Vendor Information Security Agreement

(b) Corrections. Operating system security patches and application security patches should be applied immediately to all computers when assigned. Computers must be configured to automatically receive security patches for the operating system and software security patents when they are released, unless these patches may affect the operation of the computer. In this case, the patches should be tested immediately and applied after completing the tests. If a security patch cannot be used because it disrupts the operation of the computer, effective controls must be implemented to mitigate the risks and inform the Syneos Health Liaison Officer. Your access to SSI and/or SSS, including but not limited to safe Software`s customer and/or employee information, is subject to your continued compliance with this Policy. We may immediately, automatically and unconditionally revoke your access and all links and interfaces on SSI and/or SSS, without any reason or reason. a) the supplier must comply with a formal written information security directive or guidelines and procedures for the management of information security throughout the enterprise, in accordance with ISO 27001: 2013. 4. The Supplier shall remove access to the Supplier`s facilities and networks in which syneos contains or processes syneos health information for the Supplier`s employee within one (1) working day following the termination of the employment relationship, including revocation of access to the Facilities, withdrawal of accounts to the Applications, remote access systems and functions. The Supplier shall also ensure that the Supplier`s personnel (i) return all computers and other assets of the Supplier having access to or with confidential information; and (ii) no longer have access to Syneos Health`s facilities, networks and/or confidential information. The processes and responsibility for implementing these actions must be clearly defined and documented. These security controls apply to personnel, processes and/or technologies involved in the work that you or your third party vendors perform with or on behalf of Safe Software.

(d) exchange of information. The provider may transfer confidential syneos health information over the Internet, using only encrypted mechanisms (e.g. .B HTTPS, SSL, SFTP, TLS). . . .