Security Incident Notification and Management Process Sample Clauses

Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis. Application Service Providers must have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) must identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the mutually agreed upon recovery time and point objectives.
Sample 1Sample 2
AutoNDA by SimpleDocs
Security Incident Notification and Management Process. The vendor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor shall: ▪ Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). ▪ Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the vendor’s other customers. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to ISO or SOX audits. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis. 1 Business Continuity / Disaster Recovery Plans 2 Third party vendors are required to have a viable risk management strategy that is formally 3 documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). .This 5 specific recovery methods and goals, and provide the maximum time required to restore service. 6
Sample 1Sample 2
Security Incident Notification and Management Process. The vendor shall provide a 12 detailed document that outlines the contact names and order and escalation of events that will 13 occur in the case of a security breach concerning County staff, data, or systems. This 14 document shall be updated immediately upon any change. The vendor shall be held liable to 15 the time-tables and protections outlined in the document. 16
Sample 1
Security Incident Notification and Management Process. The Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  Comply with all legal and regulatory requirements as they relate to the County’s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX).  Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the Contractor’s other customers.  Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  Comply with reasonable requests by the County for onsite physical inspections of the location from which the Contractor provides services.  Provide the County with any annual audit summaries and certifications, including but not limited to International Organization for Standardization (ISO) or SOX audits.  Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis. Third party vendors are required to have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) shall identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the maximum time required to restore service The Contractor is to provide its Backup and Restore Policy and Procedure which includes its backup data security strategy. These procedures shall allow for protection of encryption keys (if applicable) as well as a document media destruction strategy including media management tasks (i.e., offsite vaulting and librarian duties).
Sample 1
Security Incident Notification and Management Process. The Contractor shall provide a detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning County staff, data, or systems. This document shall be updated immediately upon any change. The Contractor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the Contractor shall:  Comply with all legal and regulatory requirements as they relate to the County‟s systems and data. These include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), SB1386 compliance, Payment Card Industry (PCI) Data Security Standards, and Xxxxxxxx-Xxxxx (SOX). County of Orange Health Care Agency 37 MA-042-10013343 Orange CountyMedical Emergency Data System  Bear the cost of compliance for changed security policies and procedures, unless such change is either unique to the County or customarily paid for by the Contractor‟s other customers.  Comply with reasonable requests by the County for audits of security measures, including those related to ID and password administration.  Comply with reasonable requests by the County for onsite physical inspections of the location from which the Contractor provides services.  Provide the County with any annual audit summaries and certifications, including but not limited to International Organization for Standardization (ISO) or SOX audits.  Designate a single point of contact to facilitate all IT security activities related to services provided to the County. Such contact shall be available on a 7/24/365 basis. Third party vendors are required to have a viable risk management strategy that is formally documented in a Business Continuity Plan (BCP) and/or a Disaster Recovery Plan (DRP). This BCP/DRP plan(s) shall identify recovery strategies within the application service areas, outline specific recovery methods and goals, and provide the maximum time required to restore service The Contractor is to provide its Backup and Restore Policy and Procedure which includes its backup data security strategy. These procedures shall allow for protection of encryption keys (if applicable) as well as a document media destruction strategy including media management tasks (i.e., offsite vaulting and librarian duties).
Sample 1
Security Incident Notification and Management Process. A detailed document that outlines the contact names and order and escalation of events that will occur in the case of a security breach concerning the County staff, data, or systems. This document must be updated immediately upon any change. The vendor shall be held liable to the time-tables and protections outlined in the document. In addition to developing, maintaining, and enforcing the above named policies, the vendor must: ▪ Bear the cost of compliance for any required changes to security infrastructure, policies and procedures to comply with existing regulations, unless such change is unique to the County. ▪ Comply with reasonable requests by the County for audits of security measures, including those related to identification and password administration. ▪ Comply with reasonable requests by the County for onsite physical inspections of the location from which the vendor provides services. ▪ Provide the County with any annual audit summaries and certifications, including but not limited to HIPAA, ISO or SOX audits, as applicable. ▪ Designate a single point of contact to facilitate all IT security activities related to services provided to the County, with the allowance of appropriate backups. Such contact(s) must be available on a 7/24/365 basis.
Sample 1

Related to Security Incident Notification and Management Process

  • Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

  • Procurement procedures 11.1 The Recipient must secure the best value for money and shall act in a fair, open and non-discriminatory manner in all purchases of goods and services.

  • Payment Process Subject to the terms and conditions established by the Agreement, the pricing per deliverable established by the Grant Work Plan, and the billing procedures established by Department, Department agrees to pay Grantee for services rendered in accordance with Section 215.422, Florida Statutes (F.S.).

  • Access Toll Connecting Trunk Group Architecture 9.2.1 If CSTC chooses to subtend a Verizon access Tandem, CSTC’s NPA/NXX must be assigned by CSTC to subtend the same Verizon access Tandem that a Verizon NPA/NXX serving the same Rate Center Area subtends as identified in the LERG. 9.2.2 CSTC shall establish Access Toll Connecting Trunks pursuant to applicable access Tariffs by which it will provide Switched Exchange Access Services to Interexchange Carriers to enable such Interexchange Carriers to originate and terminate traffic to and from CSTC’s Customers. 9.2.3 The Access Toll Connecting Trunks shall be two-way trunks. Such trunks shall connect the End Office CSTC utilizes to provide Telephone Exchange Service and Switched Exchange Access to its Customers in a given LATA to the access Tandem(s) Verizon utilizes to provide Exchange Access in such LATA. 9.2.4 Access Toll Connecting Trunks shall be used solely for the transmission and routing of Exchange Access to allow CSTC’s Customers to connect to or be connected to the interexchange trunks of any Interexchange Carrier which is connected to a Verizon access Tandem.

  • Project Management Plan 3.2.1 Developer is responsible for all quality assurance and quality control activities necessary to manage the Work, including the Utility Adjustment Work. Developer shall undertake all aspects of quality assurance and quality control for the Project and Work in accordance with the approved Project Management Plan, Good Industry Practice and applicable Law. 3.2.2 Developer shall develop the Project Management Plan and its component parts, plans and other documentation in accordance with the requirements set forth in Section 1.5.2.5

  • PROFESSIONAL DEVELOPMENT AND EDUCATIONAL IMPROVEMENT A. The Board of Education agrees to pay the actual tuition costs of courses taken by a teacher at accredited colleges or universities up to three courses per two (2) year fiscal periods from July 1, 2006 to June 30, 2008 and July 1, 2008 to June 30, 2010 respectively, except as follows: 1. No teacher may be reimbursed for courses taken during the first year of teaching in Vineland. 2. Teachers taking courses in the second and third years of employment in Vineland will not receive remuneration until tenure has been secured. The remuneration will then be retroactive and will be paid to the teacher in a lump sum within sixty (60) days after the teacher has secured tenure. 3. All courses must be pre-approved by the Superintendent or his designee subject to the following requirements: (a) A teacher must provide official documentation that he/she has obtained a grade of B or better; (b) Reimbursement shall be paid only for courses directly related to teacher’s teaching field which increase the teacher’s content knowledge and are related to the teacher’s current certification, as determined by the Superintendent or his/her designee in his/her sole discretion; no reimbursement shall be paid for courses leading to a post graduate or professional degree in a field other than education or teaching. Further, effective September 1, 2010, all newly hired teachers shall not be eligible for reimbursement until they are tenured, and they shall not be eligible for retroactive reimbursement upon gaining tenure for courses taken prior to being tenured. (c) The maximum total payments to be made by the Board shall not exceed $130,000.00. Courses shall be applied for no earlier than the following dates: Summer Session - April 1 Fall/Winter Session - June 1 Spring Session - October 1 Courses must, as set forth hereinabove in this sub-article 18.A.3, be pre-approved by the Superintendent or his designee, prior to the teacher commencing the course(s); and (d) Teacher taking courses shall sign a contract requiring them to reimburse the Board for all tuition paid for a course if the teacher shall voluntarily leave the employ of the Board within one (1) full school/academic year of completion of said course, except that reimbursement shall not be required when the teacher shall voluntarily leave the employ of the Board due to a significant, documented life change. 4. Tuition reimbursement costs shall be a sum not to exceed the actual cost of college credits charged in an accredited public State college/University of the State of New Jersey. B. When the Superintendent initiates in-service training courses, workshops, conferences and programs designed to improve the quality of instruction, the cooperation of the Vineland Education Association will be solicited. Notwithstanding the above, the initiation of in-service training courses, workshops, conferences and programs shall be determined solely at the discretion of the Board. C. One professional leave day may be granted to a teacher upon request, according to the following guidelines: 1. The professional day may be for attendance at a workshop, seminar or visit to another school for the expressed purpose of self professional improvement for the job. 2. The request shall arrive in the office of the Superintendent of Schools at least ten (10) working days prior to the date requested and shall be reviewed by the immediate supervisor prior to submission. The Board reserves the right to deny a professional leave day before or immediately following a holiday or on a day which by its nature suggests a hardship for providing a substitute. 3. No more than two teachers from any one elementary school or from any one department in the secondary schools may be granted a professional leave for a given day. 4. The teacher may be required to submit a report to the Superintendent of Schools, Assistant Superintendent, supervisor (s), principal and staff regarding the activity of the professional day. 5. Costs incurred by the teacher for the professional day authorized under this Section shall be the teacher’s responsibility. 6. A maximum of 90 professional leave days may be authorized for the school year which shall be apportioned as follows: elementary, 35; grades seven and eight, 20; and high school, 35. D. If the Board initiates a teacher’s attendance at a professional workshop, seminar or visit, the expenses shall be the responsibility of the Board. Further, this day shall not be subtracted from the 90 professional leave days granted to teachers of the Association. E. The Board agrees to pay the full cost of courses taken by secretaries related to skills and knowledge improvement when such courses are required and approved by the Board. F. The Board and the Association agree that it is important to communicate when developing and implementing current and future learning technologies, including but not limited to distance and on-line learning.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Project Management and Coordination The Engineer shall coordinate all subconsultant activity to include quality of and consistency of work and administration of the invoices and monthly progress reports. The Engineer shall coordinate with necessary local entities.

  • Review Process A/E's Work Product will be reviewed by County under its applicable technical requirements and procedures, as follows:

  • COMPLAINT PROCEDURES CONTRACTOR shall maintain and adhere to its written procedures for responding to parent complaints. These procedures shall include annually notifying and providing parents of LEA students with appropriate information (including complaint forms) for the following: (1) Uniform Complaint Procedures pursuant to Title 5 of the California Code of Regulations section 4600 et seq.; (2) Nondiscrimination policy pursuant to Title 5 of the California Code of Regulations section 4960 (a); (3) Sexual Harassment Policy, California Education Code 231.5 (a) (b) (c); (4) Title IX Pupil Grievance Procedure, Title IX 106.8 (a) (d) and 106.9 (a); and (5) Notice of Privacy Practices in compliance with Health Insurance Portability and Accountability Act (HIPAA), if applicable. CONTRACTOR shall include verification of these procedures to the LEA upon request. CONTRACTOR shall immediately notify LEA of any complaints filed against it related to LEA students and provide LEA with all documentation related to the complaints and/or its investigation of complaints, including any and all reports generated as a result of an investigation.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!