BREACH REPORTING AND NOTIFICATION RESPONSIBILITY Sample Clauses

BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. Upon disclosure of NDNH information from OCSE to SSA, SSA is the responsible party in the event of a confirmed or suspected breach of the information, including responsibility for any costs associated with breach mitigation and remediation. Immediately upon discovery, but in no case later than one hour after discovery of the incident, SSA shall report the confirmed and suspected incidents, in either electronic or physical form, to OCSE as designated in this security addendum. SSA is responsible for all reporting and notification activities, including but not limited to: investigating the incident; communicating with US- CERT; notifying individuals whose information is breached; notifying any third parties including the media; notifying any other public and private sector agencies involved; responding to inquiries about the breach; responding to Congressional inquiries; resolving all issues surrounding the information breach; performing any follow-up activities; correcting the vulnerability that allowed the breach; and any other activity as required by OMB M-17- 12, Preparing for and Responding to a Breach of Personally Identifiable Information, and other federal law and guidance. Policy/Requirements Traceability: US-CERT Federal Incident Notification Guidelines (April 1, 2017); OMB Circular A-130 – Appendix I; OMB M-17-12; NIST SP 800-53 Rev 4, IR-6 OCSE requires systems that process, transmit, or store NDNH information to be granted authorization to operate following the guidelines in NIST 800-37 Revision 1.
Sample 1See All (11)
AutoNDA by SimpleDocs
BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. Upon disclosure of NDNH information from OCSE to the state agency, the state agency is the responsible party in the event of a confirmed or suspected breach of the information, including responsibility for any costs associated with breach mitigation and remediation. Immediately upon discovery, but in no case later than one hour after discovery of the incident, the state agency shall report confirmed and suspected incidents, in either electronic or physical form, to OCSE, as designated in this security addendum. The state agency is responsible for all reporting and notification activities, including but not limited to: investigating the incident; communicating with required state government breach response officials; notifying individuals whose information is breached; notifying any third parties, including the media; notifying any other public and private sector agencies involved; responding to inquiries about the breach; resolving all issues surrounding the information breach; performing any follow-up activities; correcting the vulnerability that allowed the breach; and any other activity, as required by OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, and other federal law and guidance.
Sample 1Sample 2See All (8)
BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. That the Contractor is subject to s. 501.171, F.S., which requires reporting and remedies for breach of security related to third-party confidential information, as well as fines of up to $500,000 for failure to report timely. For persons affected by a breach who reside outside the state of Florida, the Contractor shall comply with the law of the State where the person resides. If this Contract includes access or disclosure of state or federal Child Support Program information, the Contractor shall immediately, upon discovery, but in no case later than one hour after discovery notify the Department’s Contract Manager and the Child Support Program Director of any suspected or confirmed incident involving unauthorized access and/or disclosure of state or federal Child Support Program confidential information.
Sample 1Sample 2Sample 3
BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. Upon disclosure of FPLS information from OCSE or disclosure of CS program information from another state or tribe to the state CS agency, the state CS agency is the responsible party in the event of a breach or suspected breach of the information. Except as otherwise provided in Section II.B.6, if the state CS agency knows or suspects FPLS or CS program information has been breached, in either electronic or physical form, the state CS agency: 1. Alerts the FPLS Director designated on this security agreement immediately upon discovery, but in no case later than one hour after discovery of the incident 2. Follows the state CS agency procedures for responding to a data breach 3. Reports the results of the investigation, mitigation, and resolution to the FPLS Director The state IV-D director or designee is responsible for all reporting, notification, and mitigation activities as well as the associated costs. Reporting, notification, and mitigation activities include but are not limited to: investigating the incident; communicating with required state government breach response officials; notifying individuals whose information is breached; communicating with any third parties, including the media, as necessary; notifying any other public and private sector agencies involved; responding to inquiries about the breach; resolving all issues surrounding the breach of FPLS information and CS program information; performing any necessary follow-up activities to correct the vulnerability that allowed the breach; and any other activity, as required by OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, and other federal law and guidance. The state IV-D director or designee is responsible for ensuring appropriate measures are in place at the data center storing, transmitting, or processing FPLS information and CS program information to report confirmed or suspected incidents of such information to the state IV-D director or designee. Policy/Requirements Traceability: US-CERT Federal Incident Notification Guidelines (April 1, 2017); OMB Circular A-130 Appendix I; OMB M-17-12; NIST SP 800-53 Rev 4, IR-6
Sample 1
BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. SSA shall have appropriate procedures in place to report security or privacy incidents, or suspected incidents involving NDNH information. Confirmed and suspected incidents in either electronic or physical form must be reported following SSA procedures immediately upon discovery but in no case later than one hour after discovery. The incident or suspected incident must also be reported to the FPLS Information Systems Security Officer (ISSO) designated on this security addendum. The requirement for SSA to report suspected incidents of NDNH information to OCSE exists in addition to, not in lieu of, any SSA requirements to report to US-CERT or other agency. Policy/Requirements Traceability: HHS OCIO Policy for IS2PHandbook, IR 6; OMB Circular A130 – Appendix III; OMB M-06-19; OMB M-07-16; NIST SP 800-53 Rev 4, IR-6
Sample 1
BREACH REPORTING AND NOTIFICATION RESPONSIBILITY. Except as otherwise provided in Section V of the security agreement, in the case of a confirmed or suspected data breach involving FPLS information, the organization providing information system services agrees to report the breach immediately upon discovery, but in no case later than one hour after discovery of the incident, to the OCSS security mailbox, xxxxxxxxxxxx@xxx.xxx.xxx. See Security Agreement, Section V, for additional information. Upon disclosure of FPLS information from OCSS to the state agency, the state agency is the responsible party in the event of a confirmed or suspected breach of the information, including responsibility for any costs associated with breach mitigation and remediation. Immediately upon discovery, but in no case later than one hour after discovery of the incident, the state agency must report confirmed or suspected incidents, in either electronic or physical form, to the OCSS security mailbox. The state agency is responsible for all reporting and notification activities, including but not limited to: investigating the incident; communicating with required state government breach response officials; notifying by U.S. mail all individuals whose information is breached; notifying any third parties, including the media; notifying any other public and private sector agencies involved; responding to inquiries about the breach; resolving all issues surrounding the information breach; performing any follow-up activities; correcting the vulnerability that allowed the breach; and any other activity, as required by OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, and other federal law and guidance. Policy/Requirements Traceability: US-CERT Federal Incident Notification Guidelines (April 1, 2017); OMB Circular A-130 – Appendix I; OMB M-17-12; NIST SP 800-53 Rev 5, IR-6 The organization providing information system services must protect the FPLS information and state child support program information and segregate it from the provider’s infrastructure to ensure that only authorized personnel have access to the FPLS information and state child support program information. OCSS reserves the right to audit the state agency and any organization providing information system services to the state agency or to make other provisions to ensure that the state agency is maintaining adequate safeguards to protect the FPLS information and child support program information. Audits ensure that the securit...
Sample 1

Related to BREACH REPORTING AND NOTIFICATION RESPONSIBILITY

  • Reporting Responsibility a) Vendor shall be responsible for reporting all services purchased under the Contract. Vendor shall file the monthly reports, subcontract reports, and pay the administrative fees in accordance with the due dates specified in this section. b) DIR shall have the right to verify required reports and to take any actions necessary to enforce its rights under this section, including but not limited to compliance checks of Vendor’s applicable Contract. Vendor will provide all required documentation at no cost.

  • Customer’s Responsibility The policies in this document apply to the use of Data by Customers, Redistributors and their End Customers. Customers are responsible for compliance with this policy by all members of the Customer’s Group and by all persons to whom they distribute Data where authorised to do so. Turquoise recommends that Customers make this Schedule available to all Subscribers to their services having access to Data which is subject to Charges, reporting requirements or usage restrictions.

  • Reporting Responsibilities The IRA Owner agrees to provide the Custodian with information necessary for the Custodian to prepare any reports required under Code Sections 408(i), 408A(d)(3)(D), and Regulations Sections 1.408-5 and 1.408-6. The Custodian agrees to submit reports to the IRS and the IRA Owner (or Beneficiary(ies) upon the IRA Owner’s death) as prescribed by the IRS and such additional reports as the Custodian may choose to deliver. The Custodian shall furnish annual calendar-year reports concerning the status of the IRA and such information concerning required minimum distributions as is prescribed by the Commissioner of the IRS.

  • Filing Responsibility PARTICIPANT ACKNOWLEDGES THAT IT IS PARTICIPANT’S SOLE RESPONSIBILITY, AND NOT THE CORPORATION’S, TO FILE A TIMELY ELECTION UNDER CODE SECTION 83(b), EVEN IF PARTICIPANT REQUESTS THE CORPORATION OR ITS REPRESENTATIVES TO MAKE THIS FILING ON HIS OR HER BEHALF.

  • Engineers Responsibility The Engineer shall be responsible for the accuracy of its work and shall promptly make necessary revisions or corrections resulting from its errors, omissions, or negligent acts without compensation. The Engineer will not be relieved of the responsibility for subsequent correction of any such errors or omissions or for clarification of any ambiguities until after the construction phase of the project has been completed.

  • Your Responsibility You are solely responsible for the quality, completeness, accuracy, validity and integrity of the image. You are solely responsible if you, intentionally or unintentionally, submit fraudulent, incorrect or illegible images to us or if Mobile Deposit is used, by authorized or unauthorized persons, to submit fraudulent, unauthorized, inaccurate, incorrect or otherwise improper or unusable images to us.

  • Client Responsibility For clarity, the parties agree that in reviewing the documents referred to in clause (b) above, Patheon’s role will be limited to verifying the accuracy of the description of the work undertaken or to be undertaken by Patheon. Subject to the foregoing, Patheon will not assume any responsibility for the accuracy of any application for receipt of an approval by a Regulatory Authority. The Client is solely responsible for the preparation and filing of the application for approval by the Regulatory Authority and any relevant costs will be borne by the Client.

  • REPORTING - NOTIFICATION A. Quarterly Reports In addition to any reports required pursuant to §19 or pursuant to any exhibit, for any contract having a term longer than 3 months, Local Agency shall submit, on a quarterly basis, a written report specifying progress made for each specified performance measure and standard in this Agreement. Such progress report shall be in accordance with the procedures developed and prescribed by the State. Progress reports shall be submitted to the State not later than five (5) Business Days following the end of each calendar quarter or at such time as otherwise specified by the State.

  • Contractor Responsibility (a) The Contractor shall be responsible for the entire Performance under the Contract regardless of whether the Contractor itself performs. The Contractor shall be the sole point of contact concerning the management of the Contract, including Performance and payment issues. The Contractor is solely and completely responsible for adherence by the Contractor Parties to all applicable provisions of the Contract. (b) The Contractor shall exercise all reasonable care to avoid damage to the State's property or to property being made ready for the State's use, and to all property adjacent to any work site. The Contractor shall promptly report any damage, regardless of cause, to the State.

  • Seller’s Responsibility If the Seller determines that the Interface Problem is primarily attributable to the design of a Warranted Part, the Seller shall, if so requested by the Buyer and pursuant to the terms and conditions of Clause 12.1, correct the design of such Warranted Part to the extent of the Seller’s obligation as defined in Clause 12.1.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!