ADDITIONAL SECURITY POLICIES. The Vendor shall have a documented operating procedures to discharge the security requirements detailed within this Agreement and provide TSP with access to such documentation in accordance with “Access to Vendor systems” as stipulated in this agreement. The Vendor shall notify the TSP Security Contact immediately of any changes to its Access method through the firewalls, including the provision of network address translation. The Vendor shall implement a controlled exit procedure in respect of the individual Contract Personnel to ensure the return of any TSP assets or TSP Items or TSP Information in the possession of the individual when any of the Contract Personnel who have Access, leave the employment of the Vendor or are no longer engaged for the purpose of this Agreement. Such controlled exit procedure shall include a written communication by the Vendor Security Contact to TSP Security Contact of this removal. The Vendor shall inform the TSP Security Contact immediately upon its becoming aware of any actual or suspected unauthorised Access or misuse of TSP Systems or TSP Information or breach of any of the Vendor's obligations under this Agreement. The Vendor shall maintain integrity of the software build including upgrades, operating systems and application from factory to desk. The Vendor shall demonstrate that the software build (both proprietary and off-the-shelf) delivered to TSP is the same as the software build agreed with TSP. The software should not have such bugs which could hamper security in future including any unauthorized leakage of TSP Information including Sensitive Information. Self-help systems operated by TSP, shall only be remotely accessible by Authorised Contract Personnel. Any change of location by the Contract Personnel or Vendor for any part of the supply chain or the support centers shall be notified to TSP immediately. TSP may carry out current and future risk assessments and other audits with pro-active support from the Vendor on any part of the Vendor’s supply chain to identify additional risks to TSP . TSP may then stipulate additional countermeasures to address any risks. This in no means would reduce the Vendor ultimate obligations and responsibility relating to security No replacement of TSP System support tools must be undertaken by the Vendor without specific agreement from TSP. If TSP agrees to the Vendor’s appointment of Subcontractor under this Agreement , TSP may require that the associated security risks are clearly identified and assessed by TSP Group Security or the appropriate TSP line of business security team. This will ensure that any unacceptable security risks are identified and addressed. This in anyway shall not reduce the Vendor from being solely responsible to TSP for the ultimate obligations to be performed under this Agreement and responsibility relating to security. Where TSP has approved Vendor’s use of Subcontractors, formal contracts containing all necessary security requirements shall be put in place between the Vendor and its subcontractor before the Subcontractor or its personnel can access TSP Systems and TSP Information or occupy space in TSP’s buildings or space in the Vendor’s building that is used to access, hold or process TSP Information. TSP may update from time to time, security related policies, guidelines, standards and requirements. TSP will incorporate such updates by reference which shall be notified in writing by TSP to the Vendor promptly. The Vendor is deemed to accept all the updates. If the Vendor has an issue with such updates, the Vendor shall promptly detail its concerns to TSP in writing. If TSP cannot agree on resolution of the Vendor’s issues promptly, TSP reserves the right to revoke the Vendor’s Authorisation and terminate this Agreement. Vendor shall continue its service without any interruption in the event TSP does not agree to Vendor’s concern.
Appears in 3 contracts
Samples: Telecommunications, Security and Business Continuity Agreement, Security and Business Continuity Agreement
ADDITIONAL SECURITY POLICIES. 4.7.1 The Vendor shall have a documented operating procedures to discharge the security requirements detailed within this Agreement and provide TSP with access to such documentation in accordance with “Access to Vendor systems” as stipulated in this agreement. .
4.7.2 The Vendor shall notify the TSP Security Contact immediately of any changes to its Access method through the firewalls, including the provision of network address translation. .
4.7.3 The Vendor shall implement a controlled exit procedure in respect of the individual Contract Personnel to ensure the return of any TSP assets or TSP Items or TSP Information in the possession of the individual when any of the Contract Personnel who have Access, leave the employment of the Vendor or are no longer engaged for the purpose of this Agreement. Such controlled exit procedure shall include a written communication by the Vendor Security Contact to TSP Security Contact of this removal. .
4.7.4 The Vendor shall inform the TSP Security Contact immediately upon its becoming aware of any actual or suspected unauthorised Access or misuse of TSP Systems or TSP Information or breach of any of the Vendor's obligations under this Agreement. .
4.7.5 The Vendor shall maintain integrity of the software build including upgrades, operating systems and application from factory to desk. The Vendor shall demonstrate that the software build (both proprietary and off-the-shelf) delivered to TSP is the same as the software build agreed with TSP. The software should not have such bugs which could hamper security in future including any unauthorized leakage of TSP Information including Sensitive Information. .
4.7.6 Self-help systems operated by TSP, shall only be remotely accessible by Authorised Contract Personnel. .
4.7.7 Any change of location by the Contract Personnel or Vendor for any part of the supply chain or the support centers shall be notified to TSP immediately. .
4.7.8 TSP may carry out current and future risk assessments and other audits with pro-active support from the Vendor on any part of the Vendor’s supply chain to identify additional risks to TSP . TSP may then stipulate additional countermeasures to address any risks. This in no means would reduce the Vendor ultimate obligations and responsibility relating to security security
4.7.9 No replacement of TSP System support tools must be undertaken by the Vendor without specific agreement from TSP. .
4.7.10 If TSP agrees to the Vendor’s appointment of Subcontractor under this Agreement , TSP may require that the associated security risks are clearly identified and assessed by TSP Group Security or the appropriate TSP line of business security team. This will ensure that any unacceptable security risks are identified and addressed. This in anyway shall not reduce the Vendor from being solely responsible to TSP for the ultimate obligations to be performed under this Agreement and responsibility relating to security. .
4.7.11 Where TSP has approved Vendor’s use of Subcontractors, formal contracts containing all necessary security requirements shall be put in place between the Vendor and its subcontractor before the Subcontractor or its personnel can access TSP Systems and TSP Information or occupy space in TSP’s buildings or space in the Vendor’s building that is used to access, hold or process TSP Information. .
4.7.12 TSP may update from time to time, security related policies, guidelines, standards and requirements. TSP will incorporate such updates by reference which shall be notified in writing by TSP to the Vendor promptly. The Vendor is deemed to accept all the updates. If the Vendor has an issue with such updates, the Vendor shall promptly detail its concerns to TSP in writing. If TSP cannot agree on resolution of the Vendor’s issues promptly, TSP reserves the right to revoke the Vendor’s Authorisation and terminate this Agreement. Vendor shall continue its service without any interruption in the event TSP does not agree to Vendor’s concern.
4.7.13 The Vendor shall record and maintain detailed information of all Contract Personnel who are authorised to Access TSP Systems or TSP Information.
4.7.14 The Vendor shall ensure that all computers or laptops used to access TSP Systems and TSP Information have their ports locked down such that removal storage media (memory sticks, removable hard drives, compact flash and secure digital cards, floppy disks, CDs, DVDs, MP3 players and other similar devices) cannot be connected.
Appears in 1 contract
ADDITIONAL SECURITY POLICIES. 4.7.1 The Vendor shall have a documented operating procedures to discharge the security requirements detailed within this Agreement and provide TSP with access to such documentation in accordance with “Access to Vendor systems” as stipulated in this agreement. .
4.7.2 The Vendor shall notify the TSP Security Contact immediately of any changes to its Access method through the firewalls, including the provision of network address translation. .
4.7.3 The Vendor shall implement a controlled exit procedure in respect of the individual Contract Personnel to ensure the return of any TSP assets or TSP Items or TSP Information in the possession of the individual when any of the Contract Personnel who have Access, leave the employment of the Vendor or are no longer engaged for the purpose of this Agreement. Such controlled exit procedure shall include a written communication by the Vendor Security Contact to TSP Security Contact of this removal. the
4.7.4 The Vendor shall inform the TSP Security Contact immediately upon its becoming aware of any actual or suspected unauthorised Access or misuse of TSP Systems or TSP Information or breach of any of the Vendor's obligations under this Agreement. .
4.7.5 The Vendor shall maintain integrity of the software build including upgrades, operating systems and application from factory to desk. The Vendor shall demonstrate that the software build (both proprietary and off-the-shelf) delivered to TSP is the same as the software build agreed with TSP. The software should not have such bugs which could hamper security in future including any unauthorized leakage of TSP Information including Sensitive Information. .
4.7.6 Self-help systems operated by TSP, shall only be remotely accessible by Authorised Contract Personnel. .
4.7.7 Any change of location by the Contract Personnel or Vendor for any part of the supply chain or the support centers shall be notified to TSP immediately. .
4.7.8 TSP may carry out current and future risk assessments and other audits with pro-active support from the Vendor on any part of the Vendor’s supply chain to identify additional risks to TSP . TSP may then stipulate additional countermeasures to address any risks. This in no means would reduce the Vendor ultimate obligations and responsibility relating to security security
4.7.9 No replacement of TSP System support tools must be undertaken by the Vendor without specific agreement from TSP. .
4.7.10 If TSP agrees to the Vendor’s appointment of Subcontractor under this Agreement , TSP may require that the associated security risks are clearly identified and assessed by TSP Group Security or the appropriate TSP line of business security team. This will ensure that any unacceptable security risks are identified and addressed. This in anyway shall not reduce the Vendor from being solely responsible to TSP for the ultimate obligations to be performed under this Agreement and responsibility relating to security. .
4.7.11 Where TSP has approved Vendor’s use of Subcontractors, formal contracts containing all necessary security requirements shall be put in place between the Vendor and its subcontractor before the Subcontractor or its personnel can access TSP Systems and TSP Information or occupy space in TSP’s buildings or space in the Vendor’s building that is used to access, hold or process TSP Information. .
4.7.12 TSP may update from time to time, security related policies, guidelines, standards and requirements. TSP will incorporate such updates by reference which shall be notified in writing by TSP to the Vendor promptly. The Vendor is deemed to accept all the updates. If the Vendor has an issue with such updates, the Vendor shall promptly detail its concerns to TSP in writing. If TSP cannot agree on resolution of the Vendor’s issues promptly, TSP reserves the right to revoke the Vendor’s Authorisation and terminate this Agreement. Vendor shall continue its service without any interruption in the event TSP does not agree to Vendor’s concern.
4.7.13 The Vendor shall record and maintain detailed information of all Contract Personnel who are authorised to Access TSP Systems or TSP Information.
4.7.14 The Vendor shall ensure that all computers or laptops used to access TSP Systems and TSP Information have their ports locked down such that removal storage media (memory sticks, removable hard drives, compact flash and secure digital cards, floppy disks, CDs, DVDs, MP3 players and other similar devices) cannot be connected.
Appears in 1 contract
