Security and Cyber Security Sample Clauses
Security and Cyber Security. 25.1. The Contactor must comply with the Authority’s policies concerning Baseline Personnel Security Standard clearance and such modifications to those policies or replacement policies as are notified to the Contractor from time to time.
25.2. The Contractor must notify the Authority of any matter or other change in circumstances which might adversely affect future Baseline Personnel Security Standard clearance.
25.3. Specifically to Lot 2 of this agreement, Document Management, throughout the Term the Infrastructure Provider must maintain Cyber Essentials Plus certification, or equivalent standard, and provide evidence of this to the Authority when requested.
25.4. If the Infrastructure Provider does not have Cyber Essentials Plus Certification, or equivalent standard, at the Effective Date, it shall (at its own cost) obtain Cyber Essentials Plus Certification or equivalent prior to any contract signing. Failing which the Authority may give notice to terminate this Agreement without penalty.
Security and Cyber Security. (a) The Contractor is responsible for the security of Personnel and must ensure that both the Contractor and its Personnel comply with this clause 10.13.
(b) If the Contractor is required to access or otherwise gains access to official information or security classified information, it agrees to comply and manage its system in accordance with all relevant security requirements specified in the Commonwealth Protective Security Policy Framework.
(c) The Contractor must take reasonable and prudent steps consistent with good industry practice to reduce the risk of a Security Incident or Cyber Attack on the Contractor’s information technology systems that accesses, transmits or stores any DFAT Confidential Information or any other data connected with this Contract, including but not limited to, Contract Material, or Personal Information.
(d) At DFAT’s request in a notice, the Contractor must provide details of the Contractor’s security measures in place to reduce the risk of a Security Incident or Cyber Attack on the Contractor’s information technology systems.
(e) If the Contractor becomes aware of a Security Incident or Cyber Attack on the Contractor’s information technology systems, the Contractor must immediately notify:
(i) DFAT (and, if this notification is not done by notice, by notice within one (1) business day); and
(ii) if required by DFAT, advise the Australian Cyber Security Centre (ACSC)
(f) The Contractor must:
(i) notify DFAT immediately on becoming aware of any security incident, Cyber Security Incident or security breach and comply with all DFAT directions to rectify the security issue, which may include notifying the Australian Cyber Security Centre or any other relevant body; and
(ii) participate in security reviews of its procedures at least annually as requested by DFAT and participate in any security audit in relation to the Contract, providing full co- operation to DFAT or its independent auditors, including the Australian National Audit Office.