Common use of Content of the Security Management Plan Clause in Contracts

Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the CONTRACTOR in relation to all aspects of the Ordered IT Products and all processes associated with the delivery of the Ordered IT Products and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Ordered IT Products comply with the provisions of this Schedule (including the principles set out in paragraph 2.2 of this Schedule). 3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the date of signature of this Contract to those incorporated in the CONTRACTOR’s ISMS at the date set out in the Implementation Plan for the CONTRACTOR to meet the full obligations of the security requirements at Schedule 2-2. 3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002, cross-referencing if necessary to other Schedules of this Contract which cover specific areas included within that standard. 3.3.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the CONTRACTOR and the CUSTOMER engaged in the Ordered IT Products and shall only reference documents which are in the possession of the CUSTOMER or whose location is otherwise specified in this Schedule.

Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the CONTRACTOR Supplier in relation to all aspects of the Ordered IT Products Placement Services and all processes associated with the delivery of the Ordered IT Products Placement Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Ordered IT Products Placement Services comply with the provisions of this Schedule schedule (including the principles set out in paragraph 2.2 of this Schedule2.2).; 3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the date of signature of this Contract Commencement Date to those incorporated in the CONTRACTORSupplier’s ISMS at the date set out in which is agreed between the Implementation Plan Parties for the CONTRACTOR Supplier to meet the full obligations of the security requirements at Schedule 2-2Security Requirements. 3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 IEC 27001 and ISO/IEC27002IEC 27002 (or standards offering equivalent protection), cross-referencing if necessary to other Schedules schedules of this Contract which cover specific areas included within that standard. 3.3.4 The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the CONTRACTOR Supplier and the CUSTOMER Customer engaged in the Ordered IT Products Placement Services and shall only reference documents which are in the possession of the CUSTOMER Customer or whose location is otherwise specified in this Scheduleschedule.

Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the CONTRACTOR in relation to all aspects of the Ordered IT Products and all processes associated with the delivery of the Ordered IT Products and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Ordered IT Products comply with the provisions of this Schedule (including the principles set out in paragraph 2.2 of this Schedule). 3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the date of signature of this Contract to those incorporated in the CONTRACTOR’s ISMS at the date set out in the Implementation Plan for the CONTRACTOR to meet the full obligations of the security requirements at Schedule 2-2. 3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC27001 and ISO/IEC27002, cross-referencing if necessary to other Schedules of this Contract which cover specific areas included within that standard. 3.3.4 The Security Management Plan shall be written in plain English in a language which is readily comprehensible to the staff of the CONTRACTOR and the CUSTOMER engaged in the Ordered IT Products and shall only reference documents which are in the possession of the CUSTOMER or whose location is otherwise specified in this Schedule.