Common use of Amendment and Revision of the ISMS and Security Management Plan Clause in Contracts

Amendment and Revision of the ISMS and Security Management Plan. 3.4.1 The ISMS and Security Management Plan will be fully reviewed and updated by the CONTRACTOR annually, or from time to time to reflect: 3.4.1.1 emerging changes in Good Industry Practice; 3.4.1.2 any change or proposed change to the CONTRACTOR System, the Ordered IT Products and/or associated processes; 3.4.1.3 any new perceived or changed security threats; and/or 3.4.1.4 any reasonable request by the CUSTOMER. 3.4.2 The CONTRACTOR will provide the CUSTOMER with the results of such reviews as soon as reasonably practicable after their completion and amend the ISMS and Security Management Plan at no additional cost to the CUSTOMER. The results of the review should include: 3.4.2.1 suggested improvements to the effectiveness of the ISMS; 3.4.2.2 updates to the risk assessments; 3.4.2.3 proposed modifications to the procedures and controls that effect information security to respond to events that may impact on the ISMS; and/or 3.4.2.4 suggested improvements in measuring the effectiveness of controls. 3.4.3 On receipt of the results of such reviews, the CUSTOMER will approve any amendments or revisions to the ISMS or Security Management Plan in accordance with the process set out at paragraph 3.2.2 of this Schedule. 3.4.4 Any change or amendment which the CONTRACTOR proposes to make to the ISMS or Security Management Plan (as a result of a CUSTOMER request or change to the Schedule 2-2 or otherwise) shall be subject to the Contract Change Procedure and shall not be implemented until approved in writing by the CUSTOMER.

Amendment and Revision of the ISMS and Security Management Plan. 3.4.1 The ISMS and Security Management Plan will be fully reviewed and updated by the CONTRACTOR Supplier annually, or from time to time to reflect: 3.4.1.1 emerging changes in Good Industry Practice; 3.4.1.2 any change or proposed change to the CONTRACTOR Supplier System, the Ordered IT Products Placement Services and/or associated processes; 3.4.1.3 any new perceived or changed security threats; and/or; 3.4.1.4 any reasonable request by the CUSTOMERCustomer. 3.4.2 The CONTRACTOR Supplier will provide the CUSTOMER Customer with the results of such reviews as soon as reasonably practicable after their completion and amend the ISMS and Security Management Plan at no additional cost to the CUSTOMERCustomer. The results of the review should include, without limitation: 3.4.2.1 suggested improvements to the effectiveness of the ISMS; 3.4.2.2 updates to the risk assessments; 3.4.2.3 proposed modifications to the procedures and controls that effect information security to respond to events that may impact on the ISMS; and/orand 3.4.2.4 suggested improvements in measuring the effectiveness of controls. 3.4.3 On receipt of the results of such reviews, the CUSTOMER Customer will approve any amendments or revisions to the ISMS or Security Management Plan in accordance with the process set out at paragraph 3.2.2 of this Schedule3.2.2. 3.4.4 Any change or amendment which the CONTRACTOR Supplier proposes to make to the ISMS or Security Management Plan (as a result of a CUSTOMER Customer request or change to the Schedule 2-2 Security Requirements or otherwise) shall be subject to the Contract Change Procedure and shall not be implemented until approved in writing by the CUSTOMER.the