COMPLIANCE WITH ISO/IEC 27001. 5.1 The Provider shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits. 5.2 If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Provider, then the Authority shall notify the Provider of the same and give the Provider a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Provider does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part. 5.3 If, as a result of any such independent audit as described in paragraph 5.2 the Provider is found to be non-compliant with the principles and practices of ISO 27001 then the Provider shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit.
Appears in 8 contracts
Samples: Residential Training Agreement, Residential Training Agreement, Residential Training Agreement
