Economic Impact Assessment guidelines Sample Clauses

Economic Impact Assessment guidelines. In this section we provide guidelines on how to assign values to the consequence indicators in a risk model. For a given company, assessing the economic impact of a cyber incident is a difficult problem, due to the large number of factors potentially affecting the outcome, such as: a) the type of industry; b) the geographical location where the company operates; c) the company size; d) internal policies, etc.. If a sufficient amount of economic losses data (internal and/or external) were available, the consequence indicators could be derived from quantitative analysis of such data. However, in general few companies systematically collect such data and, if they do, they tend to not disclose such data due to their sensitivity. Therefore, there is very little publicly available data regarding cyber losses at this moment. When the General Data Protection Regulation (GDPR) [29] takes effect, Data Breaches will be notified to Authority and User, and probably more data will be available. Since a sufficient amount of data is likely to be unavailable, to obtain an economic assessment for a given company we propose a scenario analysis approach of the type used in operational risk management [26]. This combines the following elements:  expert opinion from company members (management, IT); this provides information regarding the company’s financial situation and main assets, internal policies, availability of qualified personnel, etc.  expert opinion from an external consultant, non-publicly available data;  publicly available studies and surveys, such as Ponemon’s or ENISA reports [24][25]; this provides an overview of the main global drivers of the impacts, such as the industry type and geographical location, most common and most expensive attack types. The main steps involved in an scenario analysis are:  analysis of the company’s financial situation and the main ICT infrastructure to choose the types of attacks to be analyzed and the loss types involved.  building a questionnaire to quantify the loss types based on the information gathered in step 1.  questionnaire interviews with the company’s management and/or internal experts.  estimating consequence parameters from the information contained in the answers.
Sample 1
AutoNDA by SimpleDocs

Related to Economic Impact Assessment guidelines

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures. 2. Each Party shall seek to enhance the acceptance of the results of conformity assessment procedures conducted in the territories of other Parties with a view to increasing efficiency, avoiding duplication and ensuring cost effectiveness of the conformity assessments. In this regard, each Party may choose, depending on the situation of the Party and the specific sectors involved, a broad range of approaches. These may include but are not limited to: (a) recognition by a Party of the results of conformity assessments performed in the territory of another Party; (b) recognition of co-operative arrangements between accreditation bodies in the territories of the Parties; (c) mutual recognition of conformity assessment procedures conducted by bodies located in the territory of each Party; (d) accreditation of conformity assessment bodies in the territory of another Party; (e) use of existing regional and international multilateral recognition agreements and arrangements; (f) designating conformity assessment bodies located in the territory of another Party to perform conformity assessment; and (g) suppliers’ declaration of conformity. 3. Each Party shall exchange information with other Parties on its experience in the development and application of the approaches in Paragraph 2(a) to (g) and other appropriate approaches with a view to facilitating the acceptance of the results of conformity assessment procedures. 4. A Party shall, upon request of another Party, explain its reasons for not accepting the results of any conformity assessment procedure performed in the territory of that other Party.

  • Child Abuse Reporting Requirement Grantee will: a. comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. b. develop, implement and enforce a written policy that includes at a minimum the System Agency’s Child Abuse Screening, Documenting, and Reporting Policy for Grantees/Providers and train all staff on reporting requirements. c. use the System Agency Child Abuse Reporting Form located at xxxxx://xxx.xxxx.xxxxx.xx.xx/Contact Us/report abuse.asp as required by the System Agency. d. retain reporting documentation on site and make it available for inspection by the System Agency.

  • Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.

  • General Guidelines Conduct yourself in a responsible manner at all times in the laboratory.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Developer Operating Requirements The Developer must comply with the Transmission Owner’s operating instructions and requirements including but not limited to Transmission Owner’s Operation Coordination Agreement, as it may change from time to time. The Developer must comply with all applicable NYISO tariffs and procedures, as amended from time to time. Whether or not the Large Generating Facility is eligible for the Transition Period LVRT Standard set forth in Appendix G will be determined by the Commission. The Large Generating Facility will comply with the Transition Period LVRT Standard pending issuance of an order by the Commission determining the appropriate LVRT standard. For purposes of compliance with Appendix G, the Transmission Owner has determined that the Developer shall maintain the Large Generating Facility in service during a three-phase fault for 7 cycles. Infrastructure security of New York State Transmission System equipment and operations and control hardware and software is essential to ensure day-to-day New York State Transmission System reliability and operational security. The Commission will expect the NYISO, all Transmission Owners, all Developers and all other Market Participants to comply with the recommendations offered by the President’s Critical Infrastructure Protection Board and, eventually, best practice recommendations from the electric reliability authority. All public utilities will be expected to meet basic standards for system infrastructure and operational security, including physical, operational, and cyber-security practices. All personnel working in Transmission Owner’s facilities will require security background checks prior to entering and working in such facilities. New York Independent System Operator, Inc. Attn: Vice President, Operations 0000 Xxxxxx Xxxx Schenectady, NY 12303 Senior Vice President of Transmission New York Power Authority 000 Xxxx Xx. Xxxxx Xxxxxx, XX 00000-0000 Re: Large Generating Facility Dear : On [Date] [Developer] has completed Trial Operation of Unit No. . This letter confirms that [Developer] commenced Commercial Operation of Unit No. at the Large Generating Facility, effective as of [Date plus one day]. Thank you. NYISO:

  • Hot Weather Guidelines For the purposes of site based discussions regarding the need to plan and perform work during expected periods of hot weather, the following issues shall be considered in conjunction with proper consideration of Occupational Health and Safety issues.

  • Conformity with Plan This Agreement is intended to conform in all respects with, and is subject to all applicable provisions of, the Plan. Inconsistencies between this Agreement and the Plan shall be resolved in accordance with the terms of the Plan. In the event of any ambiguity in this Agreement or any matters as to which this Agreement is silent, the Plan shall govern. A copy of the Plan is available upon request to the Administrator.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!