THIS AGREEMENT (“Agreement”) is made and entered into by and between Applycheck, LLC. and you (“Subscriber”) at .

Applycheck, LLC. strives to deliver accurate and timely information products to assist your company (hereinafter “Subscriber”) in making intelligent and informed decisions for a permissible purpose under applicable law. To this end, Applycheck, LLC. assembles information from a variety of sources, including databases maintained by consumer reporting agencies containing information from public records, other information repositories, and third-party researchers. Subscriber understands that these information sources and resources are not maintained by Applycheck, LLC. Therefore, Applycheck, LLC. cannot be a guarantor that the information provided from these sources is absolutely accurate or current. Nevertheless, Applycheck, LLC has in place procedures designed to respond promptly to claims of incorrect or inaccurate information in accordance with applicable law.

Subscriber and Applycheck each agrees that it will fully comply with the FCRA, and all other applicable state, federal and local laws and regulations. Without limitation, Subscriber will fully comply with the requirements set forth in this Agreement.
Subscriber recognizes that it has a joint responsibility with Applycheck to protect the privacy of consumers, as set forth in Exhibit B of this Agreement.
This Agreement and the relationship between Subscriber and Applycheck (to the extent not specified in this Agreement) will be governed by the Uniform Commercial Code as most currently adopted by both the American Law Institute and the National Conference of Commissioners on Uniform State Laws.
To the extent any provision of the California Civil Code applies to any Report requested by Subscriber, Subscriber agrees that it will be responsible for full compliance with all applicable requirements of the California Civil Code, and that Applycheck will have no such responsibility.
If there is any litigation or arbitration proceeding between Subscriber and Applycheck, whether relating to this Agreement or otherwise, in addition to all other appropriate relief, the prevailing party will be entitled to recover its attorneys’ fees and other costs incurred in the proceedings.
This Agreement sets forth the parties’ entire understanding with respect to the subject matter hereof and in regard to its subject matter, this Agreement supersedes all prior letters of intent, agreements, arrangements, communications, representations, and warranties, whether oral or written, by any officer, employee, or representative of either party.
This Agreement is effective when (i) Applycheck receives from Subscriber all documents Applycheck requires to open the account and (ii) Applycheck activates Subscriber’s account. After this Agreement becomes effective, it will continue in full force and effect until terminated by either Subscriber or Applycheck.
SUBSCIRBER AGREES THAT IN NO EVENT SHALL APPLYCHECK BE LIABLE UNDER ANY THEORY OF LIABILITY (INCLUDING, BUT NOT LIMITED TO, BREACH OF CONTRACT, BREACH OF WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER THEORY OF LIABILITY) FOR (A) DIRECT DAMAGES OR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES SUCH AS, BUT NOT LIMITED TO, DOWN-TIME, INTERRUPTION IN USE, UNAVAILABILITY OF PRODUCT OR SERVICE, LOSS OF INFORMATION OR DATA, LOST PROFITS, EXEMPLARY OR PUNITIVE DAMAGES, OR ANY OTHER DAMAGES, WHETHER OR NOT FORESEEABLE AND WHETHER OR NOT APPLYCHECK OR ITS REPRESENTATIVES OR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) ANY OTHER CLAIM, DEMAND OR DAMAGES OF ANY KIND OR NATURE RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE DELIVERY, USE OR PERFORMANCE OF APPLYCHECK’S PRODUCTS AND SERVICES. THIS LIMITATION OF LIABILITY ALSO EXTENDS TO ANY SUPPLIER OR LICENSOR OF ALL OR ANY PART OF APPLYCHECK’S PRODUCTS AND SERVICES. EACH SUCH SUPPLIER OR LICENSOR IS AN INTENDED BENEFICIARY OF THIS LIMITATION OF LIABILITY.

Subscriber’s Re-Certification of Fair Credit Reporting Act (FCRA) Permissible Purpose(s)

Subscriber hereby certifies that all of its orders for information products from Applycheck, LLC. shall be made, and the resulting reports shall be used, for the following Fair Credit Reporting Act,

15 U.S.C. § 1681 et seq., permissible purposes only: (Please check all that apply)

	Section 604(a)(2). As instructed by the consumer in writing. (Tenant Screening)
	Section 604(a) (3) (B). For employment purposes, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission.

Employment

Reseller has access to consumer reports from one or more consumer credit reporting agencies.

Subscriber has a need for consumer credit information in connection with the evaluation of individuals for employment, promotion, reassignment or retention as an employee ("Consumer Report for Employment Purposes").

Subscriber shall request Consumer Report for Employment Purposes pursuant to procedures prescribed by Reseller from time to time only when it is considering the individual inquired upon for employment, promotion, reassignment or retention as an employee, and for no other purpose.

Subscriber certifies that it will not request a Consumer Report for Employment Purposes unless:

A clear and conspicuous disclosure is first made in writing to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes;

The consumer has authorized in writing the procurement of the report; and

Information from the Consumer Report for Employment Purposes will not be used in violation of any applicable federal or state equal employment opportunity law or regulation.

Subscriber further certifies that before taking adverse action in whole or in part based on the Consumer Report for Employment Purposes, it will provide the consumer:

A copy of the Consumer Report for Employment Purposes; and a copy of the consumer’s rights, in the format approved by the FTC, which notice shall be supplied to Subscriber by Reseller.

Subscriber agrees that it shall use Consumer Report for Employment Purposes only for a one-time use, and to hold the report in strict confidence, and not to disclose it to any third parties not involved in the current employment decision. Subscriber agrees they WILL NOT resell any Applycheck, LLC. report.

Subscriber will maintain copies of all written authorizations for two (2) years from the date of inquiry.

With just cause, such as delinquency or violation of the terms of this contract or a legal requirement, Reseller may, upon its election, discontinue serving the Subscriber and cancel this Agreement immediately.

Tenant

Reseller has access to consumer reports from one or more consumer reporting agencies.

Subscriber has a permissible purpose for obtaining consumer reports, as defined by Section 604 of the Federal Fair Credit Reporting Act (15 USC 1681b) as amended by the Consumer Credit Reporting Reform Act of 1996, hereinafter called “FCRA.” The End User certifies their permissible purpose as:
1. In connection with tenant screening application involving the consumer
Subscriber certifies that it will request consumer reports pursuant to procedures prescribed by Reseller from time to time only for the permissible purpose certified above, and will use the reports obtained for no other purpose.
Subscriber will maintain copies of all written authorizations for two (2) years from the date of inquiry.
THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18, OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH.
Subscriber shall use each consumer report only for a one-time use and shall hold the Consumer Report in strict confidence, and not to disclose it to any third parties; provided, however, that Subscriber may, but is not required to, disclose the Consumer Report to the subject of the Consumer Report only in connection with an adverse action based on the Consumer Report. Moreover, unless explicitly authorized in this Agreement or in a separate agreement, between Reseller and Subscriber, for scoring services obtained through Reseller, End User shall not disclose to consumers or any third party, any nor all such resulting scores provided pursuant to this Agreement, unless expressly required by law.
With just cause, such as delinquency or violation of the terms of this contract or a legal requirement, or a material change in existing legal requirements, which adversely affects this Agreement, Reseller may, upon its election, discontinue serving the End User and cancel this Agreement immediately.
Subscriber agrees they WILL NOT resell any Applycheck, LLC screening reports.

Subscriber’s Re-Certification of Legal Compliance

Subscriber certifies to Applycheck, LLC. that the information products it receives will not be used in violation of any applicable federal, state or local laws. Subscriber accepts full responsibility for complying with all such laws and for using the information products it receives from Applycheck, LLC. in a legally acceptable fashion. Subscriber further accepts full responsibility for any and all consequences of use and/or dissemination of those products.

Subscriber agrees to have reasonable procedures to secure the confidentiality of private information. Subscriber agrees to take precautionary measures to protect the security and dissemination of this information including, without limitation, restricting terminal access, utilizing passwords to restrict access to terminal devices, and securing access to, dissemination, and destruction of electronic and hard copy reports.

Likewise, as a condition of entering into this Agreement, Subscriber certifies that it has in place reasonable procedures designed to comply with all applicable local, state, and federal laws. Subscriber also certifies that it will retain any information it receives from Applycheck, LLC. for a period of two years from the date the report was received.

When Information Products are Used for Employment Purposes

If the information products Subscriber obtains from Applycheck, LLC. are to be used for an employment purpose, Subscriber certifies that prior to obtaining or causing a “consumer report” and/or “investigative consumer report” to be obtained, a clear and conspicuous disclosure, in a document consisting solely of the disclosure, will be made in writing to the consumer explaining that a consumer report and/or investigative consumer report may be obtained for employment purposes. This disclosure will satisfy all requirements identified in Section 606(a) (1) of the FCRA, as well as any applicable state or local laws. The consumer will have authorized, in writing, the obtaining of the report by Subscriber.

If the consumer may be denied employment or receive another adverse action based in whole or part on information products provided by Applycheck, LLC. Subscriber will provide to the consumer: (1) a copy of the report, and (2) a description, in writing, of the rights of the consumer entitled “A Summary of Your Rights Under the Fair Credit Reporting Act.” After the appropriate waiting period, Subscriber will issue to the consumer notice of the adverse action taken, including the statutorily-required notice identified in Section 615 of the Fair Credit Reporting Act. Among other things, such notice will include: (1) the name, address, and telephone number of consumer reporting agency Applycheck, LLC., (2) a statement that the consumer reporting agency did not make the decision to take the adverse action and is unable to provide the consumer the specific reasons why the adverse action was taken, (3) a statement that the consumer may obtain a free copy of the consumer report from the consumer reporting agency within 60 days pursuant to Section 612 of the Fair Credit Reporting Act, and (4) a statement that the consumer has the right to dispute with the consumer reporting agency the accuracy or completeness of any information in a consumer report furnished by the agency.

Subscriber hereby acknowledges that it has received a copy of the Summary of Rights (16 C.F.R. Part 601, Appendix A) and Notice of Users of Consumer Reports (16 C.F.R. Part 601, Appendix C).

Subscriber also acknowledges that it is aware that local, state, and federal laws and regulations impact how and under what circumstances Subscriber may use criminal history information, credit history information, and other consumer report information. Subscriber assumes full responsibility for complying with all applicable laws and regulations. Among other things, Subscriber has or will become familiar with April 2012 EEOC Enforcement Guidance explaining how employers may utilize criminal history information in compliance with Title VII of the Civil Right Acts of 1964, as amended.

When Information Products Are Used For Tenant Screening Purposes

If the information products Subscriber obtains from Applycheck, LLC. are to be used for tenant screening, Subscriber agrees that it will first obtain the written consent of the consumer to do so.

If Subscriber takes adverse action against a tenant or prospective tenant based upon a consumer report or investigative consumer report from Applycheck, LLC. Subscriber agrees to follow all adverse action requirements specified in Section 615 of the Fair Credit Reporting Act. Among other things, Subscriber agrees that it will provide a notice to the consumer that includes: (1) the name, address, and telephone number of consumer reporting agency Applycheck, LLC., (2) a statement that the consumer reporting agency did not make the decision to take the adverse action and is unable to provide the consumer the specific reasons why the adverse action was taken, (3) a statement that the consumer may obtain a free copy of the consumer report from the consumer reporting agency within 60 days pursuant to Section 612 of the Fair Credit Reporting Act, and (4) a statement that the consumer has the right to dispute with the consumer reporting agency the accuracy or completeness of any information in a consumer report furnished by the agency.

Additional Requirements for Investigative Consumer Reports

In addition to the requirements identified above, and regardless of whether the screening is being done in connection with an employment or tenant situation, if the consumer makes a written request within a reasonable amount of time, Subscriber will provide: (1) information about whether an investigative consumer report has been requested; (2) if an investigative consumer report has been requested, written disclosure of the nature and scope of the investigation requested; and (3) Applycheck, LLC.’s contact information, including complete address and telephone number. This information will be provided to the consumer no later than five (5) days after the request for such disclosure is received from the consumer or such report is first requested, whichever is the latter.

Additional Requirements for Motor Vehicle Records (MVRs) and Driving Records

Subscriber hereby certifies that Motor Vehicle Records and/or Driving Records (MVRs) shall only be ordered in strict compliance with the Driver Privacy Protection Act (“DPPA” at 18 U.S.C. § 2721 et seq.) and any related state laws. Subscriber further certifies that no MVRs shall be ordered without first obtaining the written consent of the consumer to obtain “driving records,” evidence of which shall be transmitted to Applycheck, LLC, in the form of the consumer’s signed release authorization form. Subscriber also certifies that it will use this information only in the normal course of business to obtain lawful information relating to the holder of a commercial driver’s license or to verify information provided by an applicant or employee. Subscriber shall not transmit any data contained in the resulting MVR via the public internet, electronic mail or any other unsecured means.

Additional Requirements for International Background Checks

Subscriber understands that international background checks will be conducted through a third-party contractor. Because of differences in foreign laws, language, and the manner in which foreign records are maintained and reported, Applycheck, LLC. cannot be a guarantor or insurer of the accuracy of the information reported. Subscriber agrees to release Applycheck, LLC. and its affiliated companies, officers, agents, employees, and independent contractors, from any liability whatsoever in connection with international background checks performed by Applycheck, LLC.

General Provisions

Subscriber agrees not to resell, sub-license, deliver, display or otherwise distribute to any third party any of the information products addressed herein, except as required by law. Subscriber may not assign or transfer this Agreement without the prior written consent of Applycheck, LLC. If any of the provisions of this Agreement become invalid, illegal or unenforceable in any respect, the validity, legality, and enforceability of the remaining provisions shall not in any way be impacted. By agreement of the parties, Maryland law shall guide the interpretation of this Agreement, if such interpretation is required. All litigation arising out of this Agreement shall be commenced in the courts of Baltimore County in the state of Maryland, and the parties hereby consent to such jurisdiction and venue. Any written notice by either party shall be delivered personally by messenger, private mail courier service, or sent by registered or certified mail, return receipt requested, postage prepaid. This Agreement shall be construed as if it were jointly prepared. Both parties agree that this Agreement constitutes all conditions of service, present and future. Changes to these conditions may be made only by mutual written consent of an authorized representative of Subscriber and an officer of Applycheck, LLC. The headings of each section shall have no effect upon the construction or interpretation of any part of this Agreement.

If Subscriber is permitted to request consumer reports via Applycheck,LLC.’s website, then, in addition to all other obligations, Subscriber agrees to abide by such additional conditions that may be imposed to utilize the website, provide all required certifications electronically, to maintain complete and accurate files containing all required consent, authorization, and disclosure forms with regard to each consumer for whom a report has been requested, and maintain strict security procedures and controls to assure that its personnel are not able to use Subscriber’s Internet access to obtain reports for improper, illegal or unauthorized purposes.

Subscriber agrees to allow Applycheck, LLC. to audit its records at any time, upon reasonable notice given. Breaches of this Agreement and/or violations of applicable law discovered by Applycheck, LLC. may result in immediate suspension and/or termination of the account, legal action, and/or referral to federal or state regulatory agencies.

If there is a conflict between any of the terms of this Agreement and any terms of any other agreements between the Parties, the terms of this Agreement shall govern.

Confidentiality

Neither party shall reveal, publish or otherwise disclose any Confidential Information to any third party without the prior written consent of the other party. “Confidential Information” means any and all proprietary or secret data; sales or pricing information relating to either party, its operations, employees, products or services, and all information relating to any customer, potential customer, Agent, and/or independent sales outlet. The Parties agree to keep this information confidential at all times during the term of this Agreement, and continuing for five years after receipt of any Confidential Information.

At all times during the term of this Agreement and after termination of this Agreement (regardless of the reason for termination), the Subscriber shall at all times keep secret and confidential all Applycheck, LLC. trade secrets which the Subscriber has acquired before or during the term of this Agreement and shall not disclose the trade secrets to any person or entity or directly or indirectly use the trade secrets for the Subscriber’s own advantage without the prior written consent of Applycheck, LLC. Trade secrets shall have the definition provided for in Section 11-1201 of the Maryland Uniform Trade Secrets Act.

Notwithstanding anything to the contrary herein, in no event shall Applycheck, LLC. be required to destroy, erase or return any consumer reports or applicant data related thereto in Applycheck, LLC.’s files, all of which Applycheck, LLC. shall maintain as a consumer reporting agency in strict accordance with all applicable federal, state, and local laws.

Independent Contractor

The parties agree that the relationship of the parties created by this Agreement is that of independent contractor and not that of employer/employee, principal/agent, partnership, joint venture or representative of the other. Except as authorized hereunder, neither party shall represent to third parties that it is the employer, employee, principal, agent, joint venture or partner with, or representative of the other party.

Fees and Payment

All Sales Final. No Return. No Refund. Subscriber agrees to pay nonrefundable fees and other charges or costs for Applycheck, LLC.’s tenant and employment screening services. Any charges or costs, including but not limited to surcharges and other fees levied by federal, state, county, other governmental agencies, educational institutions, employer verification lines and licensing agencies, incurred by Applycheck, LLC. in servicing Subscriber, will be passed on to Subscriber. At Applycheck, LLC.’s option, payments not received thirty (30) days after the date of the invoice may cause the account to be placed on temporary interruption, with no additional requests being processed until the balance due is paid in full or arrangements have been made with Applycheck, LLC. Accounts with invoices unpaid fifteen (15) days or more will be assessed an interest charge of 1-½% per month, as allowed by applicable law. If the account goes to collection, Subscriber agrees to pay all collection expenses, including attorneys’ fees and court costs. Subscriber agrees that providing credit card information and submitting it electronically to Applycheck, LLC presents a legal authorization to debit the card for the orders placed or for non-payment per the 15-day terms. Subscriber agrees that prices for services are subject to change without notice, although Applycheck, LLC. will make every reasonable effort to give notice of such change before it becomes effective. Any account that remains inactive for a period of six (6) months will be deemed inactive and may be terminated by Applycheck, LLC.

Warranties and Remedies

Subscriber understands that Applycheck, LLC. obtains the information reported in its information products from various third party sources “AS IS” and, therefore, is providing the information to Subscriber “AS IS”. Applycheck, LLC. makes no representation or warranty whatsoever, express or implied, including but not limited to, implied warranties of merchantability or fitness for particular purpose or implied warranties arising from the course of dealing or a course of performance with respect to the accuracy, validity or completeness of any information products and/or consumer reports, that the information products will meet Subscriber’s needs or will be provided on an uninterrupted basis; Applycheck, LLC. expressly disclaims any and all such representations and warranties.

Subscriber agrees to indemnify, defend, and hold harmless Applycheck, LLC. its successors and assigns, officers, directors, employees, agents, vendors, and suppliers from any and all claims, actions or liabilities arising from or with respect to: (i) any breach by Subscriber of this Agreement or the representations, certifications or warranties made hereunder, (ii) Subscriber’s violation of applicable laws or ordinances, (iii) Subscriber’s negligence, misconduct, recklessness, errors or omissions, (iv) Subscriber’s acquisition of or use of Applycheck, LLC.’s information products or services, or (v) Applycheck, LLC.’s preparation of or delivery of information products or services to Subscriber.

Applycheck, LLC. will not be liable for any indirect, incidental, consequential, or special damages for loss of profits, whether incurred as a result of negligence or otherwise, even if Applycheck, LLC. has been advised of the possibility of such damages.

Applycheck, LLC. does not guarantee Subscriber’s compliance with all applicable laws in its use of reported information and does not provide legal or other compliance-related services upon which Subscriber may rely. Subscriber understands that Applycheck, LLC. is not a law firm and that any documents, communications or information received from Applycheck, LLC. regarding the obtainment or use of background screening reports is not to be considered legal counsel or legal opinion. Subscriber agrees that it will consult with its own legal or other counsel regarding the acquisition and use of background screening information, including but not limited to, the legality of using or relying on reported information and the appropriate procedure for taking adverse action against an applicant based upon a consumer report.

Term and Termination

Either party may cancel this Agreement at any time. Termination of this Agreement by either party does not release Subscriber from its obligation to pay for services rendered or other responsibilities and agreements made.

Force Majeure

Subscriber agrees that Applycheck, LLC. is not responsible for any events or circumstances beyond its control (e.g., including but not limited to war, riots, embargoes, strikes, and/or Acts of God) that prevent Applycheck, LLC. from meeting its obligations under this Agreement.

Waiver

The failure of either party to insist in any one or more cases upon the strict performance of any term, covenant or condition of this Agreement will not be construed as a waiver of subsequent breach of the same or any other covenant, term or condition; nor shall any delay or omission by either party to seek a remedy for any breach of this Agreement be deemed a waiver by either party of its remedies or rights with respect to such a breach.

Severability

If any provision of this Agreement, or the application thereof to any person or circumstance, shall be held invalid or unenforceable under any applicable law, such invalidity or unenforceability shall not affect any other provision of this Agreement that can be given effect without the invalid or unenforceable provision or the application of such provision to other persons or circumstances and, to this end, the provisions hereof are severable.

Access Security Requirements

We must work together to protect the private information of consumers. These security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, you may employ an outside service provider to assist you. Capitalized terms used have the meaning given in the Glossary section. We reserve the right to change these Security Requirements. This information provides minimum baselines for information security.

In accessing the credit reporting services, the following security requirements apply:

Implement Strong Access Control Measures

1.1. Do not provide your Subscriber Codes or passwords to anyone. No one from our company will ever contact you and request your Subscriber Code number or password.

1.2. Proprietary or third-party system access software must have the Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.

1.3. You must request your Subscriber Code password be changed immediately when any system access software is replaced by their system access software or is no longer used; or the hardware on which the software resides is upgraded, changed or disposed of.

1.4. Protect Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).

1.5. Create a separate, unique user ID for each user to enable individual authentication and accountability for access to our system. Each user of the system access software must also have a unique logon password.

1.6. Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on users’ profiles.

1.7. Keep user passwords Confidential.

1.8. Develop strong passwords that are: not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) and that contain a minimum of eight (8) alpha/numeric characters for standard user accounts.

1.9. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.

1.10. Active logins to credit information systems must be configured with a 30 minutes inactive session timeout.

1.11. Restrict the number of key personnel who have access to credit information.

1.12. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in your Contract.

1.13. Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.

1.14. Implement a process to terminate access rights immediately for users who access credit reporting information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.

1.15. After normal business hours, turn off and lock all devices or systems used to obtain credit information.

1.16. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Maintain a Vulnerability Management Program

2.1. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.

2.2. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.

2.3. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. • Implement and follow current best security practices for computer anti-Spyware scanning services and procedures: • Use, implement and maintain a current, commercially available computer anti- Spyware scanning product on all computers, systems and networks. • If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.

Protect Data

3.1. Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)

3.2. All credit reporting data is classified as Confidential and must be secured to this requirement at a minimum.

3.3. Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.

3.4. Encrypt all credit reporting data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.

3.5. Only open email attachments and links from trusted sources and after verifying legitimacy.

Maintain an Information Security Policy

4.1. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.

4.2. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information and to permit identification and prosecution of violators.

4.3. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.

4.4. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.

Build and Maintain a Secure Network

5.1. Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.

5.2. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.

5.3. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.

5.4. Any stand-alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.

5.5. Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.

5.6. Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.

Regularly Monitor and Test Networks

6.1. Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).

6.2. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by protecting against intrusions; securing the computer systems and network devices; and protecting against intrusions of operating systems or software.

Record Retention: The Equal Credit Opportunity Act states that a creditor must preserve all written or recorded information connected with an application for 24 months. In keeping with the ECOA, you are required to retain the credit application and, if applicable, a purchase agreement for a period of not less than 24 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, we will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract. Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.

Acknowledgment

Continuing with the registration process constitutes The Member's consent to conduct a binding electronic transaction with The Company and further consents to receiving notices and related services electronically.

Clicking on I Agree below constitutes The Member's electronic signature and is legally effective and will be used by The Company as if it is a written signature.

Leave this empty:

Your legal name

Your email address

Timestamp

Audit

December 6, 2017 3:20 pm EDT

December 13, 2019 5:07 pm EDT

Document owner [email protected] has handed over this document to [email protected] 2019-12-13 17:07:43 - 108.179.228.213