Incident and Breach Response Sample Clauses

Incident and Breach Response i) Vendor shall report each Computer Security Incident or Security Breach to Customer in an appropriate and timely manner. ii) Vendor shall establish formal Incident response policies and procedures. iii) Vendor shall establish formal documented management responsibilities and procedures to ensure a timely, effective, and orderly response to Computer Security Incidents or Security Breaches. iv) Vendor shall identify appropriate resources to monitor the internal environment for security events, to evaluate security events, and to respond to Incidents in a timely manner. v) In the event of a Computer Security Incident or Security Breach, Vendor shall collect, retain, and present evidence in support of potential legal action in accordance with the rules of evidence in the relevant jurisdiction. vi) Vendor shall, if requested, provide applicable information, including but not limited to, forensic copies, network and activity logs, and reasonable access to Vendor Representatives to assist Customer in investigating the Incident.
Sample 1
AutoNDA by SimpleDocs

Related to Incident and Breach Response

  • Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Timely and Sustained Response Interconnection Customer shall ensure that the Small Generating Facility’s real power response to sustained frequency deviations outside of the deadband setting is automatically provided and shall begin immediately after frequency deviates outside of the deadband, and to the extent the Small Generating Facility has operating capability in the direction needed to correct the frequency deviation. Interconnection Customer shall not block or otherwise inhibit the ability of the governor or equivalent controls to respond and shall ensure that the response is not inhibited, except under certain operational constraints including, but not limited to, ambient temperature limitations, physical energy limitations, outages of mechanical equipment, or regulatory requirements. The Small Generating Facility shall sustain the real power response at least until system frequency returns to a value within the deadband setting of the governor or equivalent controls. An Applicable Reliability Standard with equivalent or more stringent requirements shall supersede the above requirements.

  • Personal Responsibility The Participant and his/her parent(s) or legal guardian(s) certify that Participant has no physical or mental condition that precludes him/her from participating in the Activities and that he/she is not participating against medical advice.

  • General Responsibilities of the Parties 1. The Parties will work together in a spirit of cooperation and partnership, with the responsibilities and accountabilities set out in this Agreement, to implement the Programme Documents in full in a timely, efficient, and effective, manner. 2. The Parties agree to carry out their respective responsibilities in accordance with the provisions of this Agreement, including the Programme Documents. 3. The Parties shall keep each other informed of all relevant activities pertaining to the implementation of the Programme Documents, and shall hold consultations when either Party considers it appropriate, including any circumstance that may affect the achievement of the results of the Programme and the Programme Documents. 4. The Parties shall fulfill their commitments with the fullest regard for the terms and conditions of this Agreement and the principles of the United Nations.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Additional Responsibilities This paragraph applies to all phases of Architect's work. (a) Architect shall be responsible for the professional quality, technical accuracy, timely completion and coordination of all of Architect's work, including that performed by Architect's consultants, and including designs, Drawings, Specifications, reports and other services, irrespective of Owner's approval or acquiescence in same. Architect shall, without additional compensation, correct or revise any errors, omissions or other deficiencies in his work. (b) Architect shall be responsible, in accordance with applicable law, to Owner for all loss or damage to Owner caused by Architect's negligent act or omission; except that Architect hereby irrevocably waives and excuses Owner and its attorneys from compliance with any requirement to obtain a certificate of review as a condition precedent to commencement of an action, including any such requirements set forth in Section 00-00-000, C.R.S. or similar statute. (c) Architect's professional responsibility shall comply with the standard of care applicable to the type of engineering and architectural services provided, commensurate with the size, scope and nature of the Project. (d) Architect shall be completely responsible for the safety of Architect's employees in the execution of work under this Agreement, shall provide all necessary safety equipment for said employees, and shall hold harmless and indemnify and defend Owner from any and all claims, suits, loss or injury to Architect's employees. (e) Architect acknowledges that, due to the nature of architectural and related professional services and the impact of same on the Project, the Owner has a substantial interest in the personnel and consultants to whom Architect assigns principal responsibility for services performed under this Agreement. Consequently, Architect represents that Architect has selected and intends to employ or assign the key personnel and consultants identified in Appendix C - "Identification of Personnel, Subcontractors and Task Responsibility", attached hereto for the Project assignments and areas of responsibility stated therein. Within 10 days of execution of this Agreement, Owner shall have the right to object in writing to employment on the Project of any such key person, consultant or assignment of principal responsibility, in which case Architect will employ alternate personnel for such function or reassign such responsibility to another to whom Owner has no reasonable objection. Thereafter, Architect shall not assign or reassign Project work to any person to whom Owner has reasonable objection. Within 5 days of execution of this Agreement, Architect shall designate in writing a Project representative who shall have complete authority to bind Architect, and to whom Owner should address communications. (f) Promptly after execution of this Agreement and upon receipt of authorization from Owner to proceed, Architect shall submit to Owner for approval a schedule showing the order in which Architect proposes to accomplish his work, with dates on which he will commence and complete each major work item. The schedule shall provide for performance of the work in a timely manner so as to not delay Owner's time table for achievement of interim tasks and final completion of Project work, provided however, the Architect will not be responsible for delays beyond his control. (g) Before undertaking any work which Architect considers beyond or in addition to the scope of work and services which Architect has contractually agreed to perform under the terms of this Agreement, Architect shall advise Owner in writing (i) that Architect considers the work beyond the scope of this Agreement, (ii) the reasons the Architect believes the out of scope or additional work should be performed, and (iii) a reasonable estimate of the cost of such work. Architect shall not proceed with such out of scope or additional work until authorized in writing by Owner. The compensation for such authorized work shall be negotiated, but in the event the parties fail to negotiate or are unable to agree as to compensation, then Architect shall be compensated for his direct costs and professional time at the rates set forth in Appendix B - "Fee Schedule".

  • Employee Response The employee upon whom a Notice of Proposed Action has been served shall have seven (7) calendar days to respond to the appointing authority either orally or in writing before the proposed action may be taken. Upon request of the employee and for good cause, the appointing authority may extend in writing the period to respond. If the employee's response is not filed within seven (7) days or during an extension, the right to respond is lost.

  • Professional Responsibility 19.01 The parties agree that resident care is enhanced if concerns relating to professional practice and workload are resolved in a timely and effective manner, as set out below; In the event that the Home assigns a number of residents or a workload to an individual employee or group of employees, such that she or they have cause to believe that she or they are being asked to perform more work than is consistent with proper resident care, she or they shall: i) At the time the workload issue occurs, discuss the issue within the Home to develop strategies to meet resident care needs using current resources. If necessary, using established lines of communication, seek immediate assistance from an individual(s) identified by the Home who has responsibility for timely resolution of workload issues. ii) Failing resolution at the time of occurrence of the workload issue, complain in writing to the Union-Management Committee within twenty (20) calendar days of the alleged improper assignment. The chairperson of the Union-Management Committee shall convene a meeting of the Union-Management Committee within twenty (20) calendar days of the filing of the complaint. The Union-Management Committee shall hear and attempt to resolve the complaint to the satisfaction of both parties. The Employer will provide a written response to the Union, with a copy to the ONA representation within ten (10) calendar days. iii) Prior to the complaint being forwarded to the Independent Assessment Committee, the Union may forward a written report outlining the complaint and recommendations to the Director of Resident Care and/or the Administrator. iv) At any time during this process, the parties may agree to the use of a mediator to assist in the resolution of the Professional Practice issues. v) Any settlement arrived at under 19.01 (a) i) – iii) shall be signed by the parties. vi) Failing resolution of the complaint within twenty (20) calendar days of the meeting of the Union-Management Committee, the complaint shall be forwarded to an independent Assessment Committee composed of three (3) registered nurses; one chosen by the Ontario Nurses' Association, one chosen by the Home and one chosen from a panel of independent registered nurses who are well respected within the profession. The member of the Committee chosen from the panel of independent registered nurses shall act as Chairperson. vii) The Independent Assessment Committee shall set a date to conduct a hearing into the complaint, within twenty (20) calendar days of its appointment, and shall be empowered to investigate as is necessary to properly assess the merits of the complaint. The Independent Assessment Committee shall report its findings, in writing, to the parties within twenty (20) calendar days following completion of its hearing. (b) i) The list of Independent Assessment Committee Chairpersons is attached as Appendix “B”. The members of the panel shall sit in rotation as agreed by the parties. If a panel member is unable to sit within the time limit stipulated, the panel member next scheduled to sit will be appointed by the parties.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!