Common use of Principles of Security Clause in Contracts

Principles of Security. 2.1 The Contractor acknowledges that the Authority places great emphasis on confidentiality, integrity and availability of information and consequently on the security of the Premises and the security for the Contractor System. The Contractor also acknowledges the confidentiality of the Authority's Data. 2.2 The Contractor shall be responsible for the security of the Contractor System and shall at all times provide a level of security which; a) is in accordance with Good Industry Practice and Law; b) complies with the Security Policy; c) meets any specific security threats to the Contractor System; and d) complies with ISO/IEC27002 and ISO/IEC27001 in accordance with paragraph 5 of this Schedule. 2.3 Without limiting paragraph 2.2, the Contractor shall at all times ensure that the level of security employed in the provision of the Services is appropriate to minimise the following risks: a) loss of integrity of Authority Data; b) loss of confidentiality of Authority Data; c) unauthorised access to, use of, or interference with Authority Data by any person or organisation; d) unauthorised access to network elements and buildings; e) use of the Contractor System or Services by any third party in order to gain unauthorised access to any computer resource or Authority Data; and f) loss of availability of Authority Data due to any failure or compromise of the Services.

Principles of Security. 2.1 The Contractor Provider acknowledges that the Authority places great emphasis on confidentiality, integrity and availability of information and consequently on the security of the Premises and the security for the Contractor Provider System. The Contractor Provider also acknowledges the confidentiality of the Authority's Data. 2.2 The Contractor Provider shall be responsible for the security of the Contractor Provider System and shall at all times provide a level of security which; a) is in accordance with Good Industry Practice and Law; b) complies with the Security Policy; c) meets any specific security threats to the Contractor Provider System; and d) complies with ISO/IEC27002 and ISO/IEC27001 in accordance with paragraph 5 of this Schedule. 2.3 Without limiting paragraph 2.2, the Contractor Provider shall at all times ensure that the level of security employed in the provision of the Services is appropriate to minimise the following risks: a) loss of integrity of Authority Data; b) loss of confidentiality of Authority Data; c) unauthorised access to, use of, or interference with Authority Data by any person or organisation; d) unauthorised access to network elements and buildings; e) use of the Contractor Provider System or Services by any third party in order to gain unauthorised access to any computer resource or Authority Data; and f) loss of availability of Authority Data due to any failure or compromise of the Services.

Principles of Security. 2.1 a) The Contractor acknowledges that the Authority places great emphasis on confidentiality, integrity and availability of information and consequently on the security of the Premises Authority‟s premises and the security for the Contractor SystemContractor‟s ICT system. The Contractor also acknowledges the confidentiality of the Authority's Authority‟s Data. 2.2 b) The Contractor shall be responsible for the security of the Contractor System Contractor‟s ICT system and shall at all times provide a level of security which; a) : o is in accordance with Good Industry Practice and Law; b) ; o complies with the Security Policy; c) ; o meets any specific security threats to the Contractor SystemContractor‟s ICT system; and d) and o complies with ISO/IEC27002 and ISO/IEC27001 in accordance with paragraph 5 of this Schedule.section V. 2.3 c) Without limiting paragraph 2.2b above, the Contractor shall at all times ensure that the level of security employed in the provision of the Services is appropriate to minimise maintain the following risks: a) at acceptable risk levels (to be defined by the Authority):  loss of integrity of Authority the Authority‟s Data; b) ;  loss of confidentiality of Authority the Authority‟s Data; c) ;  unauthorised access to, use of, or interference with Authority the Authority‟s Data by any person or organisation; d) ;  unauthorised access to network elements elements, buildings, [the Authority‟s premises,] and buildings; e) tools used by the Contractor in the provision of the Services;  use of the Contractor System Contractor‟s ICT system or Services by any third party in order to gain unauthorised access to any computer resource or Authority the Authority‟s Data; and f) and  loss of availability of Authority the Authority‟s Data due to any failure or compromise of the Services.