Incident Response and Management Sample Clauses

Incident Response and Management. Protect the organization’s information, including personal data, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight, retainers, and insurance) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the organization’s network and systems.
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
Incident Response and Management. The Processor will implement and maintain a comprehensive incident response and management process designed to address and manage actions required by Processor as a result of a cyber attack or network security breach. Processor will maintain appropriate access controls, including, but not limited to, restricting access to Personal Data to the minimum number of Processor personnel who require such access. Only authorized staff can grant, modify or revoke access to an information system that uses or houses Personal Data. Processor will maintain an audit log. User administration procedures define user roles and their privileges, and how access is granted, changed and terminated; address appropriate segregation of duties; and define the logging/monitoring requirements and mechanisms. All employees of the Processor are assigned unique User IDs. Access rights are implemented adhering to the “principle of least privilege.” Processor will implement commercially reasonable physical and electronic security to create and protect passwords. ON Semiconductor will establish security procedures to prevent Personal Data Processing systems from being used accidentally or without authorization, such as through logical access controls.
Sample 1
Incident Response and Management. The Contractor must: (a) have an incident management plan and an incident response plan; and (b) review and test both incident management and incident response plans annually.
Sample 1
Incident Response and Management. Where possible, partners will take immediate reasonable steps locally to contain any information incident impact that has arisen to support the overall management effort. Wiltshire Council’s Data Controller and Information Governance Lead will work in conjunction with partner organisations Information Governance Leads and Wiltshire Council Head of IT, as necessary, to co-ordinate the initial response to any information security incident from Single View. An initial assessment of the incident will be made to determine a management plan for the incident, including o Identification of members for incident response ‘team’; o Risk Assessment o Containment and recovery actions o Escalation / Notification to stakeholder parties of incident proportionate to the severity and risk of the incident o Mobilisation of any necessary incident response ‘team’. The Incident Management Plan will be a bespoke response to the security incident and shall in addition to the above considerations include an assessment of whether there needs to be an investigation on a criminal basis. This will be documented as a record of actions taken and will be updated as effectiveness of actions are completed and evaluated. The record will be a source for post-incident written reports and recommendations of any remedial action for policy or process improvement. Staff from all Single View partner organisations will be expected to provide relevant information to assist with any investigation that may follow a reported information security incident: in some instances they may be required to lead and undertake aspects of the investigation. Where a crime is suspected, then it should be reported to the Police and any investigative action undertaken must not compromise formal investigative procedures. Staff disciplinary investigations will be undertaken in relation to information security incidents where necessary and these investigations will involve HR and Legal services of affected partner organisations as appropriate. Communications protocols and a coordinated communications plan for the security incident will be put in place resulting from collaboration between stakeholders, for example business partners, third parties, police, media and communications support. Following risk assessment, significant information security incidents will be reported to the Information Commissioners Office. If the information security incident compromises health data a report will also be submitted to HSCIC using th...
Sample 1
Incident Response and Management. The Contractor must: have an incident management plan and an incident response plan; and review and test both incident management and incident response plans annually. The Contractor must notify the Province within 24 hours of the Contractor’s identification of a breach or incident that has affected, or may affect, Province Information. The Contractor must notify the Province of any changes to the Contractor’s security policies, procedures or agreements that may materially lower the security of Province Information.
Sample 1
Incident Response and Management. The Lender Information Risk Management Computer Incident Response Team ("CIRT") will be promptly notified by DealerTrack or its security designee when either DealerTrack or its security designee knows that a Security Event related to Lender's Customer Information at DealerTrack's site has occurred. DealerTrack will provide Lender with access, at DealerTrack's facility, to the hard, unaltered data and logs of the activity within seventy-two (72) hours of request from CIRT, subject to Lender's obligations with respect to confidentiality and reasonableness set forth in Section 23(a)(ii) above. Notwithstanding anything else to the contrary, this access to hard, unaltered data and logs shall not constitute or be deemed one of the two permitted audits set forth in Section 23(a)(ii) above.
Sample 1
Incident Response and Management a. Process to Detect a Security Related Incident. Each Party shall define and maintain a process to monitor and detect unauthorized access to, misuse or misappropriation of or fraudulent activity involving, Covered Information of the other Party by any personnel, temporary staff and third parties (e.g., subcontractor or outsourced service provider) of such Party that it uses to perform any of the obligations to be performed by such Party under the Program (a “Security Related Incident”).
Sample 1
AutoNDA by SimpleDocs
Incident Response and Management 
Sample 1

Related to Incident Response and Management

  • Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.

  • Workload Management 11.1 The parties to this Agreement acknowledge that employees and management have a responsibility to maintain a balanced workload and recognise the adverse affects that excessive workloads may have on employee/s and the quality of resident/client care. 11.2 To ensure that employee concerns involving excessive workloads are effectively dealt with by Management the following procedures should be applied: (a) Step 1: In the first instance, employee/s should discuss the issue with their immediate supervisor and, where appropriate, explore solutions. (b) Step 2: If a solution cannot be identified and implemented, the matter should be referred to an appropriate senior manager for further discussion. (c) Step 3: If a solution still cannot be identified and implemented, the matter should be referred to the Facility Manager for further discussion. (d) Step 4: The outcome of the discussions at each level and any proposed solutions should be recorded in writing and fed back to the effected employees. 11.3 Workload management must be an agenda item at staff meetings on at least a quarterly basis. Items in relation to workloads must be recorded in the minutes of the staff meeting, as well as actions to be taken to resolve the workloads issue/s. Resolution of workload issues should be based on the following criteria including but not limited to: (a) Clinical assessment of residents’ needs; (b) The demand of the environment such as facility layout; (c) Statutory obligation, (including, but not limited to, work health and safety legislation); (d) The requirements of nurse regulatory legislation; (e) Reasonable workloads (such as roster arrangements); (f) Accreditation standards; and (g) Budgetary considerations. 11.4 If the issue is still unresolved, the employee/s may advance the matter through Clause 9 Dispute Resolution Procedure. Arbitration of workload management issues may only occur by agreement of the employer and the employee representative, which may include the union/s.

  • Incident Management 3.1. We shall notify You without undue delay after We becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, stored or otherwise processed by Us or Our sub-processors of which We become aware (“Security Incident”). 3.2. We shall use best efforts to identify the cause of such Security Incident and take the measures We deem necessary and within Our control for remediating and securing Customer Data; We shall coordinate such efforts with You without undue delay.

  • Network Maintenance and Management 38.1 The Parties will work cooperatively to implement this Agreement. The Parties will exchange appropriate information (for example, maintenance contact numbers, network information, information required to comply with law enforcement and other security agencies of the government, escalation processes, etc.) to achieve this desired result. 38.2 Each Party will administer its network to ensure acceptable service levels to all users of its network services. Service levels are generally considered acceptable only when End Users are able to establish connections with little or no delay encountered in the network. Each Party will provide a twenty four (24)-hour contact number for Network Traffic Management issues to the other’s surveillance management center. 38.3 Each Party maintains the right to implement protective network traffic management controls, such as “cancel to”, “call gapping” or seven (7)-digit and ten (10)-digit code gaps, to selectively cancel the completion of traffic over its network, including traffic destined for the other Party’s network, when required to protect the public-switched network from congestion as a result of occurrences such as facility failures, switch congestion or failure or focused overload. Each Party shall immediately notify the other Party of any protective control action planned or executed. 38.4 Where the capability exists, originating or terminating traffic reroutes may be implemented by either Party to temporarily relieve network congestion due to facility failures or abnormal calling patterns. Reroutes shall not be used to circumvent normal trunk servicing. Expansive controls shall be used only when mutually agreed to by the Parties. 38.5 The Parties shall cooperate and share pre-planning information regarding cross-network call-ins expected to generate large or focused temporary increases in call volumes to prevent or mitigate the impact of these events on the public-switched network, including any disruption or loss of service to the other Party’s End Users. Facsimile (FAX) numbers must be exchanged by the Parties to facilitate event notifications for planned mass calling events. 38.6 Neither Party shall use any Interconnection Service provided under this Agreement or any other service related thereto or used in combination therewith in any manner that interferes with or impairs service over any facilities of AT&T-21STATE, its affiliated companies or other connecting telecommunications carriers, prevents any carrier from using its Telecommunications Service, impairs the quality or the privacy of Telecommunications Service to other carriers or to either Party’s End Users, causes hazards to either Party’s personnel or the public, damage to either Party’s or any connecting carrier’s facilities or equipment, including any malfunction of ordering or billing systems or equipment. Upon such occurrence either Party may discontinue or refuse service, but only for so long as the other Party is violating this provision. Upon any such violation, either Party shall provide the other Party notice of the violation at the earliest practicable time. 38.7 AT&T TENNESSEE hereby commits to provide Disaster Recovery to CLEC according to the plan below. 38.7.1 AT&T TENNESSEE Disaster Recovery Plan 38.7.2 In the unlikely event of a disaster occurring that affects AT&T TENNESSEE’s long-term ability to deliver traffic to a CLEC, general procedures have been developed by AT&T TENNESSEE to hasten the recovery process in accordance with the Telecommunications Service Priority (TSP) Program established by the FCC to identify and prioritize telecommunication services that support national security or emergency preparedness (NS/EP) missions. A description of the TSP Program as it may be amended from time to time is available on AT&T TENNESSEE’s Wholesale – Southeast Region Web site. Since each location is different and could be affected by an assortment of potential problems, a detailed recovery plan is impractical. However, in the process of reviewing recovery activities for specific locations, some basic procedures emerge that appear to be common in most cases. 38.7.3 These general procedures should apply to any disaster that affects the delivery of traffic for an extended time period. Each CLEC will be given the same consideration during an outage, and service will be restored as quickly as possible. AT&T TENNESSEE reserves the right to make changes to these procedures as improvements become available or as business conditions dictate. 38.7.4 This plan will cover the basic recovery procedures that would apply to every CLEC.

  • Management Responsibility No Limited Partner, as such, shall take part in the management of the business or transact any business for the Partnership.

  • Management Responsibilities The exclusive representative recognizes the right and obligation of the School Board to efficiently manage and conduct the operation of the School District within its legal limitations and with its primary obligation to provide educational opportunity for the students of the School District.

  • Client Responsibilities You are responsible for (a) assessing each participants’ suitability for the Training, (b) enrollment in the appropriate course(s) and (c) your participants’ attendance at scheduled courses.

  • Student Responsibilities The school provided Chromebook for the student is an important learning tool to be used for educational purposes. In order to use the device each day, the student must be willing to accept the following responsibilities: ● I understand that district officials have the ability to monitor my use of the device AT ALL TIMES IN AND OUT OF SCHOOL and that communications, files, internet search activities, and any other actions using the device are not considered to be private. Note: RCCSD does not have the ability to and will not remotely operate the camera on the device. However, students can cover it when not in use to ensure others are not. ● I understand that the device assigned to me is on loan from Red Clay Consolidated School District. All accounts, programs, and files are subject to inspection at any time without notice. ● I will be responsible for ALL damage or loss of the device due to NEGLECT OR ABUSE including dropping it, getting it wet, and spills of food or drink. ● I will not try to repair my Chromebook. ● At ALL times when using my Chromebook, I will follow the Acceptable Use, Internet Safety Policy, and Student Code of Conduct, and related policies adopted by the Board of Education, and abide by all local, state, and federal laws. ● I will talk with my parent/guardian about their ground rules for going online when not at school. ● I will notify the school principal and my parents of any damage to the device as soon as possible. ● I will charge the Chromebook battery each night and will bring my Chromebook to school every day or be prepared for remote learning. ● I will keep my Chromebook clean. ● I will not lend my device to anyone. This includes family members and friends. Note: I could be held responsible for any inappropriate content on the District issued Chromebook. ● I will keep all passwords assigned to me secure. ● I will only use my account credentials to sign into my Chromebook. ● I am allowed to connect to non-district printers and wireless networks at home and in public places. ● I agree that e-mail or any other computer communication should be used only for appropriate, legitimate, and responsible communication. ● I agree not to share personal information about myself (full name, address, etc.) or about my family, friends or anyone else. ● I agree not to search for, download, display, post, or distribute vulgar, offensive material or images described in applicable district policies. (See the student handbook and/or the district's Acceptable Use Agreement.) ● I agree to abide by all school rules that address electronic device procedures. ● I will return the device when requested, at the end of the school year or upon my withdrawal. ● I agree to not deface or destroy this property in any way. Inappropriate use of the machine may result in the student losing their right to use the Chromebook. ● I understand that identification labels have been placed on the Chromebook. These labels are not to be removed or modified. Additional stickers, labels, tags, or markings of any kind are NOT to be added to the machine.

  • Resident Responsibilities The Resident agrees to pay all fees specified, to observe all rules and regulations of the University of Connecticut and to abide by the Responsibilities of Community Life: The Student Code, this contract and any addendum, as well as other University publications/policies. Residents assume total responsibility for their room/suite/apartment/house and for the behavior and activities which occur within all assigned living areas. Applicants and/or residents cannot exchange money or favors for a room assignment. Failure to fulfill the terms of the above may lead to termination of this contract, removal from on-campus housing, and a community standards process resulting in a sanction, including but not limited to expulsion.

  • Client Responsibility For clarity, the parties agree that in reviewing the documents referred to in clause (b) above, Patheon’s role will be limited to verifying the accuracy of the description of the work undertaken or to be undertaken by Patheon. Subject to the foregoing, Patheon will not assume any responsibility for the accuracy of any application for receipt of an approval by a Regulatory Authority. The Client is solely responsible for the preparation and filing of the application for approval by the Regulatory Authority and any relevant costs will be borne by the Client.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!