Security Incident Notification Requirements

MBO Partners requires all vendors and service providers that process, store, or transmit MBO Partners data to promptly notify MBO Partners upon discovery of any actual or reasonably suspected security incident, data breach, or unauthorized access to MBO Partners data or systems.

Notification must be made without undue delay in any event within 48 hours of discovery of the event.

Initial notice should be directed to your contact at MBO Partners.

All notifications must include, to the extent known at the time of reporting:

1. (i)    a description of the nature of the incident, including the date of the event was discovered, and the type of unauthorized access or disclosure involved;
2. (ii)   identification of the data, systems, or records affected or reasonably believed to have been affected;
3. (iii)  a summary of remediation measures taken or underway to contain the incident and prevent further unauthorized access or disclosure; and
4. (iv)  the name and contact information of the vendor's designated point of contact for ongoing coordination.

Vendors are expected to promptly implement a remediation plan to address such incident, and cooperate with MBO to prevent the recurrence of any similar incident.

Vendors are expected to supplement initial notifications with additional information as it becomes available and to cooperate fully with MBO Partners in any investigation or regulatory response arising from the incident.