Incident Response. Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.
Incident Response. Contractor may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement and seeking external expertise as mutually agreed upon, defined by law or contained in this Contract. Discussing Security Incidents with the Eligible User should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes, defined by law or contained in this Contract.
Incident Response. Response time objectives for incidents reported to UNM IT are as follows: Priority 1 (P1) is acknowledged, accepted and resolved within four (4) clock hours. Priority 2 (P2) is acknowledged, accepted and resolved within one (1) business day. Priority 3 (P3) is acknowledged, accepted and resolved within four (4) business days. Priority 4 (P4) is acknowledged, accepted and resolved within nine (9) business days.
Incident Response. The Contractor (and/or any subcontractor) shall respond to all alerts/Indicators of Compromise (IOCs) provided by HHS Computer Security Incident Response Center (CSIRC)/NIH IRT teams within 24 hours, whether the response is positive or negative. FISMA defines an incident as "an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines incidents as events involving cyber security and privacy threats, such as viruses, malicious user activity, loss of, unauthorized disclosure or destruction of data, and so on. A privacy breach is a type of incident and is defined by Federal Information Security Modernization Act (FISMA) as the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where (1) a person other than an authorized user accesses or potentially accesses personally identifiable information or (2) an authorized user accesses or potentially accesses personally identifiable information for an other than authorized purpose. The HHS Policy for IT Security and Privacy Incident Reporting and Response further defines a breach as "a suspected or confirmed incident involving PII". In the event of a suspected or confirmed incident or breach, the Contractor (and/or any subcontractor) shall:
Incident Response. Contractor may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement and seeking external expertise as mutually agreed upon, defined by law or contained in this Contract. Discussing Security Incidents with DTS should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes, defined by law or contained in this Contract.
Incident Response. Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents. Encryption Technologies. Google makes HTTPS encryption (also referred to as SSL or TLS connection) available. Google servers support ephemeral elliptic curve Xxxxxx-Xxxxxxx cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.
Incident Response. Google monitors a variety of communication channels for security incidents, and Google’s security personnel will react promptly to known incidents.
Incident Response. A documented plan and associated procedures, to include the responsibilities of Zoom personnel and identification of parties to be notified in case of an information security incident, must be in place.
Incident Response. The Contractor may need to communicate with outside parties regarding a security incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Master Agreement, Participating Addendum, or SLA. Discussing security incidents with the Purchasing Entity should be handled on an urgent as-needed basis, as part of Contractor’s communication and mitigation processes as mutually agreed, defined by law or contained in the Master Agreement, Participating Addendum, or SLA.
Incident Response. The Service Provider must respond to critical problems by ensuring that appropriate managerial personnel are made aware of the problem and that they actively track and expedite a resolution. The Service Provider must assign support or development personnel at the appropriate level to the problem, and those personnel must prepare a work plan for the problem’s expeditious resolution. The work plan must assume that the Service Provider’s appropriate staff will work without material interruption until the problem is resolved properly. At the request of an affected Subscribing Entity, the Service Provider’s personnel must maintain daily contact with the Subscribing Entity’s technical staff to keep the Subscribing Entity abreast of efforts being made to solve the problem. The Service Provider also must provide the Subscribing Entity’s technical staff with direct access to the Service Provider’s support personnel and product development personnel, if appropriate, who are assigned to the problem. The Service Provider must respond to urgent problems by having its product development and support personnel work in concert to develop a fix or a workaround. If requested, the Service Provider’s support personnel must maintain regular contact with the affected Subscribing Entities to keep their technical staff abreast of progress toward a resolution of the problem. The Service Provider’s support staff must include the problem in regular status reports to the Service Provider’s management team. And the Service Provider’s support staff must provide the fix or workaround procedure as soon as it is available. The Service Provider must respond to routine problems by providing the affected Subscribing Entities with a fix or workaround on a priority basis if the problem is one for which an existing patch or workaround already exists. For newly identified problems falling into this classification, the Service Provider’s support personnel must generate a problem report, and the appropriate development or support personnel then must prioritize the problem in relation to other outstanding product issues. The assigned priority then will govern the problem solving or developmental work needed to address the problem and the schedule for delivering a solution. For routine calls that involve end usage and configuration issues rather than bugs or other technical problems, the Service Provider’s first or second level support personnel must provide the Subscribing Entity’s technical staff ...
