Security Incident or Data Breach Notification. Supplier shall inform Customer of any Security Incident or Data Breach a. Supplier may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Contract. If a Security Incident involves Customer Data, Supplier will coordinate with Customer prior to making any such communication. b. Supplier shall report a Security Incident to the Customer identified contact set forth herein within five (5) days of discovery of the Security Incident or within a shorter notice period required by applicable law or regulation (i.e. HIPAA requires notice to be provided within 24 hours). c. Supplier shall: (i) maintain processes and procedures to identify, respond to and analyze Security Incidents; (ii) make summary information regarding such procedures available to Customer at Customer’s request, (iii) mitigate, to the extent practicable, harmful effects of Security Incidents that are known to Supplier; and
Appears in 5 contracts
Samples: Hosting Agreement, Hosting Agreement, Hosting Agreement
Security Incident or Data Breach Notification. Supplier shall inform Customer of any Security Incident or Data Breach.
a. 1. Supplier may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Contract. If a Security Incident involves Customer Data, Supplier will coordinate with Customer prior to making any such communication.
b. 2. Supplier shall report a Security Incident to the Customer identified contact set forth herein within five (5) days of discovery of the Security Incident or within a shorter notice period required by applicable law or regulation (i.e. HIPAA requires notice to be provided within 24 hours).
c. 3. Supplier shall: (i) maintain :
a. Maintain processes and procedures to identify, respond to and analyze Security Incidents; (ii) make ;
b. Make summary information regarding such procedures available to Customer at Customer’s request, (iii) mitigate;
c. Mitigate, to the extent practicable, harmful effects of Security Incidents that are known to Supplier; andand Document all Security Incidents and their outcomes.
4. If Supplier has reasonable belief or actual knowledge of a Data Breach, Supplier shall (1) promptly notify the appropriate Customer identified contact set forth
Appears in 1 contract
Samples: Participating Addendum