SECURITY REPORTING REQUIREMENT. Violations of established security protocols shall be reported to the CO and COR upon discovery within 24 hours of its receipt of any compromise, intrusion, loss or interference of its security processes and procedures. The Contractor shall ensure that all software components that are not required for the operation and maintenance of the database/control system has been removed and/or disabled. The Contractor shall provide to the CO and the COR information appropriate to Information and Information Technology software and service updates and/or workarounds to mitigate all vulnerabilities associated with the data and shall maintain the required level of system security. The Contractor will investigate violations to determine the cause, extent, loss or compromise of sensitive program information, and corrective actions taken to prevent future violations. The CO in coordination with BARDA will determine the severity of the violation. Any contractual actions resulting from the violation will be determined by the CO.
Appears in 4 contracts
Samples: Fixed Price (MediWound Ltd.), Paratek Pharmaceuticals, Inc., Fixed Price (MediWound Ltd.)
