Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may terminate the Grant Agreement if Cyber Essentials Certification is not maintained on an annual basis. The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g...
Cyber Essentials. This clause provides a way to include the Government Cyber Essentials scheme into construction projects. This scheme provides for a number of controls which organisations should implement to reduce the risk of common internet based threats. The clause lists obligations on the Contractor to provide proof of the required certification at certain stages of the project, and to apply the same obligations to its sub-Contractors.
Cyber Essentials. It is mandatory for Suppliers by the date of the Framework Agreement or at a later date when Cyber Essentials Data are received by the Supplier to demonstrate that they meet the technical requirements prescribed by Cyber Essentials. This is in order to further reduce the levels of cyber security risks in their supply chains. The Cyber Essentials Scheme and the related Assurance Framework both indicate that there are two levels of protection in dealing with cyber security risks. These include a more basic level of assurance which is known as Cyber Essentials and a more advanced level of assurance known as "Cyber Essentials Plus". With regard to the Services, Suppliers must demonstrate that they have achieved the level of assurance known as Cyber Essentials. Suppliers shall demonstrate this in one of the ways listed below:
Cyber Essentials. 4.1 The Provider has and will maintain certification under the HM Government Cyber Essentials Scheme (basic level) until such time as the Provider obtains certification under paragraph 4.2 of this Schedule 2.
4.2 The Provider shall, as soon as is reasonably practicable after the Commencement Date, obtain certification under the HM Government Cyber Essentials Scheme to the level of Cyber Essentials Plus and maintain such certification for the Term.
Cyber Essentials certificate
Cyber Essentials. To support this we also have in place a layered technical defence involving firewalls, access control, end point protection and a two factor authentication system for internal access to the platform.
Cyber Essentials. The Client and the Contractor shall comply with the provisions of schedule [Guidance: insert schedule ref here] SCHEDULE[Guidance: insert schedule ref here] GDPR The following definitions shall apply to this Schedule [Guidance: insert schedule ref here]
Cyber Essentials. Insert new clause Z101 as follows: The Client and the Consultant shall comply with the provisions of Schedule 3 of this Contract.
Cyber Essentials a) The Grant Recipient acknowledges that the Authority is required to reduce the levels of cyber security risk in its supply chain and the Authority seeks the Grant Recipient’s compliance where appropriate with Cyber Essentials/Cyber Essentials Plus/Information Security System model or alternative accreditation such as ISO 27001 (for which links, as at the date of this Agreement are provided in Schedule 2).
b) If requested to do so by the Authority at any time, the Grant Recipient shall within 15 Working Days develop (and obtain the Authority’s written approval of) a security management plan and an information security management system. After the Authority has approved the security management plan and information security management system, they will apply during the Term. Both plans will comply with the Authority’s Information Security Policy, as provided in Schedule 2, and protect all aspects and processes associated with the delivery of the Funded Activities.
c) The Grant Recipient shall use software and the most up-to-date antivirus definitions available from an industry-accepted antivirus software seller to minimise the impact of Malicious Software.
d) If Malicious Software causes loss of operational efficiency or loss or corruption of data, the Grant Recipient will mitigate, and where requested assist the Authority to mitigate, any Losses and restore the Funded Activities to full operating efficiency as soon as possible.
e) Responsibility for costs will be at the:
i) Grant Recipient’s expense if the Malicious Software originates from the Grant Recipient’s software or any data while the data was under the control of the Grant Recipient; or
ii) Authority’s expense if the Malicious Software originates from the Authority’s software or any data while the data was under the control of the Authority.
Cyber Essentials. The Client and the Consultant shall comply with the provisions of schedule [Guidance: insert schedule ref here] "
