Common use of Content of the Security Management Plan Clause in Contracts

Content of the Security Management Plan. 3.3.1 The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Contract Services and all processes associated with the delivery of the Contract Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Contract Services comply with the provisions of this Contract (including this Annex 3, the principles set out in paragraph 2.2 and any other elements of this Contract relevant to security or any data protection guidance produced by the Customer); 3.3.2 The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Effective Date to those incorporated in the Supplier’s ISMS at the date set out in the Implementation Plan for the Supplier to meet the full obligations of the security requirements set out in this Contract and in the Letter of Appointment. 3.3.3 The Security Management Plan will be structured in accordance with ISO/IEC 27001 and ISO/IEC 27002, cross-referencing if necessary to other provisions of this Contract which cover specific areas included within that standard. 3.3.4 Where the Security Management Plan references any document which is not in the possession of the Customer, a copy of the document will be made available to the Customer upon request. The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the Contract Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Schedule 1.

Content of the Security Management Plan. 3.3.1 2.1.1. The Security Management Plan will set out the security measures to be implemented and maintained by the Supplier in relation to all aspects of the Contract Services and all processes associated with the delivery of the Contract Services and shall at all times comply with and specify security measures and procedures which are sufficient to ensure that the Contract Services comply with the provisions of this Contract (including this Annex 3Schedule, the principles set out in paragraph 2.2 5.2 and any other elements of this Contract relevant to security or any data protection guidance produced by the Customer); 3.3.2 2.1.2. The Security Management Plan (including the draft version) should also set out the plans for transiting all security arrangements and responsibilities from those in place at the Effective Commencement Date to those incorporated in the Supplier’s Supplier‟s ISMS at the date set out in the Implementation Plan for the Supplier to meet the full obligations of the security requirements set out in this Contract and in the Letter of Appointment. 3.3.3 2.1.3. The Security Management Plan will be structured in accordance with ISO/IEC 27001 IEC27001 and ISO/IEC 27002IEC27002, cross-referencing if necessary to other provisions Schedules of this Contract which cover specific areas included within that standard. 3.3.4 Where the Security Management Plan references any document which is not in the possession of the Customer, a copy of the document will be made available to the Customer upon request2.1.4. The Security Management Plan shall be written in plain English in language which is readily comprehensible to the staff of the Supplier and the Customer engaged in the Contract Services and shall only reference documents which are in the possession of the Customer or whose location is otherwise specified in this Schedule 1Schedule.