Loss Reporting. The Contractor must notify the State’s Privacy Officer and Security Officer of any Security Incidents and Breaches immediately, at the email addresses provided in Section VI. The Contractor must further handle and report Incidents and Breaches involving PHI in accordance with the agency’s documented Incident Handling and Breach Notification procedures and in accordance with 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, Contractor’s compliance with all applicable obligations and procedures, Contractor’s procedures must also address how the Contractor will:
Loss Reporting. The Principal has the responsibility to maintain proper custody of deposit certificates and the original authorized seal. Any losses or damages must be reported immediately to the Bank. Until the Bank receives a written report of the loss, the Bank shall not be held liable for honoring payment to any third party who presents forged documents or original authorized seal if the Bank has already exercised the due care of a good administrator.
Loss Reporting. The Broker must submit a Claim and loss summary report annually to the Department’s Contract Manager. The Department reserves the right to request loss runs at any time during the policy period.
Loss Reporting. If either SSA or OPM experiences an incident involving the loss or breach of PII provided by SSA or OPM under the terms of this agreement, that agency will follow the incident reporting guidelines issued by OMB. In the event of a reportable incident under OMB guidance involving PII, the agency experiencing the incident is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team and the agency’s privacy office). In addition, the agency experiencing the incident (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this agreement. If OPM is unable to speak with the SSA Systems Security Contact within one hour, or if for some other reason notifying the SSA Security Systems Contact is not practicable (e.g., it is outside of the normal business hours), OPM will call SSA’s National Network Service Center toll free at 0-000-000-0000. Within one hour of becoming aware of a possible incident involving OPM provided PII, SSA will contact OPM IT Security Operations: xxxxxxxxxxxxxx@xxx.xxx; 000-000-0000.
Loss Reporting. If either SSA or VA/VHA experiences an incident involving the loss or breach of PII provided by SSA or VA/VHA under the terms of this agreement, they will follow the incident reporting guidelines issued by OMB. In the event of a reportable incident under OMB guidance involving PII, the agency experiencing the incident is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the incident (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this agreement. If VA/VHA is unable to speak with the SSA Systems Security Contact within one hour or, if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA/VHA will call SSA’s National Network Service Center toll free at 0-000-000-0000. If SSA is unable to speak with VA’s Systems Security Contact within one hour, SSA will contact the Enterprise Service Desk, 000-000-0000 (option 5) to create an incident ticket for assignment to the Cyber Security Operations Center (CSOC).
Loss Reporting. If either SSA or VA experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this agreement, they will follow the incident reporting guidelines issued by OMB. In the event of a reportable incident under OMB guidance involving PII, the agency experiencing the incident is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team and the agency’s privacy office). In addition, the agency experiencing the incident (e.g., electronic or paper) will notify the other agency’s Information Security Contact named in this agreement. If VA is unable to speak with the SSA Information Security Contact within one hour or if for some other reason notifying the SSA Information Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at 0-000-000-0000. If SSA is unable to speak with VA’s Information Security Contact within one hour, SSA will contact the VA Network and Security Operations Center at 0-000-000-0000, Option 6 then Option 4.
Loss Reporting. ENTITY shall immediately notify DHHS Information Security and Program Manager, via the email addresses provided in this Agreement, of any information security events, Incidents, or Breaches this includes a confidential information breach, or suspected breach, which affects or includes any State of New Hampshire systems that connect to the State of New Hampshire network. ENTITY shall further handle and report incidents and breaches involving PHI in accordance with the agency’s documented incident handling and breach notification procedures and in accordance with HIPAA, and 42 C.F.R. §§ 431.300 - 306. In addition to, and notwithstanding, ENTITY’s compliance with all applicable obligations and procedures. ENTITY’s procedures shall also address how ENTITY shall: Identify Incidents; Determine if personally identifiable information is involved in any Incidents; Report suspected or confirmed Incidents as required by this Agreement and in the EUA; Identify and convene a core response group within ENTITY’s organization to determine the risk level of Incidents and determine risk-based mitigation and responses to Incidents; Determine whether Breach notification is required, and, if so, identify appropriate Breach notification methods, timing, source, and contents from among different options, and bear costs associated with the Breach notice as well as any mitigation measures; and Address and report Incidents, and or breaches that implicate personal information to DHHS in accordance with timing provisions of NH RSA 359-C:20 and this Agreement. If a suspected or known incident, breach involves Social Security Administration (SSA) provided data, Internal Revenue Services (IRS) provided data, or Federal Tax Information (FTI), then ENTITY shall notify DHHS Information Security without delay. In the event of any security breach, ENTITY shall make efforts to investigate the causes of the breach, promptly take measures to prevent future breach, and minimize any damage or loss resulting from the breach. The State shall recover from ENTITY all costs of response and recovery from the breach, including but not limited to: credit monitoring services, mailing costs and costs associated with website and telephone call center services necessary due to the breach.
Loss Reporting. If either SSA or Fiscal Service experiences an incident involving the loss or breach of PII provided by SSA or Fiscal Service under the terms of this agreement, they will follow the incident reporting guidelines issued by OMB. In the event of a reportable incident under OMB guidance involving PII, the agency experiencing the incident is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team and the agency’s privacy office). In addition, the agency experiencing the incident (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this agreement. If Fiscal Service is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), Fiscal Service will call SSA’s National Network Service Center toll free at 0-000-000-0000. If SSA is unable to speak with Fiscal Service’s Systems Security Contact within one hour, SSA will contact Fiscal Service IT Service Desk at (000) 000-0000.
Loss Reporting. If either agency experiences a loss of PII provided by the other under the terms of this agreement, that agency will follow OMB loss reporting guidelines (OMB M-17-12 "Preparing for and Responding to a Breach of Personally Identifiable Information") and notify the United States Computer Emergency Readiness Team (US- CERT) within one (1) hour of discovering the incident. In addition, they will immediately notify the other agency's Information Security Programs Section (BOP: 000-000-0000 or 000-000-0000; VA contact person named in this agreement) in the event of any actual or suspected breach of such data (i.e., Loss of control, compromise, unauthorized disclosure, access for an unauthorized purpose, or other unauthorized access, whether physical or electronic). If within one (1) hour VA has been unable to make a report to the BOP contact(s) named herein, VA will call the DOJ Computer Emergency Readiness Team (DOJCERT) at 1-866-US4-CERT (1-866-874- 2378) and make the report. If within one (1) hour BOP has been unable to make a report to the VA contact named herein, BOP will call the VA Enterprise Service Desk at 000-000-0000 and make the report.
Loss Reporting. If either SSA or OPM experience a loss of PII provided by SSA or OPM under the terms of this agreement, they will follow the OMB loss reporting guidelines (OMB M-06-19, “Reporting Incidents Involving Personally Identifiable Information, and Incorporating the Cost for Security into IT Investments”). In the event of an incident involving the loss or potential loss of PII, the agency experiencing the event is responsible for following its established procedures, including notification to the proper organizations (i.e., United States Computer Emergency Readiness Team). In addition, the agency experiencing the loss of PII will notify the other agency’s Systems Security Contact named in this agreement. If OPM is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), OPM will call SSA’s National Network Service Center toll free at 0-000-000-0000. Immediately upon becoming aware of a possible incident involving OPM-provided PII (or no later than 60 minutes after becoming aware of the possible incident, regardless of day or time), SSA will contact the OPM Situation Room at: xxxxxxx@xxx.xxx; (000) 000-0000; Fax (000) 000-0000. (The OPM SITRoom is available 24 hours/day; 365 days/year.)
