Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.
Security Incidents 11.1 Includes identification, managing and agreed reporting procedures for actual or suspected security breaches.
Breaches and Security Incidents During the term of the Agreement, CONTRACTOR 27 agrees to implement reasonable systems for the discovery of any Breach of unsecured DHCS PI and PII 28 or security incident. CONTRACTOR agrees to give notification of any beach of unsecured DHCS PI 29 and PII or security incident in accordance with subparagraph F, of the Business Associate Contract, 30 Exhibit B to the Agreement.
Security Incident “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
Records and Reporting Company will maintain and preserve all records as required by law in connection with its provision of Services under this Agreement. Upon the reasonable request of Distributor, a Fund or the transfer agent for a Class, Company will provide timely copies of: (a) historical records relating to Client transactions involving the Class; (b) written communications regarding the Class to or from Clients; and (c) other materials relating to the provision of Services by Company under this Agreement.
Access and Reports Subject to applicable Law, upon reasonable notice, (a) the Company shall (and shall cause its Subsidiaries to) afford Parent and Parent’s Representatives reasonable access, during normal business hours throughout the period prior to the Effective Time, to its employees, properties, books, Contracts and records and, during such period, shall (and shall cause its Subsidiaries to) furnish promptly to Parent all information concerning its business, properties and personnel as may reasonably be requested and (b) Parent shall (and shall cause its Subsidiaries to) afford the Company reasonable access, during normal business hours throughout the period prior to the Effective Time, to such information as may be reasonably requested by the Company for a bona fide business purpose in connection with material events, circumstances, occurrences or developments with respect to Parent and its Subsidiaries after the date of this Agreement (or which were not previously disclosed to the Company by Parent or its Representatives and were not known by the Company, in each case, as of the date of this Agreement); provided that (i) neither the Company nor Parent shall be required to provide such access if it would unreasonably disrupt its operations and (ii) no investigation pursuant to this Section 6.7 shall affect or be deemed to modify any representation or warranty made by the Company, Parent, or Merger Sub herein, and provided, further, that the foregoing shall not require the Company, Parent or any of their respective Subsidiaries (1) to permit any inspection, or to disclose any information, that in the reasonable judgment of the Company or Parent, as applicable, would result in the disclosure of any Trade Secrets of third parties or violate any of its obligations with respect to confidentiality (provided that such Party shall have used reasonable best efforts to obtain the consent of such third party to such inspection or disclosure), (ii) to permit (or to require the Company to perform) any Phase II environmental site assessments or other intrusive environmental sampling or subsurface investigations, including soil, sediment or groundwater testing or sampling, on any of the properties owned, leased or operated by it or any of its Subsidiaries or (iii) to disclose any privileged information of the Company, Parent or any of their respective Subsidiaries. Notwithstanding anything in this Section 6.7 to the contrary, the Company and Parent shall use their respective commercially reasonable efforts to obtain any consents of third parties that are necessary to permit such access or make such disclosure and shall otherwise use commercially reasonable efforts to permit such access or disclosure, including pursuant to the use of “clean team” arrangements (on terms reasonably acceptable to the Company and Parent, as applicable) pursuant to which outside counsel of Parent or the Company, as applicable, could be provided access to any such information and pursuant to which such information shall not be disclosed by such outside counsel to directors, officers, employees or other Representatives of Parent or the Company, as applicable, without the prior consent of the other Party; provided that neither the Company nor Parent, as applicable, shall be required to incur any liability, take any action that would breach any Contract or applicable Law or otherwise jeopardize any privilege or protection in connection with the foregoing. All requests for information made pursuant to this Section 6.7 shall be directed to the general counsel or other Person designated by the Company or Parent, as applicable. All such information shall be governed by the terms of the Confidentiality Agreement.
Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. 6.2 Business Associate shall provide Covered Entity with the names of the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected individuals, as set forth in 45 CFR § 164.404(c), and, if requested by Covered Entity, information necessary for Covered Entity to investigate the impermissible use or disclosure. Business Associate shall continue to provide to Covered Entity information concerning the Breach as it becomes available to it. Business Associate shall require its Subcontractor(s) to agree to these same terms and conditions. 6.3 When Business Associate determines that an impermissible acquisition, use or disclosure of PHI by a member of its workforce is not a Breach, as that term is defined in 45 CFR § 164.402, and therefore does not necessitate notice to the impacted individual(s), it shall document its assessment of risk, conducted as set forth in 45 CFR § 402(2). When requested by Covered Entity, Business Associate shall make its risk assessments available to Covered Entity. It shall also provide Covered Entity with 1) the name of the person(s) making the assessment, 2) a brief summary of the facts, and 3) a brief statement of the reasons supporting the determination of low probability that the PHI had been compromised. When a breach is the responsibility of a member of its Subcontractor’s workforce, Business Associate shall either 1) conduct its own risk assessment and draft a summary of the event and assessment or 2) require its Subcontractor to conduct the assessment and draft a summary of the event. In either case, Business Associate shall make these assessments and reports available to Covered Entity. 6.4 Business Associate shall require, by contract, a Subcontractor to report to Business Associate and Covered Entity any Breach of which the Subcontractor becomes aware, no later than two (2) business days after becomes aware of the Breach.