Security Incidents. 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.
Security Incidents. Contractor shall address any Security Incidents in the manner prescribed in ITS Policy NYS-P03-002 Information Security Policy (or successor policy(ies)), including the New York State Cyber Incident Reporting Procedures incorporated therein or in such successor policy(ies).
Security Incidents. 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.
11.2 All Contractors must implement appropriate arrangements which ensure that the Department’s information and any other Departmental assets are protected in accordance with prevailing statutory and central government requirements. These arrangements will clearly vary according to the size of the organisation.
Security Incidents. Contractor shall report any security incident of which it becomes aware to Client. For purposes of this agreement, a “security incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations. This does not include trivial incidents that occur on a daily basis, such as scans, “pings”, or unsuccessful attempts to penetrate computer networks or servers maintained by Contractor.
Security Incidents. (a) The Supplier must report to SPREP any actual or suspected Security Incident within five Business Days of the actual or suspected Security Incident.
Security Incidents. Honeywell will notify User without undue delay after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorized access, disclosure or use of User Personal Data while Processed by Xxxxxxxxx (each a “Security Incident”). Honeywell will investigate the Security Incident and provide User with relevant information about the Security Incident as required under Applicable Privacy Laws. Honeywell will use reasonable efforts to assist the User in mitigating, where possible, the adverse effects of any Security Incident.
Security Incidents. If the Service Provider becomes aware of a Security Incident, the Service Provider will investigate and remediate the effects of the Security Incident in accordance with its internal policies and procedures and the requirements of law and regulation applicable to Service Provider. The Service Provider will notify the Client of any Security Incident as soon as reasonably practicable after the Service Provider becomes aware of a Security Incident, unless the Service Provider is subject to a legal or regulatory constraint, or if it would compromise the Service Provider’s investigation. The parties agree that where the Service Provider has no direct contractual relationship with Data Subjects whose data have been compromised in a Security Incident, the Client will be responsible for making any notifications to regulators and individuals that are required under applicable data protection law or regulation. The Service Provider will provide reasonable information and assistance to the Client to help the Client to meet its obligations to Data Subjects and regulators. Neither the Service Provider nor the Client will issue press or media statements or comments in connection with the Security Incident that name the other party unless it has obtained the other party’s prior written consent.
Security Incidents. Business Associate will report any security incident of which it becomes aware to Client. For purposes of this agreement, a “security incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations. This does not include trivial incidents that occur on a daily basis, such as scans, “pings”, or unsuccessful attempt to penetrate computer networks or servers maintained by Business Associate.
Security Incidents. 9.1. Upon becoming aware of a Security Incident, the affected party shall inform the other party without undue delay and shall provide all such timely information and cooperation as the other party may reasonably require including in order for the affected party to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law.
9.2. The parties shall each further take all such measures and actions as are reasonably necessary to remedy or mitigate the effects of the Security Incident and shall keep the other party up-to-date about all developments in connection with the Security Incident.
Security Incidents. 1. Security Incidents on Supplier Information Systems must be logged, reviewed on a periodic basis (minimum quarterly), secured, and maintained for a minimum of twelve (12) months.
2. Supplier must develop and maintain an up-to-date incident management plan designed to promptly identify, prevent, investigate, and mitigate any Security Incidents and perform any required recovery actions to remedy the impact.
3. Supplier shall notify Company within a reasonable period, in no event to exceed seventy-two (72) hours after discovery, or shorter if required by applicable law or regulation, of any Security Incident experienced by Supplier involving any Company Data. Supplier shall report any Security Incidents to the Cyber Incident Response Team at xxxxxx@xx.xxx or 1-800-4GE- CIRT, or at such contact information communicated to Supplier from time to time. Supplier shall reasonably cooperate with Company in its investigation of an incident, whether discovered by Supplier, Company, or a third party, which shall include providing Company a detailed description of the Security Incident, the type of data that was the subject of the Security Incident, the identity of each affected person, and any other information Company reasonably may request concerning such affected persons and the details of the Security Incident, as soon as such information can be collected or otherwise becomes available. Supplier shall designate an individual responsible for management of the Security Incident, and shall identify such individual to Company promptly.
4. If requested by Company or its Affiliate, and at Company’s direction, Supplier shall send Security Notices regarding a Security Incident. Unless prohibited by applicable law or regulation, Supplier shall provide Company or its Affiliate with reasonable notice of, and the opportunity to comment on and approve, the content of such Security Notices prior to any publication or communication thereof to any third party, except neither Company nor its Affiliate shall have the right to reject any content in a Security Notice that must be included in order to comply with applicable law or regulation. Should Company or its Affiliate elect to send a Security Notice regarding a Security Incident, Supplier shall provide all reasonable and timely information relating to the content and distribution of that Security Notice as permitted by applicable law or regulation pursuant to the Security Notice.
5. Other than approved Security Notices, or to l...
