Security Incident Response Protocols Sample Clauses

Security Incident Response Protocols. 1.7.1 Immediately upon execution of the contract, [company name] shall provide to the USNH and the campus Information Technology contacts the name and contact information of [company name]’s employee who shall serve as USNH’s primary security contact and shall be available to assist USNH 24 hours per day, 7 days per week in resolving obligations associated with a security breach. 1.7.2 In the event of an information security incident involving the security, confidentiality, integrity, and/or availability of USNH Data or in which USNH Data could have been compromised or subject to unauthorized access (a “Security Incident”) the following steps will be taken: 1.7.2.1 USNH & Campus Notification - [company name] shall immediately notify the USNH and the campus IT contact as soon as practicable but no later than 24 hours after [company name] becomes aware of the Security Incident. The USNH notice shall be sent by email with a read receipt requested to XX.Xxxxxxxx@xxx.xxx. The campus email notice shall be sent to the current contact. 1.7.2.2 Investigation - Immediately following [company name]’s notification to USNH of a Security Incident, the parties shall coordinate to investigate the Security Incident. [company name] agrees to reasonably cooperate with USNH in handling the Security Incident, including (i) assisting with any investigation; (ii) providing USNH with physical access to the facilities and operations relevant to the USNH Data affected; (iii) facilitating interviews with [company name]’s employees and others involved in the Security Incident; and (iv) making available all relevant records, logs, files, data reporting and other materials relating to the Security Incident required to comply with applicable laws, regulations, or as otherwise reasonably required by USNH.
AutoNDA by SimpleDocs

Related to Security Incident Response Protocols

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

  • Security Incident Notification The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.

  • Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.

  • Review Protocol A narrative description of how the Claims Review was conducted and what was evaluated.

  • Security Incidents 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Client Responsibility For clarity, the parties agree that in reviewing the documents referred to in clause (b) above, Patheon’s role will be limited to verifying the accuracy of the description of the work undertaken or to be undertaken by Patheon. Subject to the foregoing, Patheon will not assume any responsibility for the accuracy of any application for receipt of an approval by a Regulatory Authority. The Client is solely responsible for the preparation and filing of the application for approval by the Regulatory Authority and any relevant costs will be borne by the Client.

  • Security Incident “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

  • NOTICE TO MEMBERS REGARDING ATTRIBUTE RESPONSES TIPS VENDORS RESPOND TO ATTRIBUTE QUESTIONS AS PART OF TIPS COMPETITIVE SOLICITATION PROCESS. THE VENDOR’S RESPONSES TO ATTRIBUTE QUESTIONS ARE INCLUDED HEREIN AS “SUPPLIER RESPONSE.” PLEASE BE ADVISED THAT DEVIATIONS, IF ANY, IN VENDOR’S RESPONSE TO ATTRIBUTE QUESTIONS MAY NOT REFLECT VENDOR’S FINAL ATTRIBUTE RESPONSE, WHICH IS SUBJECT TO NEGOTIATIONS PRIOR TO AWARD. PLEASE CONTACT THE TIPS OFFICE AT 866-839- 8477 WITH QUESTIONS OR CONCERNS REGARDING VENDOR ATTRIBUTE RESPONSE DEVIATIONS. PLEASE KEEP IN MIND THAT TIPS DOES NOT PROVIDE LEGAL COUNSEL TO MEMBERS. TIPS RECOMMENDS THAT YOU CONSULT YOUR LEGAL COUNSEL WHEN EXECUTING CONTRACTS WITH OR MAKING PURCHASES FROM TIPS VENDORS. Number: 220105 Addendum 1 Title: Technology Solutions, Products and Services Type: Request for Proposal Issue Date: 1/6/2022 Deadline: 2/18/2022 03:00 PM (CT) Notes: I F YO U ALREAD Y HOL D TIP S CONTRAC T 200105 TECHNOLOGY SOLUTIONS, PRODUCTS AND SERVICES (“200105”) OR 210101 TECHNOLOGY SOLUTIONS, PRODUCTS AND SERVICES ("210101"), YOU DO NOT NEED TO RESPOND TO THIS SOLICITATION UNLESS YOU WISH TO REPLACE 200105 OR 210101 AT THIS TIME. IF YOU HOLD 200105 OR ꞏ TIPS 190103 Web and Cloud Computing Services ꞏ TIPS 181203 Management Software and Services ꞏ TIPS 181204 Notification Systems Address: Region 8 Education Service Center 0000 XX Xxxxxxx 000 Xxxxx Xxxxxxxxx, XX 00000 Phone: +0 (000) 000-0000 Email: xxxx@xxxx-xxx.xxx Address: 000 X XXX 00 Xxxxx 00 Xxxxxxxxxx, XX 00000 Phone: (000) 000-0000 Web Address: xxxxxxxxxxxxx.xxx By submitting your response, you certify that you are authorized to represent and bind your company. If you have not taken exception or deviation to the agreement language in the solicitation attributes, download the AGREEMENT SIGNATURE FORM from the "ATTACHMENTS" tab. This PDF document is a fillable form. Download the document to your computer, fill in the requested company information, print the file, SIGN the form, SCAN the completed and signed AGREEMENT SIGNATURE FORM, and upload here. If you have taken exception to any of the agreement language and noted the exception in the deviations section of the attributes for the agreement, complete the AGREEMENT SIGNATURE FORM, but DO NOT SIGN until those deviations have been negotiated and resolved with TIPS management. Upload the unsigned form here, because this is a required document. All Other Certificates (if applicable) must be scanned and uploaded. If vendor has more than one other certification scan into one document. (PDF Format ONLY) DO NOT UPLOAD encrypted or password protected files. The vendor must download the PRICING SPREADSHEET SHEET from the attachment tab, fill in the requested information and upload the completed spreadsheet. DO NOT UPLOAD encrypted or password protected files.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!