Common use of Incident Response Plan Clause in Contracts

Incident Response Plan. Supplier shall be able to implement and maintain an existing incident response plan containing milestones and service level-agreements for its incident response capability, describing the structure and organization of the incident response capability, providing a high-level approach for how the incident response capability aligns with its overall organizational policies and procedures, and meets the unique requirements of the Supplier, which relate to mission, size, structure, and functions. The incident response plan will also define reportable incidents and resources needed to effectively maintain and mature an incident response capability, as well as provide metrics for measuring the incident response capability. The plan shall then be approved by designated Supplier officials. 13.3.1. Copies of the incident response plan shall be distributed to incident response personnel and Supplier organization elements. 13.3.2. Reviews of the incident response plan shall occur annually and include a table-top exercise, documentation, test plan, and results. 13.3.3. Revisions to the incident response plan shall be made to address system/organizational changes or problems encountered during plan implementation, execution, or testing. 13.3.4. Supplier shall communicate incident response plan changes to incident response personnel and organizational elements.

Incident Response Plan. Supplier shall be able to implement and maintain an existing incident response plan containing milestones and service level-agreements for its incident response capability, describing the structure and organization of the incident response capability, providing a high-level approach for how the incident response capability aligns with its overall organizational policies and procedures, procedures and meets the unique requirements of the Supplier, which relate to mission, size, structure, structure and functions. The incident response plan will also define reportable incidents and resources needed to effectively maintain and mature an incident response capability, as well as provide metrics for measuring the incident response capability. The plan shall then be approved by designated Supplier officials. 13.3.1. Copies of the incident response plan shall be distributed to incident response personnel and Supplier organization elementspersonnel. 13.3.2. Reviews of the incident response plan shall occur annually and include a table-top exercise, documentation, test plan, plan and results. 13.3.3. Revisions to the incident response plan shall be made to address system/organizational changes or problems encountered during plan implementation, execution, or testing. 13.3.4. Supplier shall communicate incident response plan changes to incident response personnel and organizational elementspersonnel.