Common use of Security of Information Clause in Contracts

Security of Information. 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party shall ensure that the implementation and management of security of the Disclosing Party’s Information: (a) reduces the risk of misuse of the other party’s systems and/or Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.

Security of Information. 17.1 14.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 14.2 The Receiving Party Customer shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s BT's Information is protected, and in particular the Receiving Party Customer shall: (a) 14.2.1 identify to the Disclosing Party BT on the Commencement Date details of the Receiving Party’s Customer Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3issues; (b) 14.2.2 record and maintain details of all personnel Customer Personnel who are authorised to access, and use, the Disclosing Party’s BT's Information; (c) 14.2.3 ensure each member of their personnel who has access to the other Party’s Information Customer Personnel receives appropriate security training in accordance with the requirements of this clause 17 14 and shall maintain the records of trainingtraining which shall be made available for audit by BT; (d) 14.2.4 ensure that all personnel who have access security requirements in this Agreement are communicated and published to the other Party’s Information all Customer Personnel in relation to their role; 14.2.5 ensure that all Customer Personnel maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) 14.2.6 ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) 14.2.7 ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) 14.2.8 ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications communicatio s facilities; and; (h) 14.2.9 ensure any use of diagnostic tools is securely controlled; 14.2.10 ensure that access to the Customer's audit tools are restricted to authorised Customer Personnel and their use monitored regularly; and 14.2.11 comply with the provisions of ISO 27001 or, if not so accredited, with the Information Security Guide. 17.3 14.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information infor ation created or maintained by the Customer. 17.4 14.4 The Receiving Party Customer shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s BT's Information. 17.5 14.5 The Receiving Party Customer shall provide BT with full documentation in relation to the implementation of logical security in relation to delivery of Services and shall ensure that the implementation and management of security of the Disclosing Party’s BT's Information: (a) 14.5.1 reduces the risk of misuse of the other party’s systems BT Systems and/or BT's Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) 14.5.2 detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 14.6 The Receiving Party Customer shall use physical and electronic security measures to protect BT's Information, or where Customer Systems provide access to any BT's Information, to prevent loss or corruption or unauthorised use of or access to BT's Information. The Customer shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s BT's Information. 17.7 14.7 The Receiving Party Customer shall implement a controlled exit procedure in respect of any person Customer Personnel who had access to the Disclosing Party’s BT's Information, and leave the employment of Receiving Party the Customer or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the BT's Information in the possession of the Receiving PartyCustomer Personnel. Such controlled exit procedure shall include a written communication by the Customer Security Contact to BT Security Contact of this removal. 17.8 14.8 If the Receiving Party Customer uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 1714, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party Customer and its subcontractor before the subcontractor can access the Disclosing Party’s BT's Information. 17.9 14.9 The Access made by any Customer Personnel shall be audited regularly, and reauthorisation of Access rights to BT's Information shall be carried out annually as a minimum. 14.10 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 14.11 The Receiving Party ustomer shall report to the Disclosing Party BT Security Contact promptly when it becomes aware of: (a) 14.11.1 any potential misuse of the Receiving Party’s BT's Information or improper or unauthorised access to the Receiving Party’s BT's Information; (b) 14.11.2 anything that may have a material adverse effect on the Customer's ability to perform its obligations under this Agreement, or is experiencing an incident of a severity where it is judged that it is possible that BT's business may be impacted; or 14.11.3 any loss or corruption of the Receiving Party’s BT's Information caused by the Disclosing Party’s Customer's negligence or its unauthorised use of or access to the Receiving Party’s BT's Information. 14.12 Upon request, the Customer shall promptly provide to BT a written report with details of the incident, a remedial plan and a timetable for achievement of the planned improvements and steps to be taken to avoid a re eat of the incident. If any audit or investigation reveals that there is a potential risk to the confidentiality, integrity or availability of BT's Information in the Customer's processes or Customer Systems, the Customer shall promptly correct any security risk in the Customer's processes or Customer Systems. If BT discovers that BT Information has not or is not being used in accordance with this Agreement, the Customer shall, upon request of BT, delete and procure that all third parties shall delete and/or destroy all such BT Information.

Security of Information. ‌ 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party shall ensure that the implementation and management of security of the Disclosing Party’s Information: (a) reduces the risk of misuse of the other party’s systems and/or Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.

Security of Information. 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party Customer shall provide BT with full documentation in relation to the implementation of logical security in relation to delivery of Services and shall ensure that the implementation and management of security of the Disclosing Party’s BT's Information: (a) reduces the risk of misuse of the other party’s systems BT Systems and/or BT's Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.