Incident Response. Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.
Incident Response. Contractor may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement and seeking external expertise as mutually agreed upon, defined by law or contained in this Contract. Discussing Security Incidents with the Eligible User should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes, defined by law or contained in this Contract.
Incident Response. Response time objectives for incidents reported to UNM IT are as follows: Priority 1 (P1) is acknowledged, accepted and resolved within four (4) clock hours. Priority 2 (P2) is acknowledged, accepted and resolved within one (1) business day. Priority 3 (P3) is acknowledged, accepted and resolved within four (4) business days. Priority 4 (P4) is acknowledged, accepted and resolved within nine (9) business days.
Incident Response. The Contractor (and/or any subcontractor) shall respond to all alerts/Indicators of Compromise (IOCs) provided by HHS Computer Security Incident Response Center (CSIRC)/NIH IRT teams within 24 hours, whether the response is positive or negative. FISMA defines an incident as "an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines incidents as events involving cyber security and privacy threats, such as viruses, malicious user activity, loss of, unauthorized disclosure or destruction of data, and so on. A privacy breach is a type of incident and is defined by Federal Information Security Modernization Act (FISMA) as the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses or potentially accesses personally identifiable information for an other than authorized purpose. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines a breach as "a suspected or confirmed incident involving PII". In the event of a suspected or confirmed incident or breach, the Contractor (and/or any subcontractor) shall:
Incident Response. Contractor may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement and seeking external expertise as mutually agreed upon, defined by law or contained in this Contract. Discussing Security Incidents with DTS should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes, defined by law or contained in this Contract.
Incident Response. Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents. Encryption Technologies. Google makes HTTPS encryption (also referred to as SSL or TLS connection) available. Google servers support ephemeral elliptic curve Xxxxxx-Xxxxxxx cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
Incident Response. Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents.
Incident Response. A documented plan and associated procedures, to include the responsibilities of Zoom personnel and identification of parties to be notified in case of an information security incident, must be in place.
Incident Response. Incidents are defined as interruptions to existing service and can range in priority from urgent to low depending on the impact to the Customer. CentralSquare will make commercially reasonable efforts to respond to Solutions incidents for live production systems using the following guidelines: Priority Level Impact Description Performance Target Minimum Performance Goal % 1 Urgent An Incident that results in loss of Customer connectivity to all of the Solutions or results in loss, corruption or damage to Customer’s Data. CentralSquare will respond within 1 hour of the issue being reported. 95% 2 Critical An Incident that has an adverse material impact on the performance of the Solutions or materially restricts Customer’s day-to- day operations. CentralSquare will respond within 2 hours of the issue being reported. 95% 3 Non-Critical An Incident that does not result in a failure of the Solutions but a fault exists that restricts the Customer’s use of the Solutions. CentralSquare will respond within 4 hours of the issue being reported. 95% 4 Minor An Incident that does not affect or which has minimal adverse impact on the use of the Solutions. CentralSquare will respond within 24 hours of the issue being reported. 95%
Incident Response. The Contractor may need to communicate with outside parties regarding a security incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Master Agreement, Participating Addendum, or SLA. Discussing security incidents with the Purchasing Entity should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes as mutually agreed, defined by law or contained in the Master Agreement, Participating Addendum, or SLA.
