Laserfiche WebLink
Contractor's notification shall identify: <br />• The nature of the Incident(s); <br />• Any Data accessed, used or disclosed; <br />• The person(s) who accessed, used, disclosed and/or received Data (if known); <br />• What Contractor has done or will do to quarantine and mitigate the Incident(s); and <br />• What corrective action Contractor has taken or will take to prevent future Incident(s). <br />2) Contractor will provide daily updates, or more frequently if required by the County, <br />regarding findings and actions performed by Contractor until the Incident(s) has been <br />effectively resolved to the County's satisfaction. <br />3) Contractor shall quarantine the Incident(s), ensure secure access to Data, and repair the <br />system as needed. <br />4) If the Contractor causes or knowingly experiences a breach of the security of County's Data <br />containing personal information, as defined by Civil Code Section 1798.3, Contractor shall <br />immediately report any breach of security of such system to the Orange County Sheriff s <br />Department Emergency Management Division personnel assigned as lead program manager <br />following discovery or notification of the breach in the security of such Data. The County <br />shall determine whether notification to the individuals whose Data has been lost or breached <br />is appropriate. If personal information of any resident of California was, or is reasonably <br />believed to have been acquired by an unauthorized person as a result of a security breach of <br />such system and Data that is not due to the fault of the County or any person or entity under <br />the control of the County, Contractor shall bear any and all costs associated with the County's <br />notification obligations and other obligations set forth in Civil Code Section 1798.29 (d) as <br />well as the cost of credit monitoring, subject to the dollar limitation, if any, agreed to by the <br />County and Contractor in the applicable Statement of Work. These costs may include, but <br />are not limited to staff time, material costs, postage, media announcements, and other <br />identifiable costs associated with the breach of the security of such personal information. <br />5) Contractor shall conduct an investigation of the Incident(s) and shall share the report of <br />the investigation with the County. The County and/or its authorized agents shall have the <br />right to lead (if required by law) or participate in the investigation. Contractor shall <br />cooperate fully with the County, its agents and law enforcement. <br />6) After any significant Data loss or Data Breach or as a result of any disaster or <br />catastrophic failure, Contractor will at its expense have an independent, industry -recognized, <br />County -approved third party perform an information security audit. The audit results shall be <br />shared with the County within seven (7) days of Contractor's receipt of such results. Upon <br />Contractor receiving the results of the audit, Contractor will provide the County with written <br />evidence of planned remediation within thirty (30) days and promptly modify its security <br />measures in order to meet its obligations under this Contract. <br />Corrective Action <br />In the event any goods or service provided by the Contractor in the performance of the Contract <br />should fail to conform to the requirements in this Contract, it shall become the duty of the <br />Contractor to immediately advise the County of the failure and correct the performance of goods <br />or services, without expense to the County. If corrective action (including but not limited to <br />patches, bug fixes, updates) is taken by the Contractor to remedy Incident(s) in the provision of <br />Cowty of Orange MA-060-20010263 Pile No. CO21209 <br />Sheriff-Coroner/Purchasing Services Bureau Public Mass Notification System Page 17 of40 <br />