Cyber Essentials Scheme Sample Clauses

Cyber Essentials Scheme. The Contractor will employ effective administration and record control processes in order to underpin service delivery whilst also ensuring data is protected in compliance with the requirements of the Data Protection Laws.

Cyber Essentials Scheme. 4.1 The Contractor shall, and shall procure that any Sub-contractor (as applicable) shall, obtain and maintain certification to Cyber Essentials (the “Cyber Essentials Certificate”) in relation to the Services during the Term. The Cyber Essentials Certificate shall be provided by the Contractor to the Authority annually on the dates as agreed by the Parties. 4.2 The Contractor shall notify the Authority of any failure to obtain, or the revocation of, a Cyber Essentials Certificate within 2 Working Days of confirmation of such failure or revocation. The Contractor shall, at its own expense, undertake those actions required in order to obtain a Cyber Essentials Certificate following such failure or revocation. For the avoidance of doubt, any failure to obtain and/or maintain a Cyber Essentials Certificate during the Term after the first date on which the Contractor was required to provide a Cyber Essentials Certificate in accordance with paragraph 4.1 (regardless of whether such failure is capable of remedy) shall constitute a Serious Breach.

Cyber Essentials Scheme. 15.1 The Provider shall provide the Administering Authority with a valid Cyber Essentials Scheme Basic Certificate, as a condition for the award of a contract(s) under this DPS Agreement. 15.2 Where the Provider continues to process Cyber Essentials Scheme Data during the Term or the contract period of any Contract the Provider shall deliver to the Administering Authority evidence of renewal of a valid Cyber Essentials Scheme Basic Certificate on each anniversary of the first applicable certificate obtained by the Provider under Clause 15.1 (Cyber Essential Scheme). 15.3 In the event that the Provider fails to comply with Clauses 15.1 or 15.2 (Cyber Essential Scheme), the Administering Authority reserves the right to terminate this DPS Agreement for material Default.

Cyber Essentials Scheme devices you use in processing the personal data transferred, and how you keep those updated):☐ We regularly backup our data Regular backups of your most important data will ensure it can be quickly restored in the event of disaster or ransomware infection.Supplementary details of how data is backed up (add any relevant details):

Cyber Essentials Scheme. Where CCS has notified the Supplier that prior to the execution of the first Call Off Agreement the Supplier shall provide a valid Cyber Essentials Scheme Basic Certificate, then on or prior to the execution of the first Call Off Agreement, as a condition for the award of this Framework Agreement, the Supplier must have delivered to the Authority evidence of the same. Where the Supplier is due to process Cyber Essentials Scheme Data after the commencement date of the first Call Off Agreement but before the end of the Framework Period or contact period of the last Call Off Agreement, the Supplier shall deliver to the Authority evidence of: a valid Cyber Essentials Scheme Basic Certificate (before the Supplier Processes any such Cyber Essentials Scheme Data); and

Cyber Essentials Scheme. Information Security Management System 26.1. The Contractor acknowledges that the Authority is required to reduce the levels of cyber security risk in its supply chain and the Authority seeks the Contractor’s compliance where appropriate to Cyber Essentials Security/Information Security System model or alternative accreditation such as ISO 27001, (please see the relevant links at Schedule 3). 26.2. If requested to do so by the Authority at any time, the Contractor will, within 15 Working Days, develop (and obtain the Authority’s written Approval of) an appropriate Security Management Plan and an Information Security Management System. After Authority Approval the Security Management Plan and Information Security Management System will apply during the Term of this Agreement. Both plans will comply with the Authority’s security policy and protect all aspects and processes associated with the delivery of the Services. 26.3. The Contractor will use software and the most up-to-date antivirus definitions available from an industry-accepted antivirus software seller to minimise the impact of Malicious Software. 26.4. If Malicious Software causes loss of operational efficiency or loss or corruption of Service Data, the Contractor will help the Authority to mitigate any losses and restore the Services to operating efficiency as soon as possible. 26.5. Responsibility for costs will be at the: (a) Contractor’s expense if the Malicious Software originates from the Contractor software or the Service Data while the Service Data was under the control of the Contractor, unless the Contractor can demonstrate that it was already present, not quarantined or identified by the Authority when provided; or (b) Authority’s expense if the Malicious Software originates from the Authority software or the Service Data, while the Service Data was under the Authority’s control

Cyber Essentials Scheme. It is mandatory for the Supplier, by the Framework Commencement Date, or at a later date when Cyber Essentials Data is received by the Supplier, to demonstrate that it meets the technical requirements prescribed by Cyber Essentials. This is in order to further reduce the levels of cyber security risks in its supply chain. The Cyber Essentials Scheme and the related Assurance Framework both indicate that there are two levels of protection in dealing with cyber security risks. These include a more basic level of assurance which is known as Cyber Essentials and a more advanced level of assurance known as Cyber Essentials Plus. With regard to the Services, the Supplier must demonstrate that it has achieved the level of assurance known as Cyber Essentials. The Supplier shall demonstrate this in one of the ways listed below: The Supplier has a current and valid Cyber Essentials certificate which has been awarded by one of the government approved Cyber Essentials accreditation bodies within the most recent 12 months; or The Supplier has not got a current and valid Cyber Essentials certificate which has been awarded by one of the government approved Cyber Essentials accreditation bodies but is working towards gaining it, and will confirm that it has been awarded a current and valid Cyber Essentials certificate by one of the government approved accreditation bodies by the Framework Commencement Date or a later date when Cyber Essentials Data is received by the Supplier; or The Supplier has not got a current and valid Cyber Essentials certificate which has been awarded by one of the government approved Cyber Essentials accreditation bodies, but can demonstrate (or, will be able to demonstrate by the Commencement Date of the Framework Agreement or a later date when Cyber Essentials Data are received by the Supplier) that its organisation meets the technical requirements prescribed by the Cyber Essentials Scheme as detailed in the following link: xxxxx://xxx.xxxxxxxxxxxxxxx.xxx/cyberessentials/files/requirements.pdf and that the Supplier can provide evidence of verification by a technically competent and independent third party (which has taken place within the most recent 12 months) that its organisation demonstrates compliance with Cyber Essentials technical requirements. The Supplier will be exempt from complying with the requirements at paragraph 9.1 where the Supplier conforms to the ISO27001 standard and the Cyber Essentials requirements have been included in th...

Cyber Essentials Scheme. The Cyber Essentials Scheme developed by the Government which provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats. Details of the Cyber Essentials Scheme can be found here: xxxxx://xxx.xxx.xx/government/publications/cyber- essentials-scheme-overview. Cyber Essentials Scheme Basic Certificate The certificate awarded on the basis of self-assessment, verified by an independent certification body, under the Cyber Essentials Scheme and is the basic level of assurance. Cyber Essentials Scheme Data Sensitive and personal information and other relevant information as referred to in the Cyber Essentials Scheme. Cyber Essentials Scheme Plus Certificate The certification awarded on the basis of external testing by an independent certification body of the Supplier’s cyber security approach under the Cyber Essentials Scheme and is a more advanced level of assurance. Data Controller Has the same meaning as set out in the Data Protection Act 1998. Data Processor Has the same meaning as set out in the Data Protection Act 1998. Data Protection Legislation or DPA The Data Protection Act 1998 and all applicable laws and regulations relating to processing of personal data and privacy, including any related guidance and codes of practice issued by the Information Commissioner or relevant Government departments. Data Subject Has the same meaning as set out in the Data Protection Act 1998. Data Subject Access Request A request made by a Data Subject in accordance with rights granted pursuant to the DPA to access his or her Personal Data Default Any breach of the Framework Agreement by the Supplier, for which the Supplier is liable to CCS. This includes, but is not limited to, breach of a fundamental term, omission, misrepresentation, negligence or negligent statement in in relation to this Framework Agreement or the subject matter of this Framework Agreement. DOTAS The Disclosure of Tax Avoidance Schemes rules which require a promoter of tax schemes to tell HMRC of any specified notifiable arrangements or proposals and to provide prescribed information on those arrangements or proposals within set time limits as contained in Part 7 of the Finance Act 2004 and in secondary legislation made under powers contained in Part 7 of the Finance Act 2004 and as extended to national insurance contributions by the National Insurance Contributions (Application of Part 7 of the Finance Act 2004) Regulation...

Cyber Essentials Scheme. 24.4.1 The Supplier shall ensure that all Sub-Contracts with Sub-Contractors who Process Cyber Essentials Data contain provisions no less onerous on the Sub- Contractors than those imposed on the Supplier under this Contract in respect of the Cyber Essentials Scheme under Clause 5.

Cyber Essentials Scheme. Where CCS has notified the Supplier that prior to the execution of the first Call Off Contract the Supplier shall provide a valid Cyber Essentials Scheme Basic Certificate, then on or prior to the execution of the first Call Off Contract, as a condition for the award of this Framework Agreement, the Supplier must have delivered to CCS evidence of the same. Where the Supplier continues to process Cyber Essentials Scheme Data during the Framework Period or the contract period of any Call Off Contract the Supplier shall deliver to CCS evidence of renewal of a valid Cyber Essentials Scheme Basic Certificate on each anniversary of the first applicable certificate obtained by the Supplier under Clause 9.1. Where the Supplier is due to process Cyber Essentials Scheme Data after the commencement date of the first Call Off Contract but before the end of the Framework Period or contact period of the last Call Off Contract, the Supplier shall deliver to CCS evidence of: a valid Cyber Essentials Scheme Basic Certificate (before the Supplier Processes any such Cyber Essentials Scheme Data); and renewal of a valid Cyber Essentials Scheme Basic Certificate on each anniversary of the first Cyber Essentials Scheme certificate obtained by the Supplier under Clause 9.3.1. In the event that the Supplier fails to comply with Clauses 9.2 or 9.3 (as applicable), CCS reserves the right to terminate this Framework Agreement for material Default.