Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.
Personal Information security breach Supplier/Service Provider’s Obligations
a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data.
b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved.
c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise.
d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.
Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.
Security Incident Notification The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.
Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.
Supplemental Vendor Information Only) No response Optional. If Vendor desires that their logo be displayed on their public TIPS profile for TIPS and TIPS Member viewing, Vendor may upload that logo at this location. These supplemental documents shall not be considered part of the TIPS Contract. Rather, they are Vendor Supplemental Information for marketing and informational purposes only. Some participating public entities are required to seek Disadvantaged/Minority/Women Business & Federal HUBZone ("D/M/WBE/Federal HUBZone") vendors. Does Vendor certify that their entity is a D/M/WBE/Federal HUBZone vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. NO Some participating public entities are required to seek Historically Underutilized Business (HUB) vendors as defined by the Texas Comptroller of Public Accounts Statewide HUB Program. Does Vendor certify that their entity is a HUB vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. No Can the Vendor provide its proposed goods and services to all 50 US States? No
Vendor Logo (Supplemental Vendor Information Only) No response Optional. If Vendor desires that their logo be displayed on their public TIPS profile for TIPS and TIPS Member viewing, Vendor may upload that logo at this location. These supplemental documents shall not be considered part of the TIPS Contract. Rather, they are Vendor Supplemental Information for marketing and informational purposes only. Some participating public entities are required to seek Disadvantaged/Minority/Women Business & Federal HUBZone ("D/M/WBE/Federal HUBZone") vendors. Does Vendor certify that their entity is a D/M/WBE/Federal HUBZone vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. NO Some participating public entities are required to seek Historically Underutilized Business (HUB) vendors as defined by the Texas Comptroller of Public Accounts Statewide HUB Program. Does Vendor certify that their entity is a HUB vendor? If you respond "Yes," you must upload current certification proof in the appropriate "Response Attachments" location. No Can the Vendor provide its proposed goods and services to all 50 US States? Yes
Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
(2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program.
(3) DTI shall comply with its Information Security Program.
Statement of Additional Information The Manager shall determine from time to time what securities and other investments will be purchased (including, as permitted in accordance with this paragraph, swap agreements, options and futures), retained, sold or exchanged by the Fund and what portion of the assets of the Funds portfolio will be held in the various securities and other investments in which the Fund invests, and shall implement those decisions (including the execution of investment documentation), all subject to the provisions of the Trusts Declaration of Trust and By-Laws (collectively, the Governing Documents), the 1940 Act, and the applicable rules and regulations promulgated thereunder by the Securities and Exchange Commission (the SEC) and interpretive guidance issued thereunder by the SEC staff and any other applicable federal and state law, as well as the investment objectives, policies and restrictions of the Fund referred to above, and any other specific policies adopted by the Board and disclosed to the Manager. The Manager is authorized as the agent of the Trust to give instructions to the custodian of the Fund as to deliveries of securities and other investments and payments of cash for the account of the Fund. Subject to applicable provisions of the 1940 Act and direction from the Board, the investment program to be provided hereunder may entail the investment of all or substantially all of the assets of the Fund in one or more investment companies. The Manager will place orders pursuant to its investment determinations for the Fund either directly with the issuer or with any broker or dealer, foreign currency dealer, futures commission merchant or others selected by it. In connection with the selection of such brokers or dealers and the placing of such orders, subject to applicable law, brokers or dealers may be selected who also provide brokerage and research services (as those terms are defined in Section 28(e) of the Securities Exchange Act of 1934, as amended (the Exchange Act)) to the Funds and/or the other accounts over which the Manager or its affiliates exercise investment discretion. The Manager is authorized to pay a broker or dealer who provides such brokerage and research services a commission for executing a portfolio transaction for the Fund which is in excess of the amount of commission another broker or dealer would have charged for effecting that transaction if the Manager determines in good faith that such amount of commission is reasonable in relation to the value of the brokerage and research services provided by such broker or dealer. This determination may be viewed in terms of either that particular transaction or the overall responsibilities which the Manager and its affiliates have with respect to accounts over which they exercise investment discretion. The Board may adopt policies and procedures that modify and restrict the Managers authority regarding the execution of the Funds portfolio transactions provided herein. The Manager shall also provide advice and recommendations with respect to other aspects of the business and affairs of the Fund, shall exercise voting rights, rights to consent to corporate action and any other rights pertaining to the Fund's portfolio securities subject to such direction as the Board may provide, and shall perform such other functions of investment management and supervision as may be directed by the Board. The Manager may execute on behalf of the Fund certain agreements, instruments and documents in connection with the services performed by it under this Agreement. These may include, without limitation, brokerage agreements, clearing agreements, account documentation, futures and option agreements, swap agreements, other investment related agreements, and any other agreements, documents or instruments the Manager believes are appropriate or desirable in performing its duties under this Agreement.
Contractor Communication or Disclosure The Contractor shall not make any public statements, press releases, publicity releases, or other similar communications concerning the Contract or its subject matter or otherwise disclose or permit to be disclosed any of the data or other information obtained or furnished in compliance with the Contract, without first notifying the Customer’s Contract Manager and securing the Customer’s prior written consent.
