Common use of Incident Reporting Procedures Clause in Contracts

Incident Reporting Procedures. EDE Entity must implement Incident and Breach Handling procedures as required by the NEE SSP and that are consistent with CMS’s Incident and Breach Notification Procedures. Such policies and procedures must identify EDE Entity’s Designated Security and Privacy Official(s), if applicable, and/or identify other personnel authorized to access PII and responsible for reporting to CMS and managing Incidents or Breaches and provide details regarding the identification, response, recovery, and follow-up of Incidents and Breaches, which should include information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes. EDE Entity agrees to report any Breach of PII to the CMS IT Service Desk by telephone at (▇▇▇) ▇▇▇-▇▇▇▇ or ▇-▇▇▇-▇▇▇-▇▇▇▇ or via email notification at ▇▇▇_▇▇_▇▇▇▇▇▇▇_▇▇▇▇@▇▇▇.▇▇▇.▇▇▇ within 24 hours from knowledge of the Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident.

Incident Reporting Procedures. The EDE Entity entity must implement Incident and Breach Handling procedures as required by the NEE SSP and that are consistent with CMS’s Incident and Breach Notification Procedures. Such policies and procedures must identify the EDE Entity’s Designated Security and Privacy Official(s), if applicable, and/or identify other personnel authorized to access PII and responsible for reporting to CMS and managing Incidents or Breaches and Breaches; provide details regarding the identification, response, recovery, and follow-up of Incidents and Breaches, which should include information regarding the potential need for CMS to immediately suspend or revoke access to the Hub for containment purposes. EDE Entity agrees to report ; and require reporting of any security and privacy Incident or Breach of PII to the CMS IT Service Desk by telephone at (▇▇▇) ▇▇▇-▇▇▇▇ or ▇-▇▇▇-▇▇▇-▇▇▇▇ or via email notification at ▇▇▇_▇▇_▇▇▇▇▇▇▇_▇▇▇▇@▇▇▇.▇▇▇.▇▇▇ within 24 hours from knowledge one (1) hour after discovery of the Incident or Breach. Incidents must be reported to the CMS IT Service Desk by the same means as Breaches within 72 hours from knowledge of the Incident.