Security Incident Notification and Management Process Sample Clauses

Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis. 13 Business Continuity / Disaster Recovery Plans Application Service Providers must have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) must identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the mutually agreed upon recovery time and point objectives.
Sample 1Sample 2
AutoNDA by SimpleDocs
Security Incident Notification and Management Process. The Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time- tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX).  Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the Contractor’s other customers.  Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  Comply with reasonable requests by the County for onsite physical inspections of the location from which the Contractor provides services.  Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits.  Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis. Business Continuity / Disaster Recovery Plans Third party contractors are required to have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) shall identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the maximum time required to restore service Backup and Restores The Contractor is to provide their Backup and Restore Policy and Procedure which includes their backup data security strategy. These procedures shall allow for protection of encryption keys (if applicable) as well as a document media destruction strategy including media management tasks (i.e., offsite vaulting and librarian duties).
Sample 1
Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must:
Sample 1
Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis.
Sample 1
Security Incident Notification and Management Process. The vendor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor shall: ▪ Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). ▪ Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis. 1 Business Continuity / Disaster Recovery Plans 2 Third party vendors are required to have a viable risk management strategy that is formally 3 documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). .This 5 specific recovery methods and goals, and provide the maximum time required to restore service. 6
Sample 1

Related to Security Incident Notification and Management Process

  • Security Incident Notification The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.

  • Change Management Process If Customer or Oracle requests a change in any of the specifications, requirements, Deliverables, or scope (including drawings and designs) of the Professional Services described in any Statement of Work, the party seeking the change shall propose the applicable changes by written notice. Within forty-eight (48) hours of receipt of the written notice, each party’s project leads shall meet, either in person or via telephone conference, to discuss and agree upon the proposed changes. Oracle will prepare a change order describing the proposed changes to the Statement of Work and the applicable change in fees and expenses, if any (each, a “Change Order”). Change Orders are not binding unless and until they are executed by both parties. Executed Change Orders shall be deemed part of, and subject to, this Addendum. If the parties disagree about the proposed changes, the parties shall promptly escalate the change request to their respective senior management for resolution.

  • Incident Notification Google will notify Customer promptly and without undue delay after becoming aware of a Data Incident, and promptly take reasonable steps to minimize harm and secure Customer Data.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

  • Required Procurement Procedures for Obtaining Goods and Services The Grantee shall provide maximum open competition when procuring goods and services related to the grant-assisted project in accordance with Section 287.057, Florida Statutes.

  • Control Area Notification At least three months before Initial Synchronization Date, Interconnection Customer shall notify Distribution Provider in writing of the Control Area in which the Generating Facility will be located. If Interconnection Customer elects to locate the Generating Facility in a Control Area other than the Control Area in which the Generating Facility is physically located, and if permitted to do so by the relevant transmission tariffs, all necessary arrangements, including but not limited to those set forth in Article 7 and Article 8 of this GIA, and remote Control Area generator interchange agreements, if applicable, and the appropriate measures under such agreements, shall be executed and implemented prior to the placement of the Generating Facility in the other Control Area.

  • Accident Notification If in the course of completing work as part of this Agreement there is an accident that involves the public, CONTRACTOR shall as soon as possible inform the COUNTY of the incident by telephone. CONTRACTOR shall follow up in writing within two (2) business days of the incident. If Law Enforcement was involved and has written a report, CONTRACTOR shall forward a copy of the report to the COUNTY.

  • Amendment Process Requests to amend the Demonstration must be submitted to CMS for approval no later than 120 days prior to the planned date of implementation of the change and may not be implemented until approved. Amendment requests must include, but are not limited to, the following:

  • SECURITY POLICIES AND NOTIFICATIONS State Security Policies and Procedures The Contractor and its personnel shall review and be familiar with all State security policies, procedures and directives currently existing or implemented during the term of the Contract, including ITS Policy NYS-P03-002 Information Security Policy (or successor policy). Security Incidents Contractor shall address any Security Incidents in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy (or successor policy), including the New York State Cyber Incident Reporting Procedures incorporated therein or in such successor policy.

Time is Money Join Law Insider Premium to draft better contracts faster.