SECURITY REPORTING REQUIREMENT Clause Samples
The Security Reporting Requirement clause obligates a party to regularly provide updates or notifications regarding the status of security measures, incidents, or breaches. Typically, this clause specifies the types of security events that must be reported, the timeframe for reporting, and the format or method of communication. By establishing clear expectations for security-related disclosures, the clause ensures timely awareness and response to potential threats, thereby helping to manage risk and maintain trust between parties.
SECURITY REPORTING REQUIREMENT. Violations of established security protocols shall be reported to the CO and COR upon discovery within 24 hours of its receipt of any compromise, intrusion, loss or interference of its security processes and procedures. The Contractor shall ensure that all software components that are not required for the operation and maintenance of the database/control system has been removed and/or disabled. The Contractor shall provide to the CO and the COR information appropriate to Information and Information Technology software and service updates and/or workarounds to mitigate all vulnerabilities associated with the data and shall maintain the required level of system security. The Contractor will investigate violations to determine the cause, extent, loss or compromise of sensitive program information, and corrective actions taken to prevent future violations. The CO in coordination with BARDA will determine the severity of the violation. Any contractual actions resulting from the violation will be determined by the CO.