Common use of Information Security Policy Clause in Contracts

Information Security Policy. 1.1 The Applicant shall implement and maintain a written information security policy that specifies the technical and organisational measures it shall apply to protect the Materials it processes in accordance with this MTA against unauthorised access and/or unlawful processing. The information security policy shall also describe the measures to be taken in the event of an actual or suspected data security breach. 1.2 The Applicant shall appoint a duly skilled individual with responsibility for ensuring the security of the Materials processed by the Applicant in its organisation and for reviewing, maintaining and updating the Applicant’s information security policy. 1.3 The Applicant shall ensure authorised individuals who have access to the Materials are aware of their responsibilities for any data they handle, including appropriate training in order to fulfil their roles. 1.4 The information security policy shall also set out that: 1.4.1 information should be stored in an environment suited to its format and sensitivity, to ensure its preservation from physical harm or degradation and its security from unauthorised access; 1.4.2 data storage devices are appropriately protected and access controlled; and 1.4.3 servers, client devices and applications used for storing, accessing and analysing UK Biobank Materials are appropriately maintained with operating systems, firmware, and software within vendor supported versions where exceptions are documented with mitigations described.

Information Security Policy. 1.1 The Applicant Collaborator shall implement and maintain a written information security policy that specifies the technical and organisational measures it shall apply to protect the Materials it processes in accordance with this MTA against unauthorised access and/or unlawful processing. The information security policy shall also describe the measures to be taken in the event of an actual or suspected data security breach. 1.2 The Applicant Collaborator shall appoint a duly skilled individual with responsibility for ensuring the security of the Materials processed by the Applicant Collaborator in its organisation and for reviewing, maintaining and updating the ApplicantCollaborator’s information security policy. 1.3 The Applicant Collaborator shall ensure authorised individuals who have access to the Materials are aware of their responsibilities for any data they handle, including appropriate training in order to fulfil their roles. 1.4 The information security policy shall also set out that: 1.4.1 information should be stored in an environment suited to its format and sensitivity, to ensure its preservation from physical harm or degradation and its security from unauthorised access; 1.4.2 data storage devices are appropriately protected and access controlled; and 1.4.3 servers, client devices and applications used for storing, accessing and analysing UK Biobank Materials are appropriately maintained with operating systems, firmware, and software within vendor supported versions where exceptions are documented with mitigations described.