Common use of Security Incident Response Plan Clause in Contracts

Security Incident Response Plan. The Grantee must develop and implement a Security Incident Response Plan that provides a coordinated approach to security incidents. The plan must contain a comprehensive approach to how the Grantee would respond to a security breach or suspicion of unauthorized access. A Security Incident Response Plan must be submitted within twenty (20) business days after effective date of the contract. On-going plan updates and changes shall be submitted to HHSC for approval at least thirty (30) business days before a change becomes effective. The Security Incident Response Plan: A security incident is defined as an occurrence that actually or potentially jeopardizes confidentiality, integrity, or availability of the Grantee's information system and/or HHSC confidential information. The plan must include but is not limited to the following: A. Provides the organization with a roadmap for implementing its incident response capability; B. Describes the structure and organization of the incident response capability; C. Provides a high-level approach for how the incident response capability fits into the overall Grantee’s organization; D. Meets the unique requirements of the Grantee’s organization, which relate to mission, size, structure, and functions; E. Defines reportable incidents; F. Provides metrics for measuring the incident response capability within the organization; G. Defines the resources and management support needed to effectively maintain an incident response capability; H. Is reviewed and approved by designated officials within Grantee’s organization; I. Reviews the incident response plan as significant changes occur in the environment; and J. Updates the incident response plan to address system organizational changes or problems encountered during plan implementation, execution, or testing.

Security Incident Response Plan. The Grantee must develop and implement a Security Incident Response Plan that provides a coordinated approach to security incidents. The plan must contain a comprehensive approach to how the Grantee would respond to a security breach or suspicion of unauthorized access. A Security Incident Response Plan must be submitted within twenty (20) business days after effective date of the contract. On-going plan updates and changes shall be submitted to HHSC for approval at least thirty (30) business days before a change becomes effective. The Security Incident Response Plan: A security incident is defined as an occurrence that actually or potentially jeopardizes confidentiality, integrity, or availability of the Grantee's information system and/or HHSC confidential information. The plan must include but is not limited to the following: A. Provides the organization with a roadmap for implementing its incident response capability; B. Describes the structure and organization of the incident response capability; C. Provides a high-level approach for how the incident response capability fits into the overall Grantee’s organization; D. Meets the unique requirements of the Grantee’s organization, which relate to mission, size, structure, and functions; E. Defines reportable incidents; F. Provides metrics for measuring the incident response capability within the organization; G. Defines the resources and management support needed to effectively maintain an incident response capability; H. Is reviewed and approved by designated officials within Grantee’s organization; I. Reviews the incident response plan as significant changes occur in the environment; and J. X. Updates the incident response plan to address system organizational changes or problems encountered during plan implementation, execution, or testing.

Security Incident Response Plan. The I. Grantee must will develop and implement a Security Incident Response Plan that provides a coordinated approach to security incidents. The plan must contain a comprehensive approach to how the Grantee would will respond to a security breach incident or suspicion of unauthorized access. A Security Incident Response Plan must be submitted within twenty (20) 20 business days after effective date of the contractOperational Start Date . On-going Ongoing plan updates and changes shall be submitted to HHSC for approval at least thirty (30) 30 business days before a change becomes effective. The Security Incident Response Plan: : II. A security incident is defined as an occurrence that actually or potentially jeopardizes confidentiality, integrity, or availability of the Grantee's information system and/or HHSC confidential information. The plan Security Incident Response Plan must include include, but is not limited to to, the following: A. a. Provides the organization Grantee with a roadmap for implementing its incident response capability; B. b. Describes the structure and organization of the incident response capability; C. c. Provides a high-level approach for how the incident response capability fits into the overall Grantee’s organization; D. d. Meets the unique requirements of the Grantee’s organization, which relate to mission, size, structure, and functions; E. e. Defines reportable incidents; F. f. Provides metrics for measuring the incident response capability within the organization; G. g. Defines the resources and management support needed to effectively maintain an incident response capability; H. h. Is reviewed and approved by designated officials within Grantee’s organization; I. i. Reviews the incident response plan as significant changes occur in the environment; and J. j. Updates the incident response plan to address system organizational changes or problems encountered during plan implementation, execution, or testing.