Common use of Principles of Security Clause in Contracts

Principles of Security. 2.1 The Supplier acknowledges that the Customer places great emphasis on the confidentiality, integrity and availability of information and consequently on the security provided by the ISMS. 2.2 The Supplier shall be responsible for the effective performance of the ISMS and shall at all times provide a level of security which: 2.2.1 is in accordance with Good Industry Practice, Law, Standards and this Contract; 2.2.2 complies with the Security Policy; 2.2.3 [complies with at least the minimum set of security measures and standards as determined by the Security Policy Framework (Tiers 1-4) available from the Cabinet Office Security Policy Division (COSPD)]; 2.2.4 meets any specific security threats to the ISMS; 2.2.5 complies with ISO/IEC 27001 and ISO/IEC27002 in accordance with paragraph 5 of this schedule; 2.2.6 complies with the Customer’s security requirements as set out in the Letter of Appointment; and 2.2.7 complies with the Customer’s ICT standards. 2.3 Without limiting Paragraph 2.2 above, the Supplier shall at all times ensure that the level of security employed in the provision of the Contract Services is appropriate to maintain the following at acceptable risk levels (to be defined by the Customer from time to time): 2.3.1 loss of integrity and confidentiality of Customer Confidential Information; 2.3.2 unauthorised access to, use or disclosure of, or interference with Customer Confidential Information by any person or organisation; 2.3.3 unauthorised access to network elements, buildings, the Sites and tools (including Equipment) used by the Supplier and any Sub-contractors in the provision of the Contract Services; 2.3.4 use of the Supplier System or Contract Services by any third party in order to gain unauthorised access to any computer resource or Customer Data; and 2.3.5 loss of availability of Customer Confidential Information due to any failure or compromise of the Contract Services. 2.4 Subject to Clause 6A.3 the references to standards, guidance and policies set out in paragraph 2.2 shall be deemed to be references to such items as developed and updated and to any successor to or replacement for such standards, guidance and policies, from time to time. 2.5 In the event of any inconsistency in the provisions of the above standards, guidance and policies, the Supplier should notify the Customer's Representative of such inconsistency immediately upon becoming aware of the same, and the Customer's Representative shall, as soon as practicable, advise the Supplier which provision the Supplier shall be required to comply with.

Principles of Security. 2.1 The Supplier acknowledges that the Customer places great emphasis on the confidentiality, integrity and availability of information and consequently on the security provided by the ISMS. 2.2 The Supplier shall be responsible for the effective performance of the ISMS and shall at all times provide a level of security which: 2.2.1 is in accordance with Good Industry Practice, Law, Standards and this Contract; 2.2.2 complies with the Security Policy; 2.2.3 [complies with at least the minimum set of security measures and standards as determined by the Security Policy Framework (Tiers 1-4) available from the Cabinet Office Security Policy Division (COSPD)]; 2.2.4 meets any specific security threats to the ISMS; 2.2.5 complies with ISO/IEC 27001 and ISO/IEC27002 in accordance with paragraph 5 of this schedule; 2.2.6 complies with the Customer’s security requirements as set out in the Letter of Appointment; and 2.2.7 complies with the Customer’s ICT standards. 2.3 Without limiting Paragraph 2.2 above, the Supplier shall at all times ensure that the level of security employed in the provision of the Contract Services is appropriate to maintain the following at acceptable risk levels (to be defined by the Customer from time to time): 2.3.1 loss of integrity and confidentiality of Customer Confidential Information; 2.3.2 unauthorised access to, use or disclosure of, or interference with Customer Confidential Information by any person or organisation; 2.3.3 unauthorised access to network elements, buildings, the Sites and tools (including Equipment) used by the Supplier and any Sub-Sub- contractors in the provision of the Contract Services; 2.3.4 use of the Supplier System or Contract Services by any third party in order to gain unauthorised access to any computer resource or Customer Data; and 2.3.5 loss of availability of Customer Confidential Information due to any failure or compromise of the Contract Services. 2.4 Subject to Clause 6A.3 the references to standards, guidance and policies set out in paragraph 2.2 shall be deemed to be references to such items as developed and updated and to any successor to or replacement for such standards, guidance and policies, from time to time. 2.5 In the event of any inconsistency in the provisions of the above standards, guidance and policies, the Supplier should notify the Customer's Representative of such inconsistency immediately upon becoming aware of the same, and the Customer's Representative shall, as soon as practicable, advise the Supplier which provision the Supplier shall be required to comply with.

Principles of Security. 2.1 The Supplier acknowledges that the Customer places great emphasis on the confidentiality, integrity and availability of information and consequently on the security provided by the ISMS. 2.2 The Supplier shall be responsible for the effective performance of the ISMS and shall at all times provide a level of security which: 2.2.1 is in accordance with Good Industry Practice, Law, Standards and this Contract; 2.2.2 complies with the Security Policy; 2.2.3 [complies with at least the minimum set of security measures and standards as determined by the Security Policy Framework (Tiers 1-4) available from the Cabinet Office Security Policy Division (COSPD)]; 2.2.4 meets any specific security threats to the ISMS; 2.2.5 complies with ISO/IEC 27001 and ISO/IEC27002 in accordance with paragraph 5 of this schedule; 2.2.6 complies with the Customer’s security requirements as set out in the Letter of Appointment; and 2.2.7 complies with the Customer’s ICT standards. 2.3 Without limiting Paragraph 2.2 above, the Supplier shall at all times ensure that the level of security employed in the provision of the Contract Services is appropriate to maintain the following at acceptable risk levels (to be defined by the Customer from time to time): 2.3.1 loss of integrity and confidentiality of Customer Confidential Information; 2.3.2 unauthorised access to, use or disclosure of, or interference with Customer Confidential Information by any person or organisation; 2.3.3 unauthorised access to network elements, buildings, the Sites and tools (including Equipment) used by the Supplier and any Sub-contractors in the provision of the Contract Services; 2.3.4 use of the Supplier System or Contract Services by any third party in order to gain unauthorised access to any computer resource or Customer Data; and 2.3.5 loss of availability of Customer Confidential Information due to any failure or compromise of the Contract Services. . 2.4 Subject to Clause 6A.3 the references to standards, guidance and policies set out in paragraph 2.2 shall be deemed to be references to such items as developed and updated and to any successor to or replacement for such standards, guidance and policies, from time to time. 2.5 In the event of any inconsistency in the provisions of the above standards, guidance and policies, the Supplier should notify the Customer's Representative of such inconsistency immediately upon becoming aware of the same, and the Customer's Representative shall, as soon as practicable, advise the Supplier which provision the Supplier shall be required to comply with.