Incident and Breach Reporting. Web-broker must implement Incident and Breach Handling procedures as required by the NEE SSP and that are consistent with CMS’s Incident and Breach Notification Procedures. Such policies and procedures must identify the Web-broker’s Designated Security and Privacy Official(s), if applicable, and/or identify other personnel authorized to access PII and responsible for reporting to CMS and managing Incidents or Breaches; provide details regarding the identification, response, recovery and follow-up of Incidents and Breaches, which should include Information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes. Web-broker agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (000) 000-0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident.
Incident and Breach Reporting. WBE agrees to report any suspected or confirmed Incident or Breach of PII to the CMS IT Service Desk by telephone at (410) 000- 0000 or 0-000-000-0000 or via email notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx within one hour of discovery of the Incident or Breach. In the event of an Incident or Breach WBE must permit CMS to gather all information necessary to conduct all Incident response activities deemed necessary by CMS. If WBE fails to report an Incident or Breach in compliance with this provision, the WBE may be subject to the Termination provision (Section IV) of this Agreement. Termination pursuant to Section IV may also result where an Incident or Breach is found to have resulted from WBE’s failure to comply with the terms of this Agreement. III.
