Common use of System Security Requirements Clause in Contracts

System Security Requirements. If the Contractor becomes aware of any unauthorized access to an agency’s Confidential Information or a security breach that compromises or reasonably could compromise an agency’s Confidential Information (an “incident”), the Contractor shall take appropriate immediate actions to contain the incident, in accordance with applicable law, and notify the Ordering Entity as soon as reasonably possible. The Contractor shall provide the Ordering Entity with information regarding any incident as may be reasonably requested by the Ordering Entity and that is in the Contractor’s possession, custody, or control at the time a request is received. Upon request of the Government, the Contractor will reasonably cooperate with the Government to investigate the nature and scope of any incident and to take appropriate actions to investigate and otherwise respond to the incident or associated risks. (As used in this Section, “compromise” means that the information has been exposed to any unauthorized access, inadvertent disclosure, known misuse, or known loss, alteration or destruction of Confidential Information other than as required to provide the services.)