Common use of Incident Response Plan Clause in Contracts

Incident Response Plan. The SI's Information Security Program shall include an incident response plan to address and handle Security Incidents relating to NFPS Data and MTA Group Confidential Information and, at a minimum, shall also apply to NFPS Security-Sensitive SI Resources (the "Incident Response Plan"). This Incident Response Plan shall comply with Good Industry Practices and the requirements set out in the Technical Specifications. The SI shall periodically test its incident Response Plan, all in accordance with Good Industry Practices. The SI shall submit a draft of the Incident Response Plan to the MTA for review and approval, and the SI shall otherwise ensure that the Incident Response Plan has been approved and is implemented prior to the earlier of (i) the commencement of the first Pilot Test, and (ii) the SI's collection of NFPS Data from any MTA Group customer.