Common use of Security of Information Clause in Contracts

Security of Information. 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party shall ensure that the implementation and management of security of the Disclosing Party’s Information: (a) reduces the risk of misuse of the other party’s systems and/or Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.

Security of Information. ‌ 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party shall ensure that the implementation and management of security of the Disclosing Party’s Information: (a) reduces the risk of misuse of the other party’s systems and/or Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.

Security of Information. 17.1 Neither party shall use the other party’s Information for any purpose other than the purpose for which it was provided and/or only to the extent necessary to enable each party to perform its obligations under this Agreement. 17.2 The Receiving Party shall take all steps reasonably necessary and consistent with its obligations under this Agreement to ensure that the Disclosing Party’s Information is protected, and in particular the Receiving Party shall: (a) identify to the Disclosing Party on the Commencement Date details of the Receiving Party’s Security Contact who shall act as a single point of contact for any security issues and the details for both parties Security Contacts shall be contained in the Customer Service Plan pursuant to clause 3; (b) record and maintain details of all personnel who are authorised to access, and use, the Disclosing Party’s Information; (c) ensure each member of their personnel who has access to the other Party’s Information receives appropriate security training in accordance with the requirements of this clause 17 and shall maintain the records of training; (d) ensure that all personnel who have access to the other Party’s Information maintain a clear-desk and a clear-screen policy to protect BT's Information; (e) ensure it has formal security incident management procedures with defined responsibilities and any information on the incident shall be treated as Confidential Information and the terms of clause 17 (Confidentiality) shall apply; (f) ensure it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and maintain processes to monitor such activities; (g) ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities; and (h) ensure any use of diagnostic tools is securely controlled. 17.3 The Customer shall ensure that BT's Information is logically separated in a secure manner from all other information created or maintained by the Customer. 17.4 The Receiving Party shall implement security measures across all supplied components, such that it safeguards the confidentiality, availability and integrity of the Disclosing Party’s Information. 17.5 The Receiving Party Customer shall provide BT with full documentation in relation to the implementation of logical security in relation to delivery of Services and shall ensure that the implementation and management of security of the Disclosing Party’s BT's Information: (a) reduces the risk of misuse of the other party’s systems BT Systems and/or BT's Information, which could potentially cause loss of revenue or service, by those individuals who are authorised to access it; and (b) detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained access and determination of how they obtained it. 17.6 The Receiving Party shall maintain processes which detect and record any attempted damage, amendment or unauthorised access to the Disclosing Party’s Information. 17.7 The Receiving Party shall implement a controlled exit procedure in respect of any person who had access to the Disclosing Party’s Information, and leave the employment of Receiving Party or are no longer engaged in connection with this Agreement. The controlled exit procedure shall include the return of the Information in the possession of the Receiving Party. 17.8 If the Receiving Party uses subcontractors, it shall procure that formal contracts containing all security requirements within this clause 17, to the extent they are relevant to the subcontractor, must be put in place between the Receiving Party and its subcontractor before the subcontractor can access the Disclosing Party’s Information. 17.9 If Access by Customer Personnel is via Customer Systems, the Customer shall comply with the provisions of Schedule 10. 17.10 The Receiving Party shall report to the Disclosing Party promptly when it becomes aware of: (a) any potential misuse of the Receiving Party’s Information or improper or unauthorised access to the Receiving Party’s Information; (b) any loss or corruption of the Receiving Party’s Information caused by the Disclosing Party’s negligence or its unauthorised use of or access to the Receiving Party’s Information.