{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "unauthorized-access", "type": "definition", "offset": [54, 73]}, {"key": "destruction-of-information", "type": "definition", "offset": [109, 135]}, {"key": "system-operations", "type": "clause", "offset": [157, 174]}, {"key": "information-system", "type": "clause", "offset": [181, 199]}], "snippet": "\u201cSecurity Incident\u201d means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.", "samples": [{"hash": "bKTR551B1ON", "uri": "/contracts/bKTR551B1ON#security-incident", "label": "Payer Participation Agreement", "score": 35.4456863403, "published": true}, {"hash": "3UODRzAZXFH", "uri": "/contracts/3UODRzAZXFH#security-incident", "label": "Payer Participation Agreement", "score": 35.3599739075, "published": true}, {"hash": "dS9P7IOadQy", "uri": "/contracts/dS9P7IOadQy#security-incident", "label": "Hie Participation Agreement", "score": 35.3353118896, "published": true}], "size": 219, "hash": "5233421229ecb5a68f0218e79e650801", "id": 1}, {"snippet_links": [{"key": "unauthorized-access", "type": "definition", "offset": [59, 78]}, {"key": "destruction-of-information", "type": "definition", "offset": [114, 140]}, {"key": "systems-operations", "type": "definition", "offset": [162, 180]}, {"key": "information-system", "type": "clause", "offset": [187, 205]}, {"key": "daily-basis", "type": "definition", "offset": [260, 271]}, {"key": "computer-networks", "type": "clause", "offset": [342, 359]}, {"key": "by-business-associate", "type": "clause", "offset": [382, 403]}, {"key": "security-rule", "type": "clause", "offset": [407, 420]}, {"key": "the-standards", "type": "clause", "offset": [449, 462]}, {"key": "protection-of", "type": "definition", "offset": [471, 484]}, {"key": "electronic-protected-health-information", "type": "definition", "offset": [485, 524]}, {"key": "cfr-part", "type": "clause", "offset": [531, 539]}, {"key": "part-164", "type": "clause", "offset": [548, 556]}], "snippet": "\u201cSecurity Incident\u201d shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system, but does not include minor incidents that occur on a daily basis, such as scans, \u201cpings\u201d, or unsuccessful random attempts to penetrate computer networks or servers maintained by Business Associate i. Security Rule. \u201cSecurity Rule\u201d shall mean the Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.", "samples": [{"hash": "7m4IPLy1rXv", "uri": "/contracts/7m4IPLy1rXv#security-incident", "label": "Service Agreement", "score": 21.1998634338, "published": true}, {"hash": "KZHZ5HqdqY", "uri": "/contracts/KZHZ5HqdqY#security-incident", "label": "Imaging Services Agreement", "score": 21.0, "published": true}, {"hash": "jetmYshqVui", "uri": "/contracts/jetmYshqVui#security-incident", "label": "Service Agreement", "score": 20.3011112213, "published": true}], "size": 51, "hash": "cf27d110c2f17a76a230955e613fee32", "id": 4}, {"snippet_links": [{"key": "same-meaning", "type": "clause", "offset": [35, 47]}, {"key": "the-term", "type": "clause", "offset": [51, 59]}], "snippet": "\u201cSecurity Incident\u201d shall have the same meaning as the term \u201csecurity incident\u201d in 45 CFR \u00a7164.304.", "samples": [{"hash": "ckccXEZtWHu", "uri": "/contracts/ckccXEZtWHu#security-incident", "label": "Business Associate Agreement", "score": 35.4217376709, "published": true}, {"hash": "6NGa8MsNmKq", "uri": "/contracts/6NGa8MsNmKq#security-incident", "label": "Employee Benefits Fee for Services Agreement", "score": 34.6211395264, "published": true}, {"hash": "bbz2d12gdTi", "uri": "/contracts/bbz2d12gdTi#security-incident", "label": "Business Associate Agreement", "score": 32.4558830261, "published": true}], "size": 167, "hash": "345bd6bc7ca3828b47fb314c7527ca6f", "id": 2}, {"snippet_links": [{"key": "the-act", "type": "clause", "offset": [0, 7]}, {"key": "security-policy", "type": "definition", "offset": [44, 59]}, {"key": "access-to", "type": "definition", "offset": [136, 145]}, {"key": "its-data", "type": "definition", "offset": [158, 166]}, {"key": "denial-of-service", "type": "definition", "offset": [191, 208]}, {"key": "unauthorized-use", "type": "definition", "offset": [214, 230]}, {"key": "the-processing", "type": "clause", "offset": [247, 261]}, {"key": "storage-of-data", "type": "clause", "offset": [265, 280]}, {"key": "system-hardware", "type": "definition", "offset": [297, 312]}, {"key": "the-owner", "type": "definition", "offset": [360, 369]}, {"key": "loss-of-data", "type": "definition", "offset": [430, 442]}, {"key": "the-data", "type": "clause", "offset": [592, 600]}, {"key": "at-risk", "type": "definition", "offset": [601, 608]}, {"key": "adverse-events", "type": "definition", "offset": [680, 694]}, {"key": "electrical-outages", "type": "clause", "offset": [718, 736]}, {"key": "excessive-heat", "type": "clause", "offset": [742, 756]}, {"key": "matching-agreement", "type": "definition", "offset": [797, 815]}, {"key": "agreement-no", "type": "clause", "offset": [817, 829]}], "snippet": "The act of violating an explicit or implied security policy, which includes attempts (either failed or successful) to gain unauthorized access to a system or its data, unwanted disruption or denial of service, the unauthorized use of a system for the processing or storage of data; and changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent. Incidents include the loss of data through theft or device misplacement, loss or misplacement of hardcopy documents, and misrouting of mail, all of which may have the potential to put the data at risk of unauthorized access, use, disclosure, modification, or destruction. Adverse events such as floods, fires, electrical outages, and excessive heat are not considered incidents. (Computer Matching Agreement, Agreement No. 2013-11, p.5.)", "samples": [{"hash": "abl38eS7yBc", "uri": "/contracts/abl38eS7yBc#security-incident", "label": "CCSB Agency Agreement", "score": 36.1152229309, "published": true}, {"hash": "h5i1L0QTkfG", "uri": "/contracts/h5i1L0QTkfG#security-incident", "label": "Scope of Work Agreement", "score": 36.103187561, "published": true}, {"hash": "42k8szd3mKx", "uri": "/contracts/42k8szd3mKx#security-incident", "label": "Standard Services Agreement", "score": 35.2479972839, "published": true}], "size": 17, "hash": "96d2634df56cf3256c668c230ed39005", "id": 7}, {"snippet_links": [{"key": "unauthorized-access", "type": "definition", "offset": [51, 70]}, {"key": "destruction-of-phi", "type": "clause", "offset": [106, 124]}, {"key": "in-any-form", "type": "definition", "offset": [142, 153]}, {"key": "system-operations", "type": "clause", "offset": [175, 192]}, {"key": "information-system", "type": "clause", "offset": [199, 217]}], "snippet": "or Incident shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI or PII contained in any form or interference with system operations in an information system that contains PHI or PII.", "samples": [{"hash": "5Obxn6HoofH", "uri": "/contracts/5Obxn6HoofH#security-incident", "label": "Grant Contract", "score": 27.9158115387, "published": true}, {"hash": "7FXjO70n8kj", "uri": "/contracts/7FXjO70n8kj#security-incident", "label": "Contract", "score": 27.6160163879, "published": true}, {"hash": "9EHIringYvv", "uri": "/contracts/9EHIringYvv#security-incident", "label": "Contract", "score": 27.5065021515, "published": true}], "size": 20, "hash": "29d80fe183f7f4c986665e066b0de05d", "id": 6}, {"snippet_links": [{"key": "claim-of-infringement", "type": "clause", "offset": [5, 26]}, {"key": "supplier-will", "type": "clause", "offset": [36, 49]}, {"key": "for-buyer", "type": "clause", "offset": [148, 157]}, {"key": "the-rights-granted", "type": "clause", "offset": [158, 176]}, {"key": "the-product", "type": "clause", "offset": [204, 215]}, {"key": "in-compliance-with", "type": "definition", "offset": [244, 262]}, {"key": "replace-the", "type": "clause", "offset": [278, 289]}, {"key": "comply-with", "type": "clause", "offset": [328, 339]}, {"key": "cancellation-of-the", "type": "clause", "offset": [378, 397]}, {"key": "infringing-product", "type": "definition", "offset": [398, 416]}, {"key": "amount-paid", "type": "definition", "offset": [432, 443]}, {"key": "limitation-of-liability", "type": "definition", "offset": [445, 468]}, {"key": "to-the-extent", "type": "clause", "offset": [470, 483]}, {"key": "local-law", "type": "clause", "offset": [497, 506]}, {"key": "in-no-event-will", "type": "clause", "offset": [508, 524]}, {"key": "lost-revenues", "type": "clause", "offset": [567, 580]}, {"key": "lost-profits", "type": "definition", "offset": [582, 594]}, {"key": "punitive-damages", "type": "clause", "offset": [644, 660]}, {"key": "in-no-event-shall", "type": "clause", "offset": [662, 679]}, {"key": "amount-of-fees", "type": "clause", "offset": [727, 741]}, {"key": "actually-paid", "type": "definition", "offset": [742, 755]}], "snippet": "If a claim of infringement is made, Supplier will, at its own expense, exercise the first of the following remedies that is practicable: (i) obtain for Buyer the rights granted under this PO; (ii) modify the product so it is non-infringing and in compliance with this PO; (iii) replace the product with non-infringing ones that comply with this PO; or (iv) accept the return or cancellation of the infringing product and refund any amount paid. Limitation of liability: To the extent permitted by local law, in no event will Buyer or its affiliates be liable for any lost revenues, lost profits, incidental, indirect, consequential, special or punitive damages. In no event shall Buyer\u2019s liability to Supplier exceed the total amount of fees actually paid by \u2587\u2587\u2587\u2587\u2587 to Supplier hereunder.", "samples": [{"hash": "2fMnQtBvp4H", "uri": "/contracts/2fMnQtBvp4H#security-incident", "label": "Purchase Order", "score": 33.5851821899, "published": true}, {"hash": "e85VLWVEFYb", "uri": "/contracts/e85VLWVEFYb#security-incident", "label": "Purchase Order", "score": 33.2889404297, "published": true}, {"hash": "cb5ooYzPKYa", "uri": "/contracts/cb5ooYzPKYa#security-incident", "label": "Purchase Order", "score": 33.2451515198, "published": true}], "size": 56, "hash": "fcc0350919079f4b8800c7ad4ca6ada4", "id": 3}, {"snippet_links": [{"key": "without-undue-delay", "type": "definition", "offset": [52, 71]}, {"key": "the-security", "type": "clause", "offset": [96, 108]}, {"key": "reasonable-steps-to-mitigate", "type": "clause", "offset": [131, 159]}, {"key": "resulting-from-the", "type": "clause", "offset": [199, 217]}], "snippet": "AWS will (a) notify Customer of a Security Incident without undue delay after becoming aware of the Security Incident, and b) take reasonable steps to mitigate the effects and to minimise any damage resulting from the Security Incident.", "samples": [{"hash": "l7EbxemirG2", "uri": "/contracts/l7EbxemirG2#security-incident", "label": "Data Processing Addendum", "score": 35.5312995911, "published": true}, {"hash": "6uqD5CqvHO3", "uri": "/contracts/6uqD5CqvHO3#security-incident", "label": "Data Processing Addendum", "score": 31.7934398651, "published": true}, {"hash": "fC9U7Hh9the", "uri": "/contracts/fC9U7Hh9the#security-incident", "label": "Data Processing Addendum", "score": 29.384557724, "published": true}], "size": 22, "hash": "07fa73da76e7e144862587a9a3bdaf5c", "id": 5}, {"snippet_links": [{"key": "for-purposes-of-this", "type": "clause", "offset": [0, 20]}, {"key": "computer-systems", "type": "clause", "offset": [85, 101]}, {"key": "unauthorized-activity", "type": "definition", "offset": [194, 215]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [221, 267]}, {"key": "security-incident-handling", "type": "clause", "offset": [313, 339]}, {"key": "for-more-information", "type": "clause", "offset": [348, 368]}], "snippet": "For purposes of this Attachment, security incident shall mean any event resulting in computer systems, networks, or data being viewed, manipulated, damaged, destroyed or made inaccessible by an unauthorized activity. See National Institute of Standards and Technology (NIST) Special Publication 800-61, \"Computer Security Incident Handling Guide,\u201d for more information.", "samples": [{"hash": "2E76JJlZU3A", "uri": "/contracts/2E76JJlZU3A#security-incident", "label": "Standard Contract (Wellcare Health Plans, Inc.)", "score": 23.4996585846, "published": true}, {"hash": "lgWG0W8pvr2", "uri": "/contracts/lgWG0W8pvr2#security-incident", "label": "Standard Contract (Wellcare Health Plans, Inc.)", "score": 21.0, "published": true}, {"hash": "jGwaj8Ti64h", "uri": "/contracts/jGwaj8Ti64h#security-incident", "label": "Standard Contract (Wellcare Health Plans, Inc.)", "score": 21.0, "published": true}], "size": 14, "hash": "5791ac57114257d4dca5a14dbba273b9", "id": 8}, {"snippet_links": [{"key": "claim-of-infringement", "type": "clause", "offset": [5, 26]}, {"key": "supplier-will", "type": "clause", "offset": [36, 49]}, {"key": "for-buyer", "type": "clause", "offset": [148, 157]}, {"key": "the-rights-granted", "type": "clause", "offset": [158, 176]}, {"key": "the-product", "type": "clause", "offset": [204, 215]}, {"key": "in-compliance-with", "type": "definition", "offset": [244, 262]}, {"key": "replace-the", "type": "clause", "offset": [278, 289]}, {"key": "comply-with", "type": "clause", "offset": [328, 339]}], "snippet": "If a claim of infringement is made, Supplier will, at its own expense, exercise the first of the following remedies that is practicable: (i) obtain for Buyer the rights granted under this PO; (ii) modify the product so it is non-infringing and in compliance with this PO; (iii) replace the product with non-infringing ones that comply with this PO; or", "samples": [{"hash": "hAEttR1fjCI", "uri": "/contracts/hAEttR1fjCI#security-incident", "label": "Purchase Order", "score": 22.2642021179, "published": true}, {"hash": "7CvrPIYkHDi", "uri": "/contracts/7CvrPIYkHDi#security-incident", "label": "Purchase Order", "score": 21.332649231, "published": true}, {"hash": "lY9qn7KuoJE", "uri": "/contracts/lY9qn7KuoJE#security-incident", "label": "Purchase Order", "score": 21.2970561981, "published": true}], "size": 11, "hash": "180e82a5613c5310c24dcfb61f05c77b", "id": 10}, {"snippet_links": [{"key": "access-to", "type": "definition", "offset": [62, 71]}, {"key": "personal-data", "type": "definition", "offset": [137, 150]}, {"key": "without-undue-delay", "type": "definition", "offset": [271, 290]}, {"key": "cooperate-with", "type": "clause", "offset": [326, 340]}, {"key": "with-respect-to", "type": "clause", "offset": [350, 365]}, {"key": "relating-to", "type": "definition", "offset": [385, 396]}, {"key": "required-notices", "type": "clause", "offset": [436, 452]}, {"key": "requested-by-customer", "type": "clause", "offset": [493, 514]}, {"key": "in-relation-to", "type": "clause", "offset": [515, 529]}], "snippet": "If SurveyMonkey becomes aware of any unauthorized or unlawful access to, or acquisition, alteration, use, disclosure, or destruction of, Personal Data (\u201cSecurity Incident\u201d), SurveyMonkey will promptly, and in any event, as soon as reasonably practicable, notify Customer without undue delay. SurveyMonkey will also reasonably cooperate with Customer with respect to any investigations relating to a Security Incident with preparing any required notices, and provide any information reasonably requested by Customer in relation to any Security Incident.", "samples": [{"hash": "26uvsGQ8Qqj", "uri": "/contracts/26uvsGQ8Qqj#security-incident", "label": "Master Services Agreement", "score": 30.6163730621, "published": true}, {"hash": "Qz2AcDBzxa", "uri": "/contracts/Qz2AcDBzxa#security-incident", "label": "Master Services Agreement", "score": 30.4603424072, "published": true}, {"hash": "2GzWHoEenDu", "uri": "/contracts/2GzWHoEenDu#security-incident", "label": "Master Services Agreement", "score": 25.943189621, "published": true}], "size": 12, "hash": "6a362738fba438948a5c8ed7729caed4", "id": 9}], "next_curs": "CloSVGoVc35sYXdpbnNpZGVyY29udHJhY3RzcjYLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhpzZWN1cml0eS1pbmNpZGVudCMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"title": "Security Incident", "size": 1098, "children": [["notification", "Notification"], ["notice", "Notice"], ["reports", "Reports"], ["security-incident-procedure", "Security Incident Procedure"], ["assistance", "Assistance"]], "parents": [["definitions", "Definitions"], ["miscellaneous", "Miscellaneous"], ["notices", "Notices"], ["security-incident-notification", "Security Incident Notification"], ["security-breach-notification", "Security Breach Notification"]], "id": "security-incident", "related": [["security-incidents", "Security Incidents", "<strong>Security Incidents</strong>"], ["security-incident-notification", "Security Incident Notification", "<strong>Security Incident</strong> Notification"], ["security-incident-reporting", "Security Incident Reporting", "<strong>Security Incident</strong> Reporting"], ["breaches-and-security-incidents", "Breaches and Security Incidents", "Breaches and <strong>Security Incidents</strong>"], ["security-incident-response", "Security Incident Response", "<strong>Security Incident</strong> Response"]], "related_snippets": [], "updated": "2025-10-12T05:44:31+00:00", "also_ask": [], "drafting_tip": "Define 'security incident' precisely to avoid ambiguity; specify notification timelines to ensure prompt response; allocate responsibilities clearly to facilitate effective incident management.", "explanation": "A Security Incident clause defines the obligations and procedures that must be followed in the event of a breach or compromise of information security. Typically, this clause requires the affected party to promptly notify the other party of any unauthorized access, disclosure, or loss of sensitive data, and may outline steps for investigation, mitigation, and cooperation with authorities. Its core practical function is to ensure a coordinated and timely response to security threats, minimizing potential harm and clarifying responsibilities in the event of a data breach."}, "json": true, "cursor": ""}}