Common use of Information Security Incident Management Clause in Contracts

Information Security Incident Management. Contractor communicates information security events and weaknesses associated with information systems in a manner allowing timely corrective action to be taken; All Contractor’s employees, contractors and third-party users of information systems and services are provided awareness training on reporting an observed or suspected incident; and Management of information security incidents and improvements The responsibilities and procedures of Contractor’s management have been established to ensure timely, effective, and orderly response to information security incidents; Contractor has mechanisms in place to enable the security incidents to be quantified and monitored; and Where a follow-up action against a person or organization after an information security incident involves legal action (either civil or criminal), Contractor shall collect, retain and present evidence in conformance with the rules for evidence established in the relevant jurisdiction(s). Business Continuity Management: Contractor has implemented one or more business continuity plans, including an information security plan, to maintain or restore operations and ensure availability of information at the required level and in the required timeframe following interruption to, or failure of, critical business processes; Contractor tests and updates its business continuity plans regularly to ensure that they are up to date and effective; and Contractor shall include the Department’s designated contact in Contractor’s business continuity plans for notification concerning any disruption that may impact the Services.

Information Security Incident Management. Contractor communicates information security events and weaknesses associated with information systems in a manner allowing timely corrective action to be taken; All Contractor’s employees, contractors contractors, and third-party users of information systems and services are provided awareness training on reporting an observed or suspected incident; and Management of information security incidents and improvements The responsibilities and procedures of Contractor’s management have been established to ensure timely, effective, and orderly response to information security incidents; Contractor has mechanisms in place to enable the security incidents to be quantified and monitored; and Where a follow-up action against a person or organization after an information security incident involves legal action (either civil or criminal), Contractor shall collect, retain and present evidence in conformance with the rules for evidence established in the relevant jurisdiction(s). Business Continuity Management: Contractor has implemented one or more business continuity plans, including an information security plan, to maintain or restore operations and ensure availability of information at the required level and in the required timeframe following interruption to, or failure of, critical business processes; Contractor tests and updates its business continuity plans regularly to ensure that they are up to date and effective; and Contractor shall include the Department’s designated contact in Contractor’s business continuity plans for notification concerning any disruption that may impact the Services.