Common use of Security Incident Response, Management and Reporting Clause in Contracts

Security Incident Response, Management and Reporting. Third Party/Supplier must have security incident (e.g., exposure, br each, theft, etc.) management and response procedures that allow for reasonable de tection, investigation, response, mitigation and notification of events that involve a threat to the conf identiality, integrity and/or availability of Information when Third Party/Supplier has Information belonging to or entrusted to Lilly that resides outside Lilly’s environment and/or when the Third Party/Supplier has a remote access connection to Lilly’s environment. The incident response and management procedures must be documented, tested, and reviewed at least annually. Lilly shall have the op tion to review such procedures upon request. Third Party/Supplier shall notify Lilly within 24 hour s of suspected or known security incidents that have potential impact to Information. In addition, Third Party/Supplier shal l have a documented process, with defined Lilly and Third Party/Supplier contacts, to ensure compliance with this notification requirement. The Third Party/Supplier shall fully cooperate with Lilly to understand the situation, root cause and determine necessary remediation in the event of a, actual or suspected security incident.

Security Incident Response, Management and Reporting. Third Party/Supplier must have security incident (e.g., exposure, br each, theft, etc.) management and response procedures that allow for reasonable de tection, investigation, response, mitigation and notification of events that involve a threat to the conf identiality, integrity and/or availability of Information when Third Party/Supplier has Information belonging to or entrusted to Lilly that resides outside Lilly’s environment and/or when the Third Party/Supplier has a remote access connection to Lilly’s environment. The incident response and management procedures must be documented, tested, and reviewed at least annually. Lilly shall have the havx xxx op tion to review such procedures upon request. Third Party/Supplier shall notify Lilly within 24 hour s of suspected or known security incidents that have potential impact to Information. In addition, Third Party/Supplier shal l have a documented process, with defined Lilly and Third Party/Supplier contacts, to ensure compliance with this notification requirement. The Third Party/Supplier shall fully cooperate with Lilly to understand undersxxxx the situation, root cause and determine necessary remediation in the event of a, actual or suspected security incident.

Security Incident Response, Management and Reporting. Third Party/Supplier must have security incident (e.g., exposure, br eachbreach, theft, etc.) management and response procedures that allow for reasonable de tectiondetection, investigation, response, mitigation and notification of events that involve a threat to the conf identialityconfidentiality, integrity and/or availability of Information when Third Party/Supplier has Information belonging to or entrusted to Lilly that resides outside Lilly’s environment and/or when the Third Party/Supplier has a remote access connection to Lilly’s environment. The incident response and management procedures must be documented, tested, and reviewed at least annually. Lilly Xxxxx shall have the op tion to review such procedures upon request. Third Party/Supplier shall notify Lilly within 24 hour s hours of suspected or known security incidents that have potential impact to Information. In addition, Third Party/Supplier shal l shall have a documented process, with defined Lilly and Third Party/Supplier contacts, to ensure compliance with this notification requirement. The Third Party/Supplier shall fully cooperate with Lilly Xxxxx to understand the situation, root cause and determine necessary remediation in the event of a, actual or suspected security incident.