Security Incident Response Plan. The Grantee must develop and implement a Security Incident Response Plan that provides a coordinated approach to security incidents. The plan must contain a comprehensive approach to how the Grantee would respond to a security breach or suspicion of unauthorized access. A Security Incident Response Plan must be submitted within twenty (20) business days after effective date of the contract. On-going plan updates and changes shall be submitted to HHSC for approval at least thirty (30) business days before a change becomes effective. The Security Incident Response Plan: A security incident is defined as an occurrence that actually or potentially jeopardizes confidentiality, integrity, or availability of the Grantee's information system and/or HHSC confidential information. The plan must include but is not limited to the following:
A. Provides the organization with a roadmap for implementing its incident response capability;
B. Describes the structure and organization of the incident response capability;
C. Provides a high-level approach for how the incident response capability fits into the overall Grantee’s organization;
D. Meets the unique requirements of the Grantee’s organization, which relate to mission, size, structure, and functions;
E. Defines reportable incidents;
F. Provides metrics for measuring the incident response capability within the organization;
G. Defines the resources and management support needed to effectively maintain an incident response capability;
H. Is reviewed and approved by designated officials within Grantee’s organization;
I. Reviews the incident response plan as significant changes occur in the environment; and
J. Updates the incident response plan to address system organizational changes or problems encountered during plan implementation, execution, or testing.
Security Incident Response Plan. Provider maintains a security incident response policy and related plan and procedures which address the measures that Provider will take in the event of loss of control, theft, unauthorized disclosure, unauthorized access, or unauthorized acquisition of Personal Data. These measures may include incident analysis, containment, response, remediation, reporting, and the return to normal operations.
Security Incident Response Plan. Bluecore has a comprehensive security incident response plan that outlines responsibilities and actions to be performed in the event of a breach of security, both physical and informational. The plan, which is closely modeled after Bluecore’s non-security incident triage process, includes step-by-step procedures for denial of service situations, malicious code exposure, unauthorized access and inappropriate usage. Guidance for incident participants, based on company role, is detailed within the plan. The plan includes an incident runback, documentation requirements and guidance on forensic matters as well as communication plans.
Security Incident Response Plan. Business Associate will maintain a formal incident response plan, which shall, at minimum, address detecting, analyzing, prioritizing and handling security incidents. Business Associate will review and update as appropriate its incident response plan annually. Business Associate shall document security incidents and their outcomes.
Security Incident Response Plan. The Grantee must develop and implement a Security Incident Response Plan that provides a coordinated approach to security incidents. The plan must contain a comprehensive approach to how the Grantee would respond to a security breach or suspicion of unauthorized access. A Security Incident Response Plan must be submitted within twenty
Security Incident Response Plan. Arista maintains a security incident response policy and related plan and procedures which address the measures that Arista will take in the event of loss of control, theft, unauthorized disclosure, unauthorized access, or unauthorized acquisition of personal data. These measures may include incident analysis, containment, response, remediation, reporting and the return to normal operations.
Security Incident Response Plan. Clever has an information security incident management protocol to detect, assess, mitigate and respond to security incidents and threats. If Clever believes that there has been unauthorized acquisition or disclosure that compromises the security, integrity or confidentiality of a customer’s personal information, we will take all necessary steps to notify the affected customers of the incident as quickly as possible, and in no case greater than two business days after we learn of the breach. Once the communication has been drafted and finalized, within 72 hours of discovery of the incident in the absence of any statutes or custom agreements, we will use Clever’s standard outgoing email systems to send the email to the address associated with the Clever district account owner. To the extent known, this notice will identify (i) the nature of the Security Incident, (ii) the steps we have executed to investigate the Security Incident, (iii) the type of personal information affected, (iv) the cause of the Security Incident, if known, (v) the actions we have taken or will take to remediate any deleterious effects of the Security Incident, and (vi) any corrective actions we have taken or will take to prevent a future Security Incident. If the incident triggers any third party notice requirements under applicable laws, Clever will comply with its notification obligations under applicable law and the terms of its contractual agreement with the customer.
1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
2) Parents have the right to inspect and review the complete contents of their child's education record.
3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to encryption, firewalls, and password protection, must be in place when data is stored or transferred.
4) A complete list of all student data elements collected by New York State is available for public review at the following website xxxx://xxx.xxxxx.xxx/student-dataprivacy/student-data- inventory or by writing to the Office of Information and Reporting Services, New York State Education Department, Room 865 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to Privacy Complaint, Chief...
Security Incident Response Plan. Xxxxx maintains a security incident response policy and related plan and procedures which address the measures that Expel will take in the event of loss of control, theft, unauthorized disclosure, unauthorized access, or unauthorized use or acquisition of personal data. These measures may include incident analysis, containment, response, remediation, reporting and the return to normal operations.
Security Incident Response Plan. ISONAS shall develop, implement and maintain a written plan and process for preventing, detecting, identifying, reporting,
Security Incident Response Plan. The trust PCI Security Incident Response Team (PCI Response Team) is comprised of the Information Security Officer and Merchant Services. The trust PCI security incident response plan is as follows:
