Common use of Buyer Data Clause in Contracts

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: the government security policy framework and information assurance policy; guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection ActLegislation. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection ActLegislation. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: the government security policy framework and information assurance policy; guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data that the Supplier has held, used, or accessed has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection ActLegislation. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: • the government security policy framework and information assurance policy; • guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and • the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: the government security policy framework and information assurance policy; guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Legislation. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection ActLegislation. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 14.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 14.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 14.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 14.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 14.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed described by the Buyer. 15.6 14.6 The Supplier will ensure that any system on which the Supplier holds any Buyer Data which is protectively marked Buyer Data will be accredited as specific to specified by the Buyer and will comply with: : 14.6.1 the government security policy framework and information assurance policy; 14.6.2 guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and 14.6.3 the relevant government information assurance standard(s). 15.7 14.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the this accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit resubmit such system for accreditation. 15.8 14.8 If at any time the Supplier suspects suspects, or has reason to believe, that the Buyer Data has or may become corrupted, lost, breached or significantly sufficiently degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 14.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is obligation, not qualified by any other provision of this Call-Off Contract. 15.10 14.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Digital Outcomes and Specialists 2 Framework Agreement Call-off Contract 31 Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. Digital Outcomes and Specialists 2 Framework Agreement Call-off Contract 29 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this the Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then occurred, the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide provide, at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this the Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Call­Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit re­submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Call­Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: the government security policy framework and information assurance policy; guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract)Act. The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.

Buyer Data. 15.1 The Supplier will not remove any proprietary notices relating to the Buyer Data. 15.2 The Supplier will not store or use Buyer Data except where necessary to fulfill fulfil its obligations. 15.3 If Buyer Data is processed by the Supplier, the Supplier will supply the data to the Buyer as requested and in the format specified by the Buyer. 15.4 The Supplier will preserve the integrity of Buyer Data processed by the Supplier and prevent its corruption and loss. 15.5 The Supplier will ensure that any system which holds any Buyer Data complies with the security requirements prescribed by the Buyer. 15.6 The Supplier will ensure that any system on which the Supplier holds any protectively marked Buyer Data will be accredited as specific to the Buyer and will comply with: ● the government security policy framework and information assurance policy; ● guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems; and ● the relevant government information assurance standard(s). 15.7 Where the duration of this Call-Off Contract exceeds one year, the Supplier will review the accreditation status at least once a year to assess whether material changes have occurred which could alter the original accreditation decision in relation to Buyer Data. If any changes have occurred then the Supplier will re-re- submit such system for accreditation. 15.8 If at any time the Supplier suspects that the Buyer Data has or may become corrupted, lost, breached or significantly degraded in any way for any reason, then the Supplier will notify the Buyer immediately and will (at its own cost where such corruption, loss, breach or degradation of the Buyer Data was caused by the action or omission of the Supplier or its representatives) comply with any remedial action proposed by the Buyer. 15.9 The Supplier will provide at the request of CCS or the Buyer, any information relating to the Supplier’s compliance with its obligations under the Data Protection Act (to the extent arising under and/or in connection with the Framework Agreement and this Call-Off Contract). The Supplier will also ensure that it does not knowingly or negligently fail to do something that places CCS or any Buyer in breach of its obligations of the Data Protection Act. This is an absolute obligation and is not qualified by any other provision of this Call-Off Contract. 15.10 The Supplier agrees to use the appropriate organisational, operational and technological processes and procedures to keep the Buyer Data safe from unauthorised use or access, loss, destruction, theft or disclosure. 15.11 The provisions of this Clause 15 shall apply during the term of this Call-Off Contract and for such time as the Supplier holds the Buyer’s Data.