Loss, Potential Loss, Incident Reporting, and Breach Notification Sample Clauses

Loss, Potential Loss, Incident Reporting, and Breach Notification. CMS and VHA will comply with OMB reporting guidelines in the event of a loss, potential loss, Security Incident, or Breach of PII (see OMB M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (Jan. 3, 2017); and OMB M-18-02, Fiscal Year 2017-2018 Guidance on Federal Information Security and Privacy Management Requirements Guidance on Improving Federal Information Security and Privacy Management Practices" (Oct. 16, 2017)). The Party experiencing the incident will notify the other agency's System Security Contact named in this Agreement within one (l) hour of discovering the loss, potential loss, Security Incident, or Breach. If the Party experiencing the loss, potential loss, Security Incident, or Breach is unable to speak with the other Party's System Security Contact within one (l) hour or if for some reason contacting the System Security Contact is not practicable (e.g., outside of normal business hours), then the following contact information will be used: 1. VA Network and Security Operations Center (NSOC) ▇-▇▇▇-▇▇▇▇▇▇▇; VHA IT Service Desk: ▇▇▇-▇▇▇-▇▇▇▇; or 2. E-mail: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇.▇▇▇ 3. CMS IT Service Desk: ▇-▇▇▇-▇▇▇-▇▇▇▇; or
View Source
Loss, Potential Loss, Incident Reporting, and Breach Notification. CMS and SSA will comply with OMB reporting guidelines in the event of a loss, potential loss, Security Incident, or Breach of PII, or by an Authorized User (see OMB M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments (July 12, 2006); OMB M-07- 16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007); and OMB M-15-01, Fiscal Year 2014-2015 Guidance on Improving Federal Information Security and Privacy Management Practices (Oct. 3, 2014)). SSA and CMS will restrict access to the matched data and to any data created by the match; such restrictions shall include role-based access that limits access to those individuals who need it to perform their official duties in connection with the uses of data authorized in this Agreement (“Authorized Users”). The party experiencing the incident will notify the other party’s System Security Contact named in this Agreement within one (1) hour of discovering the loss, potential loss, Security Incident, or Breach. If the party experiencing the loss, potential loss, Security Incident, or Breach is unable to speak with the other party’s System Security Contact within one (1) hour, or if for some reason contacting the System Security Contact is not practicable (e.g., outside of normal business hours), then the following contact information will be used: • CMS will call SSA’s National Network Service Center toll free at 1-877-697- 4889. • SSA will contact the CMS IT Service Desk at ▇-▇▇▇-▇▇▇-▇▇▇▇ or via email at ▇▇▇_▇▇_▇▇▇▇▇▇▇_▇▇▇▇@▇▇▇.▇▇▇.▇▇▇. The party that experienced the loss, potential loss, Security Incident, or Breach will be responsible for following its established procedures, including notifying the proper organizations (e.g., United States Computer Emergency Readiness Team (US-CERT)), conducting a breach and risk analysis, and making a determination of the need for notice and/or remediation to individuals affected by the loss. Parties under this Agreement will follow PII breach notification policies and related procedures as required by OMB guidelines and the US-CERT Federal Incident Notification Guidelines. If the party experiencing the breach determines that the risk of harm requires notification to the affected individuals or other remedies, that party will carry out these remedies without cost to the other party.
View Source

Related to Loss, Potential Loss, Incident Reporting, and Breach Notification

  • Data Breach Notification Seller will promptly notify Buyer of any actual or potential exposure or misappropriation of Buyer data ("breach") that comes to Seller's attention. Seller will cooperate with ▇▇▇▇▇ and in investigating any such breach, at ▇▇▇▇▇▇'s expense. Seller will likewise cooperate with Buyer and, as applicable, with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Seller's expense, except to the extent that the breach was caused by ▇▇▇▇▇. The remedies and obligations set forth in this subsection are in addition to any others Buyer may have, including, but not limited to, any requirements in the “Privacy, Confidentiality, and Security” provisions of this Agreement.

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • Adverse Event Reporting Both Parties acknowledge the obligation to comply with the Protocol and / or applicable regulations governing the collection and reporting of adverse events of which they may become aware during the course of the Clinical Trial. Both Parties agree to fulfil and ensure that their Agents fulfil regulatory requirements with respect to the reporting of adverse events.

  • Drug-Free Workplace Certification As required by Executive Order No. 90-5 dated April 12, 1990, issued by the Governor of Indiana, the Company hereby covenants and agrees to make a good faith effort to provide and maintain a drug-free workplace at the Project Location. The Company will give written notice to the IEDC within ten (10) days after receiving actual notice that the Company, or an employee of the Company in the State of Indiana, has been convicted of a criminal drug violation occurring in the workplace. False certification or violation of this certification may result in sanctions including, but not limited to, suspension of payments under the Agreement, termination of the Agreement and/or debarment of contracting opportunities with the State for up to three (3) years. In addition to the provisions of the above paragraph, if the total amount set forth in the Agreement is in excess of $25,000.00, the Company agrees that it will provide a drug-free workplace by: A. Publishing and providing to all of its employees a statement notifying them that the unlawful manufacture, distribution, dispensing, possession or use of a controlled substance is prohibited in the Company’s workplace, and specifying the actions that will be taken against employees for violations of such prohibition;