Common use of Cyber Essentials Clause in Contracts

Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may terminate the Grant Agreement if Cyber Essentials Certification is not maintained on an annual basis. Information Security and Resilience The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. xxxxx://xxx.xxxxxxxx.xxxxx/uk/ or xxxxx://xxx.xxxxxxxxx.xxx/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: ISO27001 ISO31000 Under the Grant Agreement the Recipients are not being issued with NWS equipment or being provided with access to NWS systems. Furthermore the recipients are not undertaking work placements with NWS as part of this Grant Agreement. Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the NWS Information Asset Owner, where necessary in consultation with the NWS Chief Information Security Officer (CISO).

Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement this contract (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient you to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Bidders may not be excluded at the tender stage if they do not have Cyber Essentials accreditation providing the organisation is able to obtain accreditation within a period to be agreed with the Funder. Subject to the bidder not obtaining Cyber Essentials accreditation (or its equivalent) within the agreed timescale to the satisfaction of the Funder, then the Funder reserves the right to either not enter into or to terminate the contract. Once the contract has been awarded the Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may will maintain the right to either not enter into or terminate the Grant Agreement contract if Cyber Essentials Certification is not maintained on an annual basis. Information Security and Resilience The Funder seeks assurance that the Recipient bidding organisation provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement on this contract. If the Recipient proposes or its sub-contractors propose to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's RWM information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's RWM information may be hosted or Processed processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. xxxxx://xxx.xxxxxxxx.xxxxx/uk/ or xxxxx://xxx.xxxxxxxxx.xxx/en/ The Recipient shall demonstrate that all its personnel staff, including sub-contractors, are trained to recognise all forms of online fraud. The Recipient shall inform the Funder Recipients should identify whether it holds they hold the following or other equivalent certifications and accreditations: ISO27001 ISO31000 Under the Grant Agreement the Recipients are not being issued with NWS equipment or being provided with access to NWS systems. Furthermore the recipients are not undertaking work placements with NWS as part of this Grant Agreement. Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential RWM information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the NWS RWM Information Asset Owner, where necessary in consultation with the NWS RWM Chief Information Security Officer (CISO).

Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may terminate the Grant Agreement if Cyber Essentials Certification is not maintained on an annual basis. Information Security and Resilience The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. xxxxx://xxx.xxxxxxxx.xxxxx/uk/ or xxxxx://xxx.xxxxxxxxx.xxx/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: ISO27001 ISO31000 Under the Grant Agreement the Recipients are not being issued with NWS equipment or being provided with access to NWS systems. Furthermore the recipients are not undertaking work placements with NWS as part of this Grant Agreement. Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the NWS Funder’s Information Asset Owner, where necessary in consultation with the NWS Funder’s Chief Information Security Officer (CISO).

Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may terminate the Grant Agreement if Cyber Essentials Certification is not maintained on an annual basis. Information Security and Resilience The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. xxxxx://xxx.xxxxxxxx.xxxxx/uk/ or xxxxx://xxx.xxxxxxxxx.xxx/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: ISO27001 ISO31000 Under the Grant Agreement the Recipients are not being issued with NWS RWM equipment or being provided with access to NWS RWM systems. Furthermore the recipients are not undertaking work placements with NWS RWM as part of this Grant Agreement. Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the NWS RWM Information Asset Owner, where necessary in consultation with the NWS RWM Chief Information Security Officer (CISO).

Cyber Essentials. The Recipient will be required to ensure that any IT Network, part of an IT network, or IT equipment used for OFFICIAL information under the Grant Agreement (including any used by sub-contractors) is operated and maintained in accordance with the technical requirements prescribed under the Government’s Cyber Essentials Scheme. The level of verification required against this contract will be a minimum of Cyber Essentials. The Funder requires the Recipient to provide assurance that these technical requirements are being complied with. Assurance must be provided through verification by a technically competent, independent third party to a minimum level equivalent to Cyber Essentials. The Funder will maintain a right to audit the Recipient’s premises to assure that security standards are maintained. The Funder may terminate the Grant Agreement if Cyber Essentials Certification is not maintained on an annual basis. Information Security and Resilience The Funder seeks assurance that the Recipient provides an acceptable standard of leadership and governance, risk management, incident response and security by design in relation to information security. The Recipient shall provide a summary of these information security capabilities and key members of staff responsible for managing information security with respect to the Grant Agreement If the Recipient proposes to host or process data in a Cloud-based system or service, then the Recipient shall evidence how they have or will address all the NCSC cloud security principles outlined in: xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security?curPage=/collection/cloud-security/implementing-the-cloud-security-principles All data should be hosted and processed in the UK. Where the Recipient is unable to satisfy this requirement, then this must be identified in the Request for Research Proposal to enable the Funder to make a risk-based decision on the acceptability of a proposed solution where the Funder's information classified at OFFICIAL may be hosted and stored in the EEA. No Funder's information may be hosted or Processed outside the UK or EEA. The Recipient must ensure its employees and sub-contractors comply with SCP07 when wishing to travel abroad whilst carrying the Funder’s information and/or the Funder’s ICT equipment. The Recipient shall provide evidence that all IT systems to be used in the management and delivery of this CTS are routinely tested and patched for vulnerabilities. The Funder retains the right to request and receive copies of the most recent security reports for these systems, including penetration tests performed by a credible external security consultant e.g. xxxxx://xxx.xxxxxxxx.xxxxx/uk/ or xxxxx://xxx.xxxxxxxxx.xxx/en/ The Recipient shall demonstrate that all its personnel are trained to recognise all forms of online fraud. The Recipient shall inform the Funder whether it holds the following or other equivalent certifications and accreditations: ISO27001 ISO31000 Under the Grant Agreement the Recipients are not being issued with NWS equipment or being provided with access to NWS systems. Furthermore the recipients are not undertaking work placements with NWS as part of this Grant Agreement. Under the Grant Agreement, the Recipient shall not share any of the Funder's confidential information Confidential Information with PhD Students unless that information is already in the Public Domain or unless that information is approved for release into the Public Domain by the NWS RWM Information Asset Owner, where necessary in consultation with the NWS RWM Chief Information Security Officer (CISO).