Incident Response and Notification Procedures Clause Samples

POPULAR SAMPLE Copied 1 times
Incident Response and Notification Procedures. 9.1 Convercent will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware a Breach, Convercent shall take all reasonable measures to mitigate the harmful effects of the Breach. Convercent shall also notify Customer of the Breach as soon as practicable, but in no event later than 48 hours after the Breach. Notice to Customer shall include: (i) the identification of the Customer Data which has been or Convercent reasonably believes has been used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of Customer Data involved in the incident;
View SourceView Similar (3)
Incident Response and Notification Procedures. 8.1 You will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data at risk (“Security Breach”), you shall take all reasonable measures to mitigate the harmful effects of the Incident. You shall also notify eBay of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach. Notice to eBay shall be written to DL-eBay- ▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇.▇▇▇ and shall include: (i) the identification of the eBay Data which has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of eBay Data involved in the incident; (iv) a description of your response to the incident, including steps you have taken to mitigate the harm caused by the incident; and (v) other information as eBay may reasonably request. You must ensure that affected third parties are notified of the Security Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. You agree to cover the costs of any such notification, including reimbursing eBay for any reasonable costs such as to provide credit monitoring to affected Data Subjects. 8.2 You will retain all data related to known and reported Incidents or investigations indefinitely or until eBay notifies you that the image is no longer needed. Upon eBay’s request, you will permit eBay or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you will prepare and deliver to eBay a final report that describes in detail: (i) the extent of the Incident; (ii) the eBay Data disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.
View SourceView Similar (3)
Incident Response and Notification Procedures 
View SourceView Similar (2)
Incident Response and Notification Procedures 
View SourceView Similar (2)

Related to Incident Response and Notification Procedures

  • Notification Procedures To address non-compliance, the receiving Competent Authority would notify the providing Competent Authority pursuant to Article 5 of the IGA. The notification procedures would differ depending upon whether the receiving Competent Authority seeks to address administrative or other minor errors or significant non-compliance.

  • Application Procedures i) An employee applies for a listing on the system-wide registry through the employee’s Human Resources Department by completing the form in Appendix A. ii) The institution will immediately forward the completed form to the PSEA who will list eligible employees on the system-wide registry. iii) A registrant is responsible to ensure the information is current and to immediately notify the Employer and the local Union if the registrant is no longer available for employment through the Registry.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.

  • Notification Procedure (i) Each such notice shall be deemed to have been delivered: (A) when presented personally to the GOB; (B) when transmitted by facsimile; or (C) five (5) Days after being deposited in a regularly maintained receptacle for the postal service in Bangladesh, postage prepaid, registered or certified, return receipt requested, addressed to the GOB, at the address indicated in Section 17 of the Implementation Agreement (or such other address as the GOB may have specified by written notice delivered in accordance therewith). Any notice given by facsimile under this Section 4.6 shall be confirmed in writing delivered personally or sent by prepaid post, but failure to so confirm shall not void or invalidate the original notice if it is in fact received by the GOB.