Laserfiche WebLink
(2) Security Breach and Notice. Lincoln will promptly notify Employer after Lincoln <br />has confirmed an incident involving the unauthorized access to or acquisition of <br />any Employer Confidential Information ("Security Breach"). Lincoln shall: (i) <br />commence all reasonable efforts to investigate the Security Breach, mitigate and <br />correct its causes, and remediate its results; and (ii) provide to Employer written <br />notice thereof. Thereafter, Lincoln shall, and shall cause any third parties acting <br />on Lincoln's behalf, that are in possession or control of any affected Confidential <br />Information, to use commercially reasonable efforts to prevent a recurrence of <br />any Security Breach and cooperate with any similar efforts Employer or its <br />affiliates may undertake. Lincoln will reasonably consult with Employer, in order <br />to provide advance notice and review regarding any communication or notice <br />Lincoln determines necessary with any third party, including but not limited to the <br />media, consumers and affected individuals regarding any Security Breach without <br />the express written consent of Employer, provided such consultation not be <br />unreasonably withheld. Lincoln's notification of or response to the Security Breach <br />under this Section will not be construed as an acknowledgement by Lincoln of any <br />fault or liability with respect to the Security Breach. Lincoln will provide a credit <br />monitoring service to any impacted consumers as required by applicable federal <br />and state privacy laws. <br />(3) Audit Review. Employer, or an independent third party selected by Employer, <br />may perform security assessments, via questionnaire, of Lincoln's compliance <br />with the terms in this section regarding securing Employer Confidential <br />Information up to once per year; provided, however, that the security <br />assessments will not apply to any Lincoln affiliates, subsidiaries, and parents or <br />discrete business units of Lincoln that do not receive Employer Confidential <br />Information. Employer may not apportion its security assessments with respect <br />to different subject matters into separate security assessments; however, if <br />Employer has shown good cause for concern regarding the sufficiency of <br />Lincoln's information security program, Employer shall have the right to an <br />additional security assessment to address such concern. If Employer selects a <br />third party to conduct the security assessment, the third party must be agreed to <br />by Employer and Lincoln and must execute a written confidentiality agreement <br />acceptable to Lincoln before conducting such security assessment. <br />The security assessment must be conducted during regular business hours, <br />subject to Lincoln policies, and may not unreasonably interfere with Lincoln <br />activities. Lincoln will reasonably cooperate with Employer on any assessment <br />that Employer conducts in accordance with the provisions of this section. Lincoln <br />is not and will not be obligated to provide to Employer or any independent third <br />party any access or information that Lincoln determines, in its sole discretion, to <br />present undue risk to the confidentiality, integrity, or availability of Lincoln's data, <br />information systems, facilities, or other resources belonging to Lincoln or which <br />Lincoln is otherwise obligated to protect. <br />Employer will provide Lincoln any security assessment reports generated in <br />connection with any security assessment under this section, unless prohibited <br />by law. Employer may use the security assessments only for the purposes of <br />meeting its regulatory audit requirements or confirming compliance with the <br />requirements of this section. The information security assessments are <br />Indian River County BOCC 457(b) INDR-001 <br />1423269 Page 6 of 20 <br />