Data Security Incident. In the event of any actual or suspected security incident affecting AbbVie Data Processed by Service Provider (a “Data Security Incident”), Service Provider shall: a) immediately, and in any event no later than twenty-four (24) hours following discovery of such Data Security Incident, send written notice of the incident via e- mail to c▇▇▇▇@▇▇▇▇▇▇.▇▇▇; b) not make any statements or notifications about the Data Security Incident to any individual affected by the incident, the public or any third-party without AbbVie’s prior written approval; c) immediately take steps to investigate and mitigate the Data Security Incident, including all such steps reasonably requested by AbbVie and, in conducting such investigation and mitigation, Service Provider shall reasonably cooperate with AbbVie, including by providing access to Service Provider’s premises, books, logs and records to the extent necessary to investigate and mitigate the Data Security Incident; d) take all remediation efforts required by applicable law or reasonably directed by AbbVie; and e) if requested by AbbVie, provide AbbVie within five (5) business days after the request a report that describes: (A) the nature and extent of the Data Security Incident; (B) the AbbVie Data (including separate identification of AbbVie Personal Information) affected unless otherwise provided herein; (C) supporting evidence, including system, network and application logs related to the incident; (D) the investigative, corrective and remedial actions completed, and planned to be completed (and the dates by which such actions will be completed) by Service Provider; and (E) an assessment of the security impact to AbbVie.
Appears in 2 contracts
Sources: Master Services Agreement (Docola, Inc.), Master Services Agreement (Docola, Inc.)