agreement.
  32. COUNTERPARTS. This Agreement may be executed in two or more counterparts (each of which need not be executed by each of the Parties), each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
  33. THIRD PARTY SOURCES. Company understands that some information provided by STERLING TALENT SOLUTIONS is provided to STERLING TALENT SOLUTIONS by third party sources and that some or all of these third party sources may prohibit STERLING TALENT SOLUTIONS from providing information from such sources to Company. Should a third party source advise STERLING TALENT SOLUTIONS that it may not provide information from such source to a STERLING TALENT SOLUTIONS customer, STERLING TALENT SOLUTIONS will endeavor to provide such information from another source if practicable and efficient or STERLING TALENT SOLUTIONS can advise Company as soon as possible that it will be unable to provide such information and fulfill that portion of Company's request. Company understands that if this occurs, STERLING TALENT SOLUTIONS is acting within its rights under this Agreement and that STERLING TALENT SOLUTIONS is not subject to any liability or damages for such action.


EXHIBIT A

BACKGROUND SCREENING REQUIREMENTS


STERLING TALENT SOLUTIONS will furnish Company with Screening Reports for the screening of applicants ("Applicant"), conditioned upon Company's compliance with this Exhibit and fulfillment of all of its obligations (including payment) under this Agreement. In utilizing STERLING TALENT SOLUTIONS' Services in regard to Screening Reports, Company is considered a user of consumer reports and/or investigative consumer reports under the FCRA and applicable state laws.

Company hereby certifies that all of its orders for Screening Reports from STERLING TALENT SOLUTIONS shall be made, and the resulting reports shall be used for employment purposes, as defined in the FCRA, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission.
  1. Employer Certification.
  2. 1.1.
    Company shall be responsible for identifying and complying with all federal (including, without limitation, the FCRA), state and local laws and regulations applicable to Company in connection with its procurement and use of Screening Reports furnished by STERLING TALENT SOLUTIONS. Company accepts full responsibility for any and all consequences of use or dissemination of those Screening Reports. Company further agrees that each Screening Report will only be used for a one-time use. Company certifies to STERLING TALENT SOLUTIONS that Company will comply with all applicable provisions of the attached Exhibit A-1 ("Notice to Users of Consumer Reports: Obligations of Users Under the FCRA"), which explains Company's obligations under the FCRA as a user of consumer information and acknowledges receipt of such Notice. Without limitation Company agrees that (i) prior to procurement of a consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer, in a document that consists of only the disclosure, that a consumer report will be obtained for employment purposes; and (b) The consumer has authorized in writing the procurement of the report by Company; (ii) prior to procurement of an investigative consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer in a document that consists of only the disclosure that an investigative consumer report including information as to the consumer's character, general reputation, personal characteristics and/or mode of living will be obtained for employment purposes; and (b) Such disclosure contains a statement advising the consumer of his/her right to request a complete and accurate statement regarding the nature and scope of the requested investigative consumer report and his/her right to request a copy of the rights of the consumer under the FCRA, a copy of which is attached hereto as Exhibit A-2 ("A Summary of Your Rights Under the Fair Credit Reporting Act"); and (iii) in using a Screening Report for employment purposes, before taking any adverse action based in whole or in part on the Screening Report, the Company shall provide to the consumer to whom the Screening Report relates: (a) A copy of the Screening Report; (b) A copy of the notice titled "A Summary of Your Rights Under the Fair Credit Reporting Act" attached hereto as Exhibit A-2, and any applicable state summary of rights; and (c) A reasonable opportunity of time to correct any erroneous information contained in the Screening Report. Company further certifies that information from any consumer report or Screening Report will not be used in violation of any applicable federal or state equal opportunity law or regulation.


  3. California Certification.
  4. 2.1.
    Company hereby certifies that, under the Investigative Consumer Reporting Agencies Act ("ICRA"), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act ("CCRAA"), California Civil Code Sections 1785.1 et seq., if Company is located in the State of California, and/or Company's request for and/or use of Screening Reports pertains to a California resident or worker, Company will do the following:


    2.1.1.
    Request and use Screening Reports solely for permissible purpose(s) identified under California Civil Code Sections 1785.11 and 1786.12.


    2.1.2.
    When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, provide a clear and conspicuous disclosure in writing to the consumer, which solely discloses: (i) that an investigative Screening Report may be obtained; (ii) the permissible purpose of the investigative Screening Report; (iii) that information on the consumer's character, general reputation, personal characteristics and mode of living may be disclosed; and (iv) the name, address, and telephone number of STERLING TALENT SOLUTIONS; and (v) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22.


    2.1.3.
    When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, only request a Screening Report if the applicable consumer has authorized in writing the procurement of the Screening Report.


    2.1.4.
    When a Screening Report is sought in connection with the hiring of a dwelling unit, notify the consumer in writing that a Screening Report will be made regarding the consumer's character, general reputation, personal characteristics, and mode of living. The notification shall include the name and address of STERLING TALENT SOLUTIONS as well as a summary of the provisions of California Civil Code Section 1786.22. The consumer shall be notified not later than three days after the date on which the Screening Report was first requested.


    2.1.5.
    When a Screening Report is sought in connection with the underwriting of insurance, clearly and accurately disclose in writing at the time the application form, medical form, binder, or similar document is signed by the consumer that a Screening Report regarding the consumer's character, general reputation, personal characteristics, and mode of living may be made, or, if no signed application form, medical form, binder, or similar document is involved in the underwriting transaction, the disclosure shall be made to the consumer in writing and mailed or otherwise delivered to the consumer not later than three days after the Screening Report was first requested. The disclosure shall include the name and address of STERLING TALENT SOLUTIONS, the nature and scope of the investigation requested, and a summary of the provisions of California Civil Code Section 1786.22.


    2.1.6.
    Provide the consumer a means by which he/she may indicate on a written form, by means of a box to check, that the consumer wishes to receive a copy of any Screening Report that is prepared.


    2.1.7.
    If the consumer wishes to receive a copy of the Screening Report, send (or contract with another entity to send) a copy of the Screening Report to the consumer within three business days of the date that the Screening Report is provided to Company. The copy of the Screening Report shall contain the name, address, and telephone number of the person who issued the report and how to contact him/her.


    2.1.8.
    Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 if the taking of adverse action is a consideration, which shall include, but may not be limited to, advising the consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Screening Report, informing the consumer in writing of STERLING TALENT SOLUTIONS' name, address, and telephone number, and provide the consumer with a written notice of his/her rights under the ICRA and the CCRAA.


    2.1.9.
    Comply with all other requirements under applicable California law, including, but not limited to any statutes, regulations and rules governing the procurement, use and/or disclosure of any Screening Reports, including, but not limited to, the ICRA and the CCRAA.


  5. Consumer Requests for Additional Disclosures. In addition to the disclosure requirements identified above, if the consumer makes a written request within a reasonable amount of time, Company will provide: (1) information about whether an investigative consumer report has been requested; (2) written disclosure of the nature and scope of the investigation requested, if an investigative consumer report has been requested; and (3) STERLING TALENT SOLUTIONS' contact information, including complete address and toll-free telephone number. This information will be provided to the consumer no later than five (5) days after the request for such disclosure was received from the consumer or such report was first requested, whichever is the latter.
  6. In addition to the requirements above, Company:
  7. 4.1.
    Shall comply with, without limitation, the Americans with Disabilities Act, the Drivers Privacy Protection Act ("DPPA") and any applicable state laws if Company is obtaining Motor Vehicle Reports ("MVRs"), the Gramm-Leach-Bliley Act and federal and state employment laws.


    4.2.
    If Screening Reports include MVRs:


    4.2.1.
    Shall be responsible for understanding and for staying current with all specific state forms, certificates of use or other documents or agreements including any changes, supplements or amendments thereto imposed by the states (collectively referred to as "Specific State Forms") from which it will order MVRs. Company certifies that it will file all applicable Specific State Forms required by individual states.


    4.2.2.
    Certifies that no MVRs shall be ordered without first obtaining the written consent of the consumer to obtain "driving records," evidence of which shall be transmitted to STERLING TALENT SOLUTIONS in the form of the consumer's signed release authorization form. Company also certifies that it will use this information only in the normal course of business to obtain lawful information relating to the holder of a commercial driver's license or to verify information provided by an applicant or employee. Company shall not transmit any data contained in the resulting MVR via the public internet, electronic mail or any other unsecured means.


    4.2.3.
    Shall execute and deliver to STERLING TALENT SOLUTIONS upon execution of this Agreement and annually thereafter for as long as Company receives MVRs, an Affidavit of Intended Use, attached hereto as Attachment A.


    4.3.
    If requesting verification of current employment status or a reference check with respect to any Applicant, certifies that it will not request verification of current employment status from Applicant's current employer without first obtaining permission from the Applicant to contact Applicant's current employer.


    4.4.
    Shall base all of its hiring decisions and related actions on its policies and procedures and not rely on STERLING TALENT SOLUTIONS for (nor shall STERLING TALENT SOLUTIONS render) legal advice regarding employment decisions.


    4.5.
    Shall keep strictly confidential any information and identification numbers and passwords it receives from or gains access to through STERLING TALENT SOLUTIONS, bear responsibility for all account activity within Company's scope of use, use Company's account only for the purposes authorized under this Agreement, and not sublicense, license, rent, sell, loan, give or perform marketing activities to make available all or any part of Company's account to a third party.


    4.6.
    Shall provide access to Screening Reports provided by STERLING TALENT SOLUTIONS only to Company employees, agents and representatives of Company who fully review and understand Company's obligations under the FCRA and this Agreement and who agree to comply with those obligations.


    4.7.
    Shall ensure that Users do not request and/or obtain Screening Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate business transaction or for a valid FCRA permissible purpose.


    4.8.
    Shall provide STERLING TALENT SOLUTIONS with accurate employee identification, address, or other information, and when available, e-mail contact information.


    4.9.
    Understands and acknowledges that, in the course of completing background checks, STERLING TALENT SOLUTIONS may uncover active arrest warrants which are outstanding against the Applicant. In these cases, STERLING TALENT SOLUTIONS may be contacted by the law enforcement agency seeking the Applicant. Company understands that STERLING TALENT SOLUTIONS will furnish to law enforcement any information contained within the subject's file to assist in the apprehension of the Applicant. Additionally, STERLING TALENT SOLUTIONS may contact Company, and Company agrees to release to STERLING TALENT SOLUTIONS, any and all information Company may have which will further the apprehension of the wanted individual.


    4.10.
    Shall not resell, sublicense, deliver, display or otherwise distribute any Screening Reports provided by STERLING TALENT SOLUTIONS to any third party. ANY PERSON WHO WILLFULLY AND KNOWINGLY OBTAINS, RESELLS, TRANSFERS, OR USES INFORMATION IN VIOLATION OF LAW MAY BE SUBJECT TO CRIMINAL CHARGES AND/OR LIABLE TO ANY INJURED PARTY FOR TREBLE DAMAGES, REASONABLE ATTORNEY'S FEES AND COSTS. OTHER CIVIL AND CRIMINAL LAWS MAY ALSO APPLY.


  8. STERLING TALENT SOLUTIONS shall:
  9. 5.1.
    Take reasonable procedures to comply with all applicable federal, state and local laws in the preparation and transmission of Screening Reports including, without limitation, responding appropriately to any assertions by an Applicant that a Screening Report contains inaccurate information.


    5.2.
    Maintain reports and other records as required by applicable law.


    5.3.
    Comply with all credentialing requirements imposed by any third parties or STERLING TALENT SOLUTIONS' internal protocols so STERLING TALENT SOLUTIONS can confirm that Screening Reports are only provided to legitimate business entities. Such credentialing may include an on-site visit by STERLING TALENT SOLUTIONS.


  10. Disclaimer of Warranties (Screening Reports).
  11. 6.1.
    Screening Reports and other information in the STERLING TALENT SOLUTIONS databases have been compiled from public records and other proprietary sources for the specific purposes of providing background information and therefore such information is obtained by STERLING TALENT SOLUTIONS, and reported to Company, "AS IS". Neither STERLING TALENT SOLUTIONS nor any of its suppliers represents or warrants that the information from such records is complete or accurate; however, STERLING TALENT SOLUTIONS warrants and represents that it will have reasonable procedures in place to report the information as provided by such sources. Except for the limited warranty above, STERLING TALENT SOLUTIONS HEREBY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES REGARDING THE PERFORMANCE OF THE SERVICE AND THE ACCURACY, CURRENCY, OR COMPLETENESS OF ANY DATA, INFORMATION OR SCREENING REPORT, INCLUDING (WITHOUT LIMITATION) ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT, AND ANY IMPLIED INDEMNITIES.


    6.2.
    Company understands that searches of international background screening will be conducted through the services of a third-party independent contractor. Because of differences in foreign laws, language, and the manner in which foreign records are maintained and reported, STERLING TALENT SOLUTIONS cannot be either an insurer or a guarantor of the accuracy of the information reported. Company therefore releases STERLING TALENT SOLUTIONS and its affiliated companies, officers, agents, employees, and independent contractors from any liability whatsoever in connection with erroneous information received as a result of an international background screening report.


    6.3.
    STERLING TALENT SOLUTIONS recommends that Company screen its applicants or employees at the county court-house or online system, federal, and multi-state/nationwide database levels. Company understands that if it chooses not to conduct searches at these levels, STERLING TALENT SOLUTIONS cannot be held responsible for any records that exist that are not included in the coverage requested by Company. Company further understands that the multi-state/nationwide database report will only be offered in conjunction with a county-level verification of any records found and that Company will bear any additional costs associated with this verification.


  12. Note on Credit Reports and Credit Bureaus.
  13. 7.1.
    Credit bureaus require specific documents and certifications, which may be in the form of addendums to this Agreement, in connection with providing credit reports. Executing this Agreement is only one of the steps necessary to complete an application process with a credit bureau. STERLING TALENT SOLUTIONS retains the right to request additional documentation and certifications from Company, as well as a physical inspection of Company's business location, from time to time in order to comply with credit bureau requirements, and Company understands that it shall not be entitled to receive credit reports unless and until it honors all requests for information and delivers such certifications.


    7.2.
    Company certifies, if receiving credit reports through STERLING TALENT SOLUTIONS, that it will promptly notify STERLING TALENT SOLUTIONS of any change in Company location, structure, ownership or control, including but not limited to the addition of any branch(es) that will be requesting and/or accessing credit reports. Company understands that any such change may require Company to re-submit to STERLING TALENT SOLUTIONS certain documentation and certifications described in section 7.1 above, as well as submit to a new physical inspection.


    7.3.
    Credit reports are only accessible through pre-authorized static Internet Protocol (IP) addresses that have been registered with STERLING TALENT SOLUTIONS. To access credit reports, Company will be required to provide STERLING TALENT SOLUTIONS with all static IP addresses. Company will not be able to access credit reports through Dynamic Host Configuration Protocol (DHCP) or IP ranges.


    7.4.
    Credit bureaus may prohibit the following persons, entities and/or businesses from obtaining credit reports: bail bond enforcement or bounty hunters, internet people locator services, diet centers, adoption search firms, credit repair companies or credit clinics, for profit credit counseling, loan modification companies, attorneys, law firms, investigative companies (including private investigators and detective agencies except those licensed for and exclusively practicing, investigative work for employment purposes), media agencies, news agencies, journalists, non-governmental agencies or businesses associated with the collected of child support, dating services, asset location services (does not include collection agencies), condominium/homeowners associations, future services including but not limited to continuity and health clubs (except health club/spas human resources departments), timeshare, companies involved and/or associated with inappropriate adult content web sites and/or adult-type telephone services, businesses that operate out of an apartment, companies or individuals who are known to have been involved in credit fraud or other unethical business practices, any person or entity known or suspected to be engaged in fraudulent or illegal activity such as identity theft, harassment or stalking, any company or individual listed as a Specially Designated National on the Office of Foreign Asset Control (OFAC) website, or persons or entities that are not an end-user or decision maker.




EXHIBIT A-1

All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau's website, www.consumerfinance.gov/learnmore.

NOTICE TO USERS OF CONSUMER REPORTS:
OBLIGATIONS OF USERS UNDER THE FCRA

The Fair Credit Reporting Act (FCRA), 15 U.S.C. §1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau's (CFPB) website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at CFPB's website. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.

The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.

  1. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS
    1. Users Must Have a Permissible Purpose
    2. Congress has limited the use of consumer reports to protect consumers' privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are:
      • As ordered by a court or a federal grand jury subpoena. Section 604(a)(1)
      • As instructed by the consumer in writing. Section 604(a)(2)
      • For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer's account. Section 604(a)(3)(A)
      • For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)
      • For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C)
      • When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i)
      • To review a consumer's account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii)
      • To determine a consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status. Section 604(a)(3)(D)
      • For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E)
      • For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5)
      In addition, creditors and insurers may obtain certain consumer report information for the purpose of making "prescreened" unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of "prescreened" information are described in Section VII below.

    3. Users Must Provide Certifications
    4. Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.

    5. Users Must Notify Consumers When Adverse Actions Are Taken
    6. The term "adverse action" is defined very broadly by Section 603. "Adverse actions" include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA — such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.
      1. Adverse Actions Based on Information Obtained From a CRA
      2. If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:
        • The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.
        • A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.
        • A statement setting forth the consumer's right to obtain a free disclosure of the consumer's file from the CRA if the consumer makes a request within 60 days.
        • A statement setting forth the consumer's right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.
      3. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies
      4. If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer's written request.

      5. Adverse Actions Based on Information Obtained From Affiliates
      6. If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.
    7. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files
    8. When a consumer has placed a fraud alert, including one relating to identify theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer's alert.

    9. Users Have Obligations When Notified of an Address Discrepancy
    10. Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer's file. When this occurs, users must comply with regulations specifying the procedures to be followed. Federal regulations are available at www.consumerfinance.gov/learnmore.

    11. Users Have Obligations When Disposing of Records
    12. Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. Federal regulations have been issued that cover disposal.
  2. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES
  3. If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations prescribed by the CFPB.

    Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) ("Notice to the Home Loan Applicant").

  4. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES
    1. Employment Other Than in the Trucking Industry
    2. If the information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:
      • Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.
      • Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.
      • Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.
      • Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer's rights (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken.

      An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2).

      The procedures for investigative consumer reports and employee misconduct investigations are set forth below.

    3. Employment in the Trucking Industry
    4. Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company.
  5. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED
  6. Investigative consumer reports are a special type of consumer report in which information about a consumer's character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following:
    • The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)
    • The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.
    • Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.
  7. SPECIAL PROCEDURES FOR EMPLOYMEE INVESTIGATIONS
  8. Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.

  9. OBLIGATIONS OF USERS OF MEDICAL INFORMATION
  10. Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes — or in connection with a credit transaction (except as provided in federal regulations) — the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or a permitted by statute, regulation, or order).

  11. OBLIGATIONS OF USERS OF "PRESCREENED" LISTS
  12. The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(1), 604(c), 604(e), and 615(d). This practice is known as "prescreening" and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that:
    • Information contained in a consumer's CRA file was used in connection with the transaction.
    • The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer.
    • Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral.
    • The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system.
    In addition, the CFPB has established the format, type size, and manner of the disclosure required by Section 615(d), with which users must comply. The relevant regulation is 12 CFR 1022.54.

  13. OBLIGATIONS OF RESELLERS
    1. Disclosure and Certification Requirements
    2. Section 607(e) requires any person who obtains a consumer report for resale to take the following steps:
      • Disclose the identity of the end-user to the source CRA.
      • Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user.
      • Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain:

          (1) the identify of all end-users;

          (2) certifications from all users of each purpose for which reports will be used; and

          (3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report.

    3. Reinvestigations by Resellers
    4. Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer.

    5. Fraud Alerts and Resellers
    6. Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports.
  14. LIABILITY FOR VIOLATIONS OF THE FCRA
  15. Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619.

    The CFPB's website, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA.

    Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1618 et seq.:

    Section 602      15 U.S.C. 1681
    Section 603      15 U.S.C. 1681a
    Section 604      15 U.S.C. 1681b
    Section 605      15 U.S.C. 1681c
    Section 605A      15 U.S.C. 1681cA
    Section 605B      15 U.S.C. 1681cB
    Section 606      15 U.S.C. 1681d
    Section 607      15 U.S.C. 1681e
    Section 608      15 U.S.C. 1681f
    Section 609      15 U.S.C. 1681g
    Section 610      15 U.S.C. 1681h
    Section 611      15 U.S.C. 1681i
    Section 612      15 U.S.C. 1681j
    Section 613      15 U.S.C. 1681k
    Section 614      15 U.S.C. 1681l
    Section 615      15 U.S.C. 1681m
    Section 616      15 U.S.C. 1681n
    Section 617      15 U.S.C. 1681o
    Section 618      15 U.S.C. 1681p
    Section 619      15 U.S.C. 1681q
    Section 620      15 U.S.C. 1681r
    Section 621      15 U.S.C. 1681s
    Section 622      15 U.S.C. 1681s-1
    Section 623      15 U.S.C. 1681s-2
    Section 624      15 U.S.C. 1681t
    Section 625      15 U.S.C. 1681u
    Section 626      15 U.S.C. 1681v
    Section 627      15 U.S.C. 1681w
    Section 628      15 U.S.C. 1681x
    Section 629      15 U.S.C. 1681y


EXHIBIT A-2


Para informacion en espanol, visite www.consumerfinance.gov/learnmore o escribe a la Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.

A Summary of Your Rights Under the Fair Credit Reporting Act

The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under the FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.

  • You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment — or to take another adverse action against you — must tell you, and must give you the name, address, and phone number of the agency that provided the information.
  • You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your "file disclosure"). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if:
    • a person has taken adverse action against you because of information in your credit report;
    • you are the victim of identity theft and place a fraud alert in your file;
    • your file contains inaccurate information as a result of fraud;
    • you are on public assistance;
    • you are unemployed but expect to apply for employment within 60 days.
    In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information.
  • You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender.
  • You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous. See www.consumerfinance.gov/learnmore for an explanation of dispute procedures.
  • Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate.
  • Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old.
  • Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need — usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access.
  • You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore.
  • You may limit "prescreened" offers of credit and insurance you get based on information in your credit report. Unsolicited "prescreened" offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address from the lists these offers are based on. You may opt-out with the nationwide credit bureaus at 1-888-567-8688.
  • You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court.
  • Identity theft victims and active duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore.


States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General. For information about your federal rights, contact:



TYPE OF BUSINESS CONTACT
1.a. Banks, savings associations, and credit unions with total assets of over $10 billion and their affiliates.

b. Such affiliates that are not banks, savings associations, or credit unions also should list, in addition to the CFPB:
a. Consumer Financial Protection Bureau
1700 G Street NW
Washington, DC 20552

b. Federal Trade Commission: Consumer Response Center-FCRA
Washington, DC 20580
(877) 382-4357
2. To the extent not included in item 1 above:

a. National banks, federal savings associations, and federal branches and federal agencies of foreign banks

b. State member banks, branches and agencies of foreign banks (other than federal branches, federal agencies, and Insured State Branches of Foreign Banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act

c. Nonmember Insured Banks, Insured State Branches of Foreign Banks, and insured state savings associations

d. Federal Credit Unions
a. Office of the Comptroller of the Currency
Customer Assistance Group
1301 McKinney Street, Suite 3450
Houston, TX 77010-9050

b. Federal Reserve Consumer Help Center
P.O. Box 1200
Minneapolis, MN 55480

c. FDIC Consumer Response Center
1100 Walnut Street, Box #11
Kansas City, MO 64106

d. National Credit Union Administration
Office of Consumer Protection (OCP)
Division of Consumer Compliance and Outreach (DCCO)
1775 Duke Street
Alexandria, VA 22314
3. Air Carriers Asst. General Counsel for Aviation Enforcement & Proceedings
1200 New Jersey Avenue, SE
Washington, DC 20590
4. Creditors Subject to Surface Transportation Board Office of Proceedings, Surface Transportation Board Department of Transportation
395 E Street S.W.
Washington, DC 20423
5. Creditors Subject to Packers and Stockyards Act, 1921 Nearest Packers and Stockyards Administration area supervisor
6. Small Business Investment Companies Associate Deputy Administrator for Capital Access
United States Small Business Administration
409 Third Street, SW, 8th Floor
Washington, DC 20416
7. Brokers and Dealers Securities and Exchange Commission
100 F St NE
Washington, DC 20549
8. Federal Land Banks, Federal Land Bank Associations, Federal Intermediate Credit Banks, and Production Credit Associations
Farm Credit Administration
1501 Farm Credit Drive
McLean, VA 22102-5090
9. Retailers, Finance Companies, and All Other Creditors Not Listed Above FTC Regional Office for region in which the creditor operates
or Federal Trade Commission: Consumer Response Center- FCRA
Washington, DC 20580
(877) 382-4357


EXHIBIT B

ACCESS SECURITY REQUIREMENTS


The following information security measures are designed to reduce unauthorized access to consumer information. It is Company's responsibility to implement these controls. If Company does not understand these requirements or needs assistance, it is Company's responsibility to employ an outside service provider to assist it. Capitalized terms used herein have the meaning given in the Glossary attached hereto. These Access Security Requirements may change without notification. The information provided herewith provides minimum baselines for information security.

In accessing STERLING TALENT SOLUTIONS' Software Service and/or Experian's credit reporting services, where applicable, Company agrees to follow these security requirements:
  1. Implement Strong Access Control Measures
    • 1.1.
      Each user shall maintain a unique user ID and password to enable individual authentication and accountability for access to credit information.


      1.2.
      User ID(s) and passwords are to be kept Confidential and not shared or given to others. Account numbers and passwords should be known only by supervisory personnel. System access software which utilizes user ID(s) or passwords must have these components hidden or embedded.


      1.3.
      Develop strong passwords that are:
      • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)
      • Contain a minimum of seven (7) alphanumeric characters for standard user accounts


      1.4.
      Restrict the number of key personnel who have access to credit information. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand the requirements to access such information are only for the permissible purpose for which you have been granted access to credit reports by Sterling Talent Solutions. Ensure that employees do not access credit reports on themselves or any family member(s) or friend(s) unless it is in connection with a legitimate business transaction or for another permissible purpose.


      1.5.
      Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.


      1.6.
      Implement a process to terminate access rights immediately for users who are terminated or when they have a change in their job tasks and no longer require access to credit information.


      1.7.
      After normal business hours, turn off and lock all devices or systems used to obtain credit information.


      1.8.
      Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.


  2. Maintain a Vulnerability Management Program
    • 2.1.
      Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.


      2.2.
      Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.


      2.3.
      Implement and follow current best security practices for Computer Virus detection scanning services and procedures:
      • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.
      • If an actual or potential virus is suspected, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
      • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.


      2.4.
      Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:
      • Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.
      • If actual or potential Spyware is suspected, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.
      • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If company's computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), it is recommended that anti-Spyware scans be completed more frequently than weekly.


  3. Protect Data
    • 3.1.
      Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc).


      3.2.
      All credit information is classified as Confidential and must be secured to this requirement at a minimum.


      3.3.
      Encrypt all credit reporting agency data and information when stored on any company laptop computer and in company's database using AES or 3DES with 128-bit key encryption at a minimum.


      3.4.
      Only open email attachments and links from trusted sources and after verifying legitimacy.


  4. Maintain an Information Security Policy
    • 4.1.
      Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.


      4.2.
      Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.


      4.3.
      Per the FACTA Disposal Rules, implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.


      4.4.
      Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.


  5. Build and Maintain a Secure Network
    • 5.1.
      Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.


      5.2.
      Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.


      5.3.
      Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.


      5.4.
      Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services and network traffic.


      5.5.
      Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.


      5.6.
      Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.


  6. Regularly Monitor and Test Networks
    • 6.1.
      Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).


      6.2.
      Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit information systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:
      • protecting against intrusions;
      • securing the computer systems and network devices;
      • and protecting against intrusions of operating systems or software.


"Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation."

Glossary to Access Security Requirements

Term Definition
Computer Virus A Computer Virus is a self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.
Confidential Very sensitive information. Disclosure could adversely impact your company.
Encryption Encryption is the process of obscuring information to make it unreadable without special knowledge.
Firewall In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
Information Lifecycle or Data Lifecycle Management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.
IP Address A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - must have its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.
Router A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets.
Spyware Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.
SSID Part of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID.
WEP Encryption (Wired Equivalent Privacy) A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be. Older technology reaching its end of life.
WPA (Wi-Fi Protected Access) A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP).
© 2003 - 2024 Sterling Talent Solutions