Independent Review of Information Security. Supplier shall review at least annually, or when significant changes to the security implementation occur, Supplier's approach to managing information security and its control objectives, controls, policies, processes, and procedures. The review shall include an assessment of Supplier's adherence to its security plan, address the need for changes to the approach to security in light of evolving circumstances, and be carried out by individuals independent of the area under review who have the appropriate skills and experience.
Appears in 3 contracts
Samples: Purchase Order Terms, Purchase Order Terms, Participation Agreement
Independent Review of Information Security. Supplier shall review at least annually, or which may also include when significant changes to the security implementation occur, Supplier's approach to managing information security and its control objectives, controls, policies, processes, and procedures. The review shall include an assessment of Supplier's adherence to its security plan, address the need for changes to the approach to security in light of evolving circumstances, circumstances and be carried out by individuals individuals, independent of the area under review review, who have the appropriate skills and experience.
Appears in 1 contract
Samples: Participation Agreement
