Security Breach Procedures. 4.1 Supplier shall notify Buyer as soon as practicable, and in any event within 24 hours, after Supplier becomes aware of any Security Incident or Security Breach. 4.2 Supplier shall, at its sole cost and expense, use best efforts to immediately remedy any Security Incident or Security Breach and prevent any further Security Incident or Security Breach. 4.3 Supplier shall, at its sole cost and expense: (a) promptly preserve all relevant records, logs, files, data reporting, and other materials relevant to any Security Incident or Security Breach, and shall provide the same to Buyer upon request; and (b) diligently investigate any Security Incident or Security Breach and shall fully cooperate with Buyer in its own investigation of and response to any such Security Incident or Security Breach. 4.4 If a Security Incident or Security Breach arises, in whole or in part, from an act or omission of Supplier, Supplier shall reimburse Buyer for all reasonable costs incurred by Buyer in responding to, and mitigating damages caused by, any such Security Incident or Security Breach, including, without limitation, all costs of notice and credit monitoring and identity theft protection services. 4.5 Unless otherwise required by law, Supplier agrees that it shall not inform any third party of any Security Incident or Security Breach without first obtaining Buyer’s prior written consent, other than to inform a complainant that the matter has been forwarded to ▇▇▇▇▇’s legal counsel. Further, Supplier agrees not to include ▇▇▇▇▇’s name, logo, or any other identifiable information about Buyer or its affiliates in any notice or public statement concerning any Security Incident or Security Breach without Buyer’s prior written approval.
Appears in 9 contracts
Sources: Master Purchasing Agreement, General Terms and Conditions, Master Purchasing Agreement