COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract. 5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts. 5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits. 5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part. 5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 19 contracts
Samples: Legal Services Framework Agreement, Provision of Services Agreement, Service Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.]
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 6 contracts
Samples: Service Agreement, Service Agreement, Lone Parent Fitness/Employability Provision Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.]
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.paragraph
Appears in 5 contracts
Samples: Employment Agreement, Employment Agreement, Employment Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor 2.5.1. Unless otherwise agreed by the parties, the Contractor shall obtain independent certification of the Security Plan ISMS to ISO27001 as soon as reasonably practicable ISO/IEC 27001 within 12 months of the Contract Date and will shall maintain such certification for the duration of the Contractcontract.
5.2 If 2.5.2. In the event that paragraph 2.5.1 above applies, if certain parts of the Security Policy ISMS do not conform to good industry practice practice, or controls as described in ISO27002 ISO/IEC 27002 are not consistent with the Security Policy, and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses partsit is not compliant with ISO/IEC 27001, the Contractor shall promptly notify the Authority Employer of this and the Authority Employer in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 2.5.3. The Contractor Employer shall be entitled to carry out such regular security audits as may be required by the British Standards Institute required, and in accordance with Good Industry Practice, in order to maintain delivery of ensure that the Services in ISMS maintains compliance with security aspects the principles and practices of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits27001.
5.4 If 2.5.4. If, on the basis of evidence provided by such audits, it is the AuthorityEmployer's reasonable opinion that compliance with the principles and practices of ISO ISO/IEC 27001 is not being achieved by the Contractor, then the Authority Employer shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO ISO/IEC 27001. If the Contractor does not become compliant within the required time then the Authority Employer has the right to obtain an independent audit against these standards in whole or in part.
5.5 2.5.5. If, as a result of any such independent audit as described in paragraph 5.4 2.5.4 the Contractor is found to be non-compliant with the principles and practices of ISO ISO/IEC 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority Employer in obtaining such audit.
Appears in 3 contracts
Samples: Nec Term Service Contract, Nec Term Service Contract, Nec Term Service Contract
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 3 contracts
Samples: Framework Agreement, Driver Training Agreement, Training Services Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.]
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.paragraph
Appears in 2 contracts
Samples: Employment Agreement, Services Agreements
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority Client of this and the Authority Client in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority Client any associated security audit reports and shall otherwise notify the Authority Client of the results of such security audits.
5.4 If it is the AuthorityClient's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority Client shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority Client has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority Client in obtaining such audit.
Appears in 2 contracts
Samples: Av Support Agreement, Contract for Services
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.]
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 2 contracts
Samples: Security Training and Licensing Provision, Training Services Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 2 contracts
Samples: Managed Service Provision Agreement, Training Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.paragraph
Appears in 1 contract
Samples: Support Service Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy ISMS do not conform to good industry practice Good Industry Practice, or controls as described in ISO27002 ISO/IEC 27002 are not consistent with the Security Policy, and, as a result, the Contractor CONTRACTOR reasonably believes that its certification to ISO 27001 would fail in regard to theses partsit is not compliant with ISO/IEC 27001, the Contractor CONTRACTOR shall promptly notify the Authority CUSTOMER of this and the Authority CUSTOMER in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 5.2 The Contractor CUSTOMER shall be entitled to carry out such regular security audits as may be required by the British Standards Institute required, and in accordance with Good Industry Practice, in order to maintain delivery of ensure that the Services in ISMS maintains compliance with security aspects the principles and practices of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits27001.
5.4 If 5.3 If, on the basis of evidence provided by such audits, it is the AuthorityCUSTOMER's reasonable opinion that compliance with the principles and practices of ISO ISO/IEC 27001 is not being achieved by the ContractorCONTRACTOR, then the Authority CUSTOMER shall notify the Contractor CONTRACTOR of the same and give the Contractor CONTRACTOR a reasonable time (having regard to the extent and criticality of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO ISO/IEC 27001. If the Contractor CONTRACTOR does not become compliant within the required time then the Authority CUSTOMER has the right to obtain an independent audit against these standards in whole or in part.
5.5 5.4 If, as a result of any such independent audit as described in paragraph 5.4 5.3 of this Schedule the Contractor CONTRACTOR is found to be non-compliant with the principles and practices of ISO ISO/IEC 27001 then the Contractor CONTRACTOR shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority CUSTOMER in obtaining such audit.
Appears in 1 contract
Samples: Contract for the Provision of Microsoft Operating System Updates
COMPLIANCE WITH ISO/IEC 27001. β
5.1 The contractor Provider shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor Provider reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor Provider shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor Provider shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the ContractorProvider, then the Authority shall notify the Contractor Provider of the same and give the Contractor Provider a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor Provider does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor Provider is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor Provider shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Call Off Terms and Conditions
COMPLIANCE WITH ISO/IEC 27001. 5.1 a) [The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 b) [If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.]
5.3 c) The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 d) If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-non- compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 e) If, as a result of any such independent audit as described in paragraph 5.4 d the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Software License Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.Not Used
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Framework Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 a) [The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 b) [If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.]
5.3 c) The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 d) If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 e) If, as a result of any such independent audit as described in paragraph 5.4 d the Contractor is found to be non-non- compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.paragraph
Appears in 1 contract
Samples: Employment Agreement
COMPLIANCE WITH ISO/IEC 27001. β
5.1 The contractor shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Contract for Training Services
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor Provider shall obtain independent certification of the Security Plan to ISO27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 and, as a result, the Contractor Provider reasonably believes that its certification to ISO 27001 would fail in regard to theses parts, the Contractor Provider shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to certification in respect of the relevant parts.
5.3 The Contractor Provider shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the ContractorProvider, then the Authority shall notify the Contractor Provider of the same and give the Contractor Provider a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor Provider does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 the Contractor Provider is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor Provider shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Call Off Terms and Conditions
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the ContractAgreement.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits.
5.4 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 5.4, the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 1 contract
Samples: Consultancy Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority Client of this and the Authority Client in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority Client any associated security audit reports and shall otherwise notify the Authority Client of the results of such security audits.
5.4 If it is the AuthorityClient's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority Client shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority Client has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 0 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority Client in obtaining such audit.
Appears in 1 contract
Samples: Av Support Agreement
COMPLIANCE WITH ISO/IEC 27001. 5.1 [The contractor Contractor shall obtain independent certification of the Security Plan to ISO27001 ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract.]
5.2 If certain parts of the Security Policy do not conform to good industry practice as described in ISO27002 ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to theses these parts, the Contractor shall promptly notify the Authority Client of this and the Authority Client in its absolute discretion may waive the requirement to for certification in respect of the relevant parts.
5.3 The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority Client any associated security audit reports and shall otherwise notify the Authority Client of the results of such security audits.
5.4 If it is the AuthorityClient's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority Client shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority Client has the right to obtain an independent audit against these standards in whole or in part.
5.5 If, as a result of any such independent audit as described in paragraph 5.4 0 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority Client in obtaining such audit.
Appears in 1 contract
Samples: Av Support Agreement
