Information Security Policy. (a) The Accredited Body must develop, document and maintain an Information Security Policy (Policy) that clearly describes how it protects information. (b) The Policy should be supported by the Accredited Body’s senior management and be structured to include any legal framework relevant to the Policy, such as the Australian Crime Commission Act 2002 (Cth) and this Agreement. (c) The Policy must include adequate details on how it is enforced through physical, technical and administrative controls, including details on: (i) the type or class of information that the Policy applies; (ii) information security roles and responsibilities relating to the Service; (iii) security clearance requirements and its Personnel’s responsibilities; (iv) configuration and change control; (v) technical access controls; (vi) staff training; (vii) networking and connections to other systems; (viii) physical security (including media security); and (ix) incident management. (d) The Accredited Body’s privacy policy must reference the Policy, in terms of how the Applicant’s Personal Information is held (as per APP 1.4(b)).
Appears in 4 contracts
Samples: Agreement for Controlled Access by Duly Accredited Bodies to Nationally Coordinated Criminal History Checks, Agreement for Controlled Access by Duly Accredited Bodies to Nationally Coordinated Criminal History Checks, Agreement for Controlled Access by Duly Accredited Bodies to Nationally Coordinated Criminal History Checks
Information Security Policy. (a) The Accredited Body Legal Entity Customer must develop, document and maintain an Information Security Policy (Policy) that clearly describes how it protects information.
(b) The Policy should be supported by the Accredited BodyCustomer’s senior management and be structured to include any legal framework relevant to the Policy, such as the Australian Crime Commission Act 2002 (Cth) and this AgreementContract.
(c) The Policy must include adequate details on how it is enforced through physical, technical and administrative controls, including details on:
(i) the type or class of information that the Policy applies;
(ii) information security roles and responsibilities relating to the Service;
(iii) security clearance requirements and its Personnel’s responsibilities;
(iv) configuration and change control;
(v) technical access controls;
(vi) staff training;
(vii) networking and connections to other systems;
(viii) physical security (including media security); and
(ix) incident management.
(d) The Accredited BodyLegal Entity Customer’s privacy policy must reference the Policy, in terms of how the Applicant’s Personal Information is held (as per APP 1.4(b)).
Appears in 1 contract
Samples: Contract for the Provision of Criminal History Check Information
