Common use of Security Organization Clause in Contracts

Security Organization. The Contractor’s security organization is governed and overseen by Contractor’s senior leadership; Contractor’s security organization includes representation from across Contractor’s organization with defined roles and responsibilities; Contractor has clearly defined information security responsibilities; Contractor has confidentiality or non-disclosure agreements in place with the appropriate external entities; Contractor’s management and implementation of information security (i.e. control objectives, controls, policies, processes, and procedures for information security) are reviewed independently at planned intervals, or when significant changes to the implementation of information security occur; and Contractor’s agreements with third parties involving accessing, processing, communicating or managing the Contractor’s information or information processing facilities, cover all relevant security requirements. Asset Management: Contractor has identified, inventoried, assigned ownership and established rules for acceptable use for information and associated assets; and Contractor has a process in place to classify information in terms of its value, legal requirements, sensitivity and criticality to Contractor.

Security Organization. The Contractor’s security organization is governed and overseen by Contractor’s senior leadership; Contractor’s security organization includes representation from across Contractor’s organization with defined roles and responsibilities; Contractor has clearly defined information security responsibilities; Contractor has confidentiality or non-disclosure agreements in place with the appropriate external entities; Contractor’s management and implementation of information security (i.e. i.e., control objectives, controls, policies, processes, and procedures for information security) are reviewed independently at planned intervals, or when significant changes to the implementation of information security occur; and Contractor’s agreements with third parties involving accessing, processing, communicating communicating, or managing the Contractor’s information or information processing facilities, cover all relevant security requirements. Asset Management: Contractor has identified, inventoried, assigned ownership ownership, and established rules for acceptable use for information and associated assets; and Contractor has a process in place to classify information in terms of its value, legal requirements, sensitivity sensitivity, and criticality to Contractor.