Reporting Security Incidents and Breaches to FHKC Sample Clauses

Reporting Security Incidents and Breaches to FHKC. BA shall track all Security Incidents and shall periodically report such Security Incidents in summary fashion as may be requested by FHKC, but not less than annually within sixty (60) days of each anniversary of this Agreement. The BA shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for BA’s operations. The BA shall promptly and, with every commercially reasonable effort, within 15 hours of discovery, notify FHKC’s Privacy Officer of any Security Incident, including any Breach of Security under section 501.171, Florida Statutes, in a preliminary report , with a full report of the incident within five (5) Business Days of the time it became aware of the incident. The BA shall likewise notify FHKC in a preliminary report within two (2) Business Days of any unauthorized Access or acquisition, including but not limited to internal User Access to non-test records reported to BA’s privacy manager, and any Use, Disclosure, modification, or destruction of PHI by an employee or otherwise authorized User of its system of which it becomes aware with a full report of the incident within five (5) Business Days from the time it became aware of the incident. BA shall identify in writing key contact persons for administration, Data processing, marketing, information systems and audit reporting within thirty (30) days of the execution of this Agreement. BA shall notify FHKC of any reduction of in-house staff during the term of this Agreement, in writing, within ten (10) Business Days. When reporting any Security Incident or Breach, BA shall use the “Notification to FHKC of Security Incident or Breach of Protected Health Information” form attached hereto.
AutoNDA by SimpleDocs
Reporting Security Incidents and Breaches to FHKC. [EQRO] shall track all Security Incidents and shall periodically report such Security Incidents in summary fashion as may be requested by FHKC, but not less than annually within sixty (60) days of each anniversary of this BAA. The [EQRO] shall reasonably use its own vulnerability assessment of damage potential and monitoring to define levels of Security Incidents and responses for [EQRO]’s operations.

Related to Reporting Security Incidents and Breaches to FHKC

  • Reporting Security Incidents The Business Associate will report to the County any Incident of which the Business Associate becomes aware that is:

  • Breaches and Security Incidents During the term of the Agreement, CONTRACTOR 27 agrees to implement reasonable systems for the discovery of any Breach of unsecured DHCS PI and PII 28 or security incident. CONTRACTOR agrees to give notification of any beach of unsecured DHCS PI 29 and PII or security incident in accordance with subparagraph F, of the Business Associate Contract, 30 Exhibit B to the Agreement.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Reporting Unsuccessful Security Incidents Business Associate shall provide Covered Entity upon written request a Report that: (a) identifies the categories of Unsuccessful Security Incidents; (b) indicates whether Business Associate believes its current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts; and (c) if the security measures are not adequate, the measures Business Associate will implement to address the security inadequacies.

  • Reporting Incidents The Interconnection Parties shall report to each other in writing as soon as practical all accidents or occurrences resulting in injuries to any person, including death, and any property damage arising out of the Interconnection Service Agreement.

  • Security Incident “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

  • FALSE STATEMENTS; BREACH OF REPRESENTATIONS The Parties acknowledge that this Agreement has been negotiated, and is being executed, in reliance upon the information contained in the Application, and any supplements or amendments thereto, without which the Comptroller would not have approved this Agreement and the District would not have executed this Agreement. By signature to this Agreement, the Applicant:

  • Security Incidents 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process:

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request. In addition to the requirements set forth in any applicable Business Associate Agreement as may be attached to this Contract, in the event of any actual security breach or reasonable belief of an actual security breach the Contractor either suffers or learns of that either compromises or could compromise State Data (a “Security Breach”), the Contractor shall notify the State within 24 hours of its discovery. Contractor shall immediately determine the nature and extent of the Security Breach, contain the incident by stopping the unauthorized practice, recover records, shut down the system that was breached, revoke access and/or correct weaknesses in physical security. Contractor shall report to the State: (i) the nature of the Security Breach; (ii) the State Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure; and (v) what corrective action the Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. The Contractor shall provide such other information, including a written report, as reasonably requested by the State. Contractor shall analyze and document the incident and provide all notices required by applicable law. In accordance with Section 9 V.S.A. §2435(b)(3), the Contractor shall notify the Office of the Attorney General, or, if applicable, Vermont Department of Financial Regulation (“DFR”), within fourteen (14) business days of the Contractor’s discovery of the Security Breach. The notice shall provide a preliminary description of the breach. The foregoing notice requirement shall be included in the subcontracts of any of Contractor’s subcontractors, affiliates or agents which may be “data collectors” hereunder. The Contractor agrees to fully cooperate with the State and assume responsibility at its own expense for the following, to be determined in the sole discretion of the State: (i) notice to affected consumers if the State determines it to be appropriate under the circumstances of any particular Security Breach, in a form recommended by the AGO; and (ii) investigation and remediation associated with a Security Breach, including but not limited to, outside investigation, forensics, counsel, crisis management and credit monitoring, in the sole determination of the State. The Contractor agrees to comply with all applicable laws, as such laws may be amended from time to time (including, but not limited to, Chapter 62 of Title 9 of the Vermont Statutes and all applicable State and federal laws, rules or regulations) that require notification in the event of unauthorized release of personally-identifiable information or other event requiring notification. In addition to any other indemnification obligations in this Contract, the Contractor shall fully indemnify and save harmless the State from any costs, loss or damage to the State resulting from a Security Breach or the unauthorized disclosure of State Data by the Contractor, its officers, agents, employees, and subcontractors.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!