Common use of Incident Response and Notification Procedures Clause in Contracts

Incident Response and Notification Procedures. 8.1 You will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data at risk (“Security Breach”), you shall take all reasonable measures to mitigate the harmful effects of the Incident. You shall also notify eBay of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach. Notice to eBay shall be written to DL-eBay- ▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇.▇▇▇ and shall include: (i) the identification of the eBay Data which has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of eBay Data involved in the incident; (iv) a description of your response to the incident, including steps you have taken to mitigate the harm caused by the incident; and (v) other information as eBay may reasonably request. You must ensure that affected third parties are notified of the Security Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. You agree to cover the costs of any such notification, including reimbursing eBay for any reasonable costs such as to provide credit monitoring to affected Data Subjects. 8.2 You will retain all data related to known and reported Incidents or investigations indefinitely or until eBay notifies you that the image is no longer needed. Upon eBay’s request, you will permit eBay or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you will prepare and deliver to eBay a final report that describes in detail: (i) the extent of the Incident; (ii) the eBay Data disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.

Incident Response and Notification Procedures. 8.1 You will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data Content at risk (“Security Breach”), you shall take all reasonable measures to mitigate the harmful effects of the Incident. You shall also notify eBay of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach. Notice to eBay shall be written to DL▇▇-eBay- ▇▇▇▇-▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇.▇▇▇ and shall include: (i) the identification of the eBay Data Content which has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of eBay Data Content involved in the incident; (iv) a description of your response to the incident, including steps you have taken to mitigate the harm caused by the incident; and (v) other information as eBay may reasonably request. You must ensure that affected third parties are notified of the Security Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. You agree to cover the costs of any such notification, including reimbursing eBay for any reasonable costs such as to provide credit monitoring to affected Data Subjects. 8.2 You will retain all data related to known and reported Incidents or investigations indefinitely or until eBay notifies you that the image is no longer needed. Upon eBay’s request, you will permit eBay or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you will prepare and deliver to eBay a final report that describes in detail: (i) the extent of the Incident; (ii) the eBay Data Content disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.

Incident Response and Notification Procedures. 8.1 You 9.1 Convercent will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put eBay Data at risk (“Security a Breach”), you Convercent shall take all reasonable measures to mitigate the harmful effects of the IncidentBreach. You Convercent shall also notify eBay Customer of the Security Breach as soon as practicable, but in no event later than 24 48 hours after the Security Breach. Notice to eBay shall be written to DL-eBay- ▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇.▇▇▇ and Customer shall include: (i) the identification of the eBay Customer Data which has been, been or is Convercent reasonably believed to have been, believes has been used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of eBay Customer Data involved in the incident; (iv) a description of your Convercent’s response to the incident, including steps you have Convercent has taken to mitigate the harm caused by the incident; and (v) other information as eBay Customer may reasonably requestrequest and is reasonably applicable. You must ensure that affected third parties are notified of the Security Breach, at eBay’s sole discretion, either by notifying such third parties after eBay has reviewed and approved the language and method of notice, or by enabling eBay to notify such third parties itself. You agree Convercent agrees to cover the costs of any such notification, including reimbursing eBay Customer for any reasonable costs such as to provide credit monitoring to affected Data Subjectscosts. 8.2 You 9.2 Convercent will retain all data related to known and reported Incidents or investigations indefinitely or until eBay Customer notifies you Convercent that the image is no longer needed. Upon eBayCustomer’s request, you Convercent will permit eBay Customer or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you Convercent will prepare and deliver to eBay Customer a final report that describes in detail: (i) the extent of the Incident; (ii) the eBay Customer Data disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.