Incident Event and Communications Management Clause Samples

Incident Event and Communications Management a. Incident Management/Notification of Breach - Transfer Agent shall develop, implement and maintain an incident response plan that specifies actions to be taken when Transfer Agent or one of its subcontractors suspects or detects that a party has gained material unauthorized access to Fund Data or systems or applications containing any Fund Data (the “Response Plan”). Such Response Plan shall include the following: i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Fund Data (including backed up data) to Fund via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as Transfer Agent is prohibited by law, rule, regulation or other governmental authority from notifying Fund.

Incident Event and Communications Management a. Incident Management/Notification of Breach - State Street shall develop and implement an incident response plan that specifies actions to be taken when State Street or one of its subcontractors suspects or detects that a party has gained unauthorized access to Client Data or systems or applications containing any Client Data (the “Response Plan”). It must be approved by management, and have an owner to maintain and review the program. Such Response Plan shall include the following: i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Client Data (including backed up data) to Client via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as State Street is prohibited by law, rule, regulation or other governmental authority from notifying Client. ii. Incident Reporting - State Street will use commercially reasonable efforts to promptly furnish to Client information that State Street has regarding the general circumstances and extent of such unauthorized access.

Incident Event and Communications Management a. Incident Management/Notification of Breach - State Street will maintain an incident response plan that specifies actions to be taken when State Street or one of its subcontractors suspects or detects that a party has gained unauthorized access to Client Data or systems or applications containing any Client Data (the “Response Plan”). Such Response Plan will include an escalation procedure that includes notification to senior managers and reporting to regulatory and law enforcement agencies, when and if applicable. State Street will use commercially reasonable efforts to investigate, remediate and mitigate such unauthorized access. b. State Street will notify Client within forty-eight (48) hours after it has determined that unauthorized access to Client Data has occurred, unless otherwise prohibited by Applicable Law. In such an event, and unless prohibited by Applicable Law, State Street will provide information, to the extent available to State Street, sufficient to provide a reasonable description of the general circumstances and extent of such unauthorized access, and will provide reasonable cooperation to Client: i. in the investigation of any such unauthorized access; ii. in Client’s efforts to comply with statutory notice or other Applicable Laws applicable to Client or its customers; and iii. in litigation and investigations brought by Client against third parties, including injunctive or other equitable relief reasonably necessary to protect Client’s proprietary rights.

Incident Event and Communications Management a. Incident Management/Notification of Breach - Accounting Agent will maintain an incident response plan that specifies actions to be taken when Accounting Agent or one of its subcontractors suspects or detects that a party has gained unauthorized access to ▇▇▇▇▇▇ Funds Confidential Information or systems or applications containing any ▇▇▇▇▇▇ Funds Confidential Information (the “Response Plan”). Such Response Plan will include an escalation procedure that includes notification to senior managers and reporting to regulatory and law enforcement agencies, when and if applicable. Accounting Agent will use commercially reasonable efforts to investigate, remediate and mitigate such unauthorized access. b. Accounting Agent will notify ▇▇▇▇▇▇ Funds within forty-eight (48) hours after it has determined that unauthorized access to ▇▇▇▇▇▇ Funds Confidential Information has occurred, unless otherwise prohibited by applicable law. In such an event, and unless prohibited by applicable law, Accounting Agent will provide information, to the extent available to Accounting Agent, sufficient to provide a reasonable description of the general circumstances and extent of such unauthorized access, and will provide reasonable cooperation to Schwab Funds: i. in the investigation of any such unauthorized access; ii. in Schwab Funds’ efforts to comply with statutory notice or other applicable laws applicable to Schwab Funds or its customers; and iii. in litigation and investigations brought by Schwab Funds against third parties, including injunctive or other equitable relief reasonably necessary to protect Schwab Funds’ proprietary rights. For the avoidance of doubt, Accounting Agent will not be required to disclose information that Accounting Agent reasonably determines would compromise the security of Accounting Agent's technology or premises or that would impact other Accounting Agent clients.

Incident Event and Communications Management a. Incident Management/Notification of Breach - State Street shall develop and implement an incident response plan that specifies actions to be taken when State Street or one of its subcontractors suspects or detects that a party has gained unauthorized access to Funds’ Data or systems or applications containing any Funds’ Data (the “Response Plan”). It must be approved by management, and have an owner to maintain and review the program. Such Response Plan shall include the following: i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Funds’ Data (including backed up data) to the Funds via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as State Street is prohibited by law, rule, regulation or other governmental authority from notifying the Funds.

Incident Event and Communications Management a. Incident Management/Notification of Breach - State Street shall develop and implement an incident response plan that specifies actions to be taken when State Street or one of its subcontractors suspects or detects that a party has gained material unauthorized access to Client Data or systems or applications containing any Client Data (the “Response Plan”). Such Response Plan shall include the following: i. Escalation Procedures—An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Client Data (including backed up data) to Client via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as State Street is prohibited by law, rule, regulation or other governmental authority from notifying Client.

Incident Event and Communications Management. (a) Incident Management/Notification of Breach - State Street shall develop and implement an incident response plan that specifies actions to be taken when State Street or one of its Delegates detects that a party has gained unauthorized access (including inadvertent disclosures) to Fund Data (the “Response Plan”). Such Response Plan shall include an escalation procedure that includes notification to senior managers and appropriate reporting to Regulatory Authorities and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Fund Data (including backed up data) to the Funds via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as State Street is prohibited by Legal Requirement from notifying the Funds. (b) State Street shall promptly notify the Funds (but in no event later than forty-eight (48) hours or such shorter timeframe as may be required under applicable Legal Requirement) after State Street knows that unauthorized access to Fund Data has occurred, unless otherwise prohibited by Legal Requirement. In such an event, and unless prohibited by Legal Requirement, State Street shall provide as part of such notification, to the extent available to State Street, a reasonable description of the circumstances and extent of such unauthorized access sufficient for the Funds to understand material details of any such unauthorized disclosure or access, and shall provide reasonable cooperation to the Funds, their investigators and any Regulatory Authorities: (i) in the investigation, remediation, and resolution of, any other response to, any such unauthorized access; (ii) in the Funds’ efforts to comply with statutory notice or other Legal Requirements applicable to the Funds or their Clients arising as a result of such unauthorized access; and (iii) in litigation and investigations involving the Funds arising as a result of such unauthorized access. For the avoidance of doubt, State Street shall not be required to disclose or otherwise make available information pursuant to the terms of Section 6.1(e) of this Amendment. (c) With respect to each unauthorized disclosure or access, State Street shall promptly use commercially reasonable efforts (i) to contain such unauthorized disclosure or access and, further, to prevent further unauthorized access to or misuse of the Fund Data; an...

Incident Event and Communications Management. Incident Management/Notification of Breach – AvePoint has developed and implemented an incident response plan that specifies actions to be taken when AvePoint suspects or detects that a party has gained unauthorized access to Customer Data or systems or applications containing any Customer Data (the “Response Plan”). The Response Plan includes: • Incident Reporting – AvePoint will strive to promptly furnish to customer full details that AvePoint has or may obtain regarding the general circumstances and extent of such unauthorized access, including without limitation, the categories of Customer personal data and the number and/or identities of the data subjects affected, as well as any steps taken to secure the Customer Data and preserve information for any necessary investigation. • Investigation & Prevention – AvePoint uses reasonable efforts to assist customer in investigating or preventing the reoccurrence of any such access and strives to (i) cooperate with the customer in its efforts to comply with statutory notice or other legal obligations applicable to customer or its clients arising out of unauthorized access or use and to seek injunctive or other equitable relief; and (ii) promptly take all reasonable actions necessary to prevent a reoccurrence of and mitigate against loss from any such authorized access. • Personnel Training and Confidentiality – AvePoint has robust policies and procedures in place to ensure that all personnel fully understand the process and conditions under which they are required to invoke the appropriate incident response. AvePoint maintains strict confidentiality regarding actual or suspected authorized possession, use or knowledge of Customer Data or any other failure of AvePoint’s security measures or non-compliance with its security policies or procedures.

Incident Event and Communications Management a. Incident Management/Notification of Breach - DST shall develop, implement and maintain an incident response plan that specifies actions to be taken when DST or one of its subcontractors if in DST’s discretion it is applicable to such subcontractor, suspects or detects that a party has gained material confirmed unauthorized access to Client Data or systems or applications containing any Client Data (the “Response Plan”). Such Response Plan shall include the following: i. Escalation Procedures - An escalation procedure that includes notification to senior managers and appropriate reporting to regulatory and law enforcement agencies, as applicable. This procedure shall provide for reporting of incidents that compromise the confidentiality of Client Data (including backed up data) to Client via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as DST is prohibited by law, rule, regulation or other governmental authority from notifying Client. ii. Incident Reporting - DST will use commercially reasonable efforts to promptly furnish to Client information that DST has regarding the general circumstances and extent of such unauthorized access to the Client Data.