Common use of Data Security Plan Clause in Contracts

Data Security Plan. The Contractor shall deliver and maintain a security incident plan in accordance with the criteria set forth in the Contractor’s privacy and security policy and shall implement the procedures required under such security incident plan on the occurrence of a Security incident, in compliance with the requirements of Texas Business and Commerce Code § 521.053 (“Notification Required Following Breach of Security of Computerized Data”). This plan shall be delivered in writing to the OAG within 14 Business Days following the award of this contract (Please refer to Form G Data Security Plan Outline). The contractor shall report, in writing, to the OAG any Security Incident within 24 hours after discovery. The report shall identify the nature of the event, a list of the affected individuals and the types of data, and the mitigation and investigation efforts of the Contractor. It shall also include the stages of the data security plan that has been implemented along with the next steps to mitigate the current and future risks. The contractor shall provide investigation updates to the OAG daily.