Monitoring and Continuous Improvement. The Contractor shall review its Information Security Program (including its Risk Assessment, Physical Security Measures and Technical Security Measures) (i) at least quarterly, or (ii) whenever there is a change in its business practices or the design, build, deployment, operation, or maintenance of the NEPP System that implicates the security or integrity of Sensitive Assets embodied in or related to the NEPP System. The Contractor shall update its Information Security Program (including its Risk Assessment, Physical Security Measures and Technical Security Measures) regularly to ensure that the Information Security Program is operating in a manner calculated to prevent unauthorized access to or unauthorized use of Sensitive Assets.
Monitoring and Continuous Improvement. The SI shall review its Information Security Program at least quarterly, or whenever there is a change in its business practices or the design, build, deployment, operation or maintenance of the NFPS that implicates the security or integrity of: (i) the NFPS; (ii) NFPS Security-Sensitive SI Resources; or (iii) MTA Group Confidential Information embodied in or related to the NFPS. The SI shall update its Information Security Program regularly to ensure that the Information Security Program is operating in a manner calculated to prevent unauthorized access to or unauthorized use of MTA Group Confidential Information or the NFPS.
Monitoring and Continuous Improvement. 16.1 This policy will be reviewed every 3 years – unless legislation, business or sector developments require otherwise – to ensure that it continues to meet the stated objectives and take account of good practice developments.
