Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Contract Services and all processes associated with the delivery of the Contract Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Contract Services comply with the provisions of this Contract (including this Annex 3, the principles set out in paragraph
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Services and all processes associated with the delivery of the Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Services comply with the provisions of this schedule (including the principles set out in paragraph 2.2);
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Commencement Date to those incorporated in the Supplier‟s ISMS at the date set out in the Implementation Plan for the Supplier to meet the full obligations of the security requirements set out in paragraph 2.5 of the Order Form.
3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002 principles, cross- referencing if necessary to other schedules of this Contract which cover specific areas included within that standard.
3.3.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this schedule.
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the CONTRACTOR in relation to all aspects of the Ordered IT Products and all processes associated with the delivery of the Ordered IT Products and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Ordered IT Products comply with the provisions of this Schedule (including the principles set out in paragraph 2.2 of this Schedule).
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the date of signature of this Contract to those incorporated in the CONTRACTOR’s ISMS at the date set out in the Implementation Plan for the CONTRACTOR to meet the full obligations of the security requirements at Schedule 2-2.
3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002, cross-referencing if necessary to other Schedules of this Contract which cover specific areas included within that standard.
3.3.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the CONTRACTOR and the CUSTOMER engaged in the Ordered IT Products and shall only reference documents which are in the possession of the CUSTOMER or whose location is otherwise specified in this Schedule.
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Contract Services and all processes associated with the delivery of the Contract Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Contract Services comply with the provisions of this Contract (including this Annex 3, the principles set out in paragraph 2.2 and any other elements of this Contract relevant to security or any data protection guidance produced by the Customer);
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Effective Date to those incorporated in the Supplier’s ISMS at the date set out in the Implementation Plan for the Supplier to meet the full obligations of the security requirements set out in this Contract and in the Letter of Appointment.
3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC 27001 and ISO/IEC 27002, cross-referencing if necessary to other provisions of this Contract which cover specific areas included within that standard.
3.3.4 Where the Security Management Plan references any document which is not in the possession of the Customer, a copy of the document will be made available to the Customer upon request. The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the Contract Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Schedule 1.
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Contractor in relation to all aspects of the Services and all processes associated with the delivery of the Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Services comply with the provisions of this Schedule (including the principles set out in Paragraph 2.2);
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Effective Date to those incorporated in the Contractor’s ISMS for the Contractor to meet the full obligations of the security requirements at Appendix 1 of this Schedule.
3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002, cross-referencing if necessary to other Schedules of this Agreement which cover specific areas included within that standard.
3.3.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Contractor and the Department engaged in the Services and shall only reference documents which are in the possession of the Department or whose location is otherwise specified in this Schedule.
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Services and all processes associated with the delivery of the Services (including the Customer’s Premises, the Supplier System and any IT) and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Services comply with the provisions of this Call Off Contract (including this Call Off Schedule, the principles set out in paragraph 2.2 and any other elements of this Call Off Contract relevant to security or any data protection guidance produced by the Customer).
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities for the Supplier to meet the full obligations of the security requirements set out in this Call Off Contract and Annex 1 to this Call Off Schedule.
3.3.3 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the provision of the Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Call Off Schedule.
Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Services and all processes associated with the delivery of the Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Services comply with the provisions of this Contract (including this Schedule, the principles set out in paragraph 2.2 and any other elements of this Contract relevant to security or any data protection guidance produced by the Customer).
3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities for the Supplier to meet the full obligations of the security requirements set out in this Contract.
3.3.3 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the provision of the Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Schedule.
Content of the Security Management Plan. 4.1.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Goods and Services and all processes associated with the delivery of the Goods and Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Goods and Services comply with the provisions of this Contract (including this Schedule, the principles set out in paragraph 2.2 and any other elements of this Contract relevant to security or any data protection guidance produced by the Customer).
4.1.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Commencement Date to those incorporated in the Supplier's ISMS at the date set out in the Implementation Plan for the Supplier to meet the full obligations of the security requirements set out in this Contract and paragraph 2.8 of the Order Form.
4.1.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002, cross-referencing if necessary to other Schedules of this Contract which cover specific areas included within that standard.
4.1.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Schedule.
Content of the Security Management Plan. 4.2.1 The Security Management Plan shall:
a) comply with the principles of security set out in Paragraph 3 and any other provisions of this Contract relevant to security;
b) identify the necessary delegated organisational roles for those responsible for ensuring it is complied with by the Supplier;
c) detail the process for managing any security risks from Subcontractors and third parties authorised by the Buyer with access to the Deliverables, processes associated with the provision of the Deliverables, the Buyer Premises, the Sites and any ICT, Information and data (including the Buyer’s Confidential Information and the Government Data) and any system that could directly or indirectly have an impact on that Information, data and/or the Deliverables;
d) be developed to protect all aspects of the Deliverables and all processes associated with the provision of the Deliverables, including the Buyer Premises, the Sites, and any ICT, Information and data (including the Buyer’s Confidential Information and the Government Data) to the extent used by the Buyer or the Supplier in connection with this Contract or in connection with any system that could directly or indirectly have an impact on that Information, data and/or the Deliverables;
e) set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Deliverables and all processes associated with the provision of the Goods and/or Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Deliverables comply with the provisions of this Contract;
f) set out the plans for transitioning all security arrangements and responsibilities for the Supplier to meet the full obligations of the security requirements set out in this Contract and, where necessary in accordance with paragraph 2.2 the Security Policy; and
g) be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Buyer engaged in the provision of the Deliverables and shall only reference documents which are in the possession of the Parties or whose location is otherwise specified in this Schedule.
Content of the Security Management Plan. 5.1 The Security Management Plan shall:
5.1.1 set out the security measures to be implemented and maintained by the Contractor in relation to all aspects of the Contractor Solution (including all processes associated with the delivery of the Services);
5.1.2 specify the security tests to be conducted by the Contractor in accordance with Part C of this Schedule 2.5 (Security Requirements) (which shall be sufficient to determine the extent to which the Contractor Solution and the security measures set out in the Contractor Security Documents are sufficient to enable the Contractor to comply with its obligations under this Schedule 2.5 (Security Requirements));
5.1.3 at all times comply with, and specify security measures and procedures which are sufficient to ensure that the Contractor Solution complies with, the provisions of this Schedule 2.5 (Security Requirements) (including the principles set out in Part A of this Schedule 2.5 (Security Requirements));
5.1.4 be structured in accordance with ISO/IEC 27001 and ISO/IEC 27002, cross- referencing if necessary to other Schedules of this Agreement which cover specific areas included within that standard;
5.1.5 be written in plain English in language which is readily comprehensible to the Contractor Personnel and any DCC personnel engaged in relation to the Services; and
5.1.6 only reference documents which have been provided to the DCC by the Contractor (or which are attached to the Security Management Plan).
