Common use of Security Incident Response Program Clause in Contracts

Security Incident Response Program. Supplier maintains appropriate security incident management policies and procedures. Supplier will immediately, but at least within 24 hours upon discovery, notify SFDC of an actual or reasonably suspected Security Breach. In the notification, Supplier shall include details of when the Security Breach occurred and when it was detected, the nature and scope of the Protected Information involved in the Security Breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned, the observed and probable consequences of the Security Breach, measures taken or proposed to mitigate the negative effects of the Security Breach, the name and contact details of the data protection officer or other contact point where more information can be obtained, and all other information requested by SFDC regarding the Security Breach. In addition, Supplier shall (i) investigate and remediate the effects of the Security Breach; (ii) provide SFDC, in writing, an impact assessment and assurance satisfactory to SFDC that such Security Breach will not recur; and (iii) upon SFDC's request, provide SFDC with cooperation and assistance needed to fulfill SFDC’s obligations to provide information to regulators or individuals without undue delay as required by Data Protection Laws and Regulations. To the extent Supplier does not have full information about the Security Breach at the time of the initial notification, Supplier shall still complete the initial notification on the timing set forth above and then supplement that with additional information as it becomes available. Without limiting any other rights or remedies of SFDC, if as the result of any act or omission of Supplier or any of its personnel, contractors, or agents, one or more third parties is required to be notified of unauthorized access or use of Protected Information, Supplier agrees it shall be responsible for any reasonable costs associated with such communication (including providing call center services) and for any costs of providing a credit monitoring services. In addition, Supplier will provide indemnification to SFDC related to such Security Breach as set forth in the Agreement.

Security Incident Response Program. Supplier maintains appropriate security incident management policies and procedures. Supplier will shall immediately, but at least within 24 hours upon discovery, notify SFDC of an actual or reasonably suspected a Security Breach. In the notification, Supplier shall include details of when the Security Breach occurred and when it was detected, the nature and scope of the Protected Personal Data or Confidential Information involved in the Security Breach including where possible, the categories and approximate number of data subjects Data Subjects concerned and the categories and approximate number of personal data Personal Data or Confidential Information records concerned, the observed and probable consequences of the Security Breach, measures taken or proposed to mitigate the negative effects of the Security Breach, the name and contact details of the Supplier’s data protection officer or other contact point where more information can be obtained, and all other information reasonably requested by SFDC and available to Supplier regarding the Security Breach. In addition, Supplier shall (i) investigate and remediate the effects of the Security Breach; (ii) provide SFDC, in writing, an impact assessment and assurance satisfactory to SFDC that such Security Breach will not recur; and (iii) upon SFDC's request, provide SFDC with cooperation and assistance needed to fulfill SFDC’s obligations to provide information to regulators or individuals Data Subjects without undue delay as required by Data Protection Laws and Regulations. To the extent Supplier does not have full the foregoing information about the Security Breach at the time of the initial notification, Supplier shall still complete the initial notification on the timing set forth above and then supplement that notification with additional information as it becomes available. Without limiting any other rights or remedies of SFDC, if as the result of any act or omission of Supplier or any of its personnel, contractors, or agents, one or more third parties is required to be notified of unauthorized access or use of Protected InformationPersonal Data, Supplier agrees it shall be responsible for any reasonable costs associated with such communication (including providing call center services) and for any costs of providing a credit monitoring services. In addition, Supplier will provide indemnification to SFDC related to such Security Breach as set forth in the Agreementservice.

Security Incident Response Program. Supplier maintains appropriate security incident management policies and procedures. Supplier will shall immediately, but and at least within 24 hours upon discovery, notify SFDC of an actual or reasonably suspected a Security BreachBreach at the email alias xxxxxxxx@xxxxxxxxxx.xxx. In the notification, Supplier shall include details of when the Security Breach occurred and when it was detected, the nature and scope of the Protected Information or Confidential Information involved in the Security Breach including where possible, the categories and approximate number of data subjects Data Subjects concerned and the categories and approximate number of personal data Protected Information or Confidential Information records concerned, the observed and probable consequences of the Security Breach, measures taken or proposed to mitigate the negative effects of the Security Breach, the name and contact details of the Supplier’s data protection officer or other contact point where more information can be obtained, and all other information reasonably requested by SFDC and available to Supplier regarding the Security Breach. In addition, Supplier shall (i) investigate and remediate the effects of the Security Breach; (ii) provide SFDC, in writing, an impact assessment and assurance satisfactory to SFDC that such Security Breach will not recur; and (iii) upon SFDC's request, provide SFDC with cooperation and assistance needed to fulfill SFDC’s obligations to provide information to SFDC Customers, regulators or individuals Data Subjects without undue delay as required by Data Protection Laws and Regulations. To the extent Supplier does not have full the foregoing information about the Security Breach at the time of the initial notification, Supplier shall still complete the initial notification on the timing set forth above and then supplement that notification with additional information as it becomes available. Without limiting any other rights or remedies of SFDC, if as the result of any act or omission of Supplier or any of its personnel, contractors, or agents, one or more third parties is required to be notified of unauthorized access or use of Protected InformationPersonal Data, Supplier agrees it shall be responsible for any reasonable costs associated with such communication (including providing call center services) and for any costs of providing a credit monitoring services. In addition, Supplier will provide indemnification to SFDC related to such Security Breach as set forth in the Agreementservice.