Common use of Loss Reporting Clause in Contracts

Loss Reporting. If either agency experiences a loss of PII provided by the other under the terms of this agreement, that agency will follow OMB loss reporting guidelines (OMB M-17-12 "Preparing for and Responding to a Breach of Personally Identifiable Information") and notify the United States Computer Emergency Readiness Team (US- CERT) within one (1) hour of discovering the incident. In addition, they will immediately notify the other agency's Information Security Programs Section (BOP: ▇▇▇-▇▇▇-▇▇▇▇ or ▇▇▇-▇▇▇-▇▇▇▇; VA contact person named in this agreement) in the event of any actual or suspected breach of such data (i.e., Loss of control, compromise, unauthorized disclosure, access for an unauthorized purpose, or other unauthorized access, whether physical or electronic). If within one (1) hour VA has been unable to make a report to the BOP contact(s) named herein, VA will call the DOJ Computer Emergency Readiness Team (DOJCERT) at 1-866-US4-CERT (1-866-874- 2378) and make the report. If within one (1) hour BOP has been unable to make a report to the VA contact named herein, BOP will call the VA Enterprise Service Desk at ▇▇▇-▇▇▇-▇▇▇▇ and make the report.

Loss Reporting. If either agency experiences a loss of PII provided by the other under the terms of this agreement, that agency will follow OMB loss reporting guidelines (OMB M-17-12 "Preparing for and Responding to a Breach of Personally Identifiable Information") and notify the United States Computer Emergency Readiness Team (US- CERT) within one (1) hour of discovering the incident. In addition, they will immediately notify the other agency's Information Security Programs Section (BOP: ▇▇▇-▇▇▇-▇▇▇▇ or ▇▇▇-▇▇▇-▇▇▇▇; VA contact person named in this agreement) in the event of any actual or suspected breach of such data (i.e., Loss of control, compromise, unauthorized disclosure, access for an unauthorized purpose, or other unauthorized access, whether physical or electronic). If within one (1) hour VA has been unable to make a report to the BOP contact(s) named herein, VA will call the DOJ Computer Emergency Readiness Team (DOJCERT) at 1-866-US4-CERT (1-866866- 874-874- 2378) and make the report. If within one (1) hour BOP has been unable to make a report to the VA contact named herein, BOP will call the VA Enterprise Service Desk Network and Security Operations Center at ▇▇▇-- ▇▇▇-▇▇▇▇ and make the report.

Loss Reporting. If either agency experiences a loss of PII provided by the other under the terms of this agreement, that agency will follow OMB loss reporting guidelines (OMB M-17-12 "Preparing for and Responding to a Breach of Personally Identifiable Information"”) and notify the United States Computer Emergency Readiness Team (US- CERT) within one (1) hour of discovering the incident. In addition, they will immediately notify the other agency's Information Security Programs Section (BOP: ▇▇▇-▇▇▇-▇▇▇▇ or ▇▇▇-▇▇▇-▇▇▇▇; VA contact person named in this agreement) in the event of any actual or suspected breach of such data (i.e., Loss of control, compromise, unauthorized disclosure, access for an unauthorized purpose, or other unauthorized access, whether physical or electronic). If within one (1) hour VA has been unable to make a report to the BOP contact(s) named herein, VA will call the DOJ Computer Emergency Readiness Team (DOJCERT) at 1-866-US4-CERT (1▇-866▇▇▇-874- 2378▇▇▇-▇▇▇▇) and make the report. If within one (1) hour BOP has been unable to make a report to the VA contact named herein, BOP will call the VA Enterprise Service Desk Network and Security Operations Center at ▇▇▇-- ▇▇▇-▇▇▇▇ and make the report.